CN112954688A

CN112954688A - Communication identifier verification method, server and core network equipment

Info

Publication number: CN112954688A
Application number: CN202110156889.2A
Authority: CN
Inventors: 肖征荣; 白琳; 邢建兵; 田新雪; 张丽云
Original assignee: China United Network Communications Group Co Ltd
Current assignee: China United Network Communications Group Co Ltd
Priority date: 2021-02-04
Filing date: 2021-02-04
Publication date: 2021-06-11
Anticipated expiration: 2041-02-04
Also published as: CN112954688B

Abstract

The application discloses a communication identifier verification method, a server and core network equipment, and relates to the technical field of communication. The communication identification verification method comprises the following steps: acquiring communication verification information of the core network equipment to the off-hook terminal, social security verification information and financial verification information corresponding to the off-hook terminal; determining whether the corresponding communication identifier of the unhook terminal is stolen or not according to the communication verification information, the social security verification information and the financial verification information; and limiting the use permission of the off-hook terminal under the condition that the communication identifier is determined to be stolen. The leakage of user information and the loss of user property caused by the leakage of identity information are avoided, the safety of the user information and the property is guaranteed, and the user experience degree is improved.

Description

Communication identifier verification method, server and core network equipment

Technical Field

The present application relates to the field of communications technologies, and in particular, to a method for verifying a communication identifier, a server, and a core network device.

Background

At present, an intelligent terminal (e.g., a smart phone, etc.) used by a user mostly has a network payment function, and the user can also bind own identity information with the intelligent terminal, so that the user can conveniently perform identity authentication on the user when the user uses the intelligent terminal to perform network payment.

However, if the smart phone of the user is stolen or lost, and the business hall of the operator is just in an off-business state (for example, the business hall goes off duty), the user cannot supplement the card in time; if the user adopts the calling mode to carry out loss reporting processing on the mobile phone number, the third party can still carry out the loss reporting processing on the mobile phone number in the calling mode, so that the mobile phone number of the user is still in the state of being stolen, the third party can use the intelligent mobile phone for a long time to carry out financial behaviors such as network payment or account transfer and the like, property loss of the stolen user is caused, and identity information of the user is easy to leak.

Disclosure of Invention

Therefore, the application provides a communication identifier verification method, a server and core network equipment, and solves the problem of how to verify whether the communication identifier is stolen and how to reduce user loss under the condition of stealing.

In order to achieve the above object, a first aspect of the present application provides a method for verifying a communication identifier, the method including: acquiring communication verification information of the core network equipment to the off-hook terminal, social security verification information and financial verification information corresponding to the off-hook terminal; determining whether the corresponding communication identifier of the unhook terminal is stolen or not according to the communication verification information, the social security verification information and the financial verification information; and limiting the use permission of the off-hook terminal under the condition that the communication identifier is determined to be stolen.

In some implementations, the communication verification information includes a record verification result and an identifier verification result, the record verification result is a result determined by the core network device according to the communication information of the off-hook terminal and historical communication record information of the off-hook terminal fed back by the operator node, the identifier verification result is a result determined by the core network device according to the device identifier of the off-hook terminal and the device identifier of the historical terminal, and the communication identifier corresponding to the off-hook terminal is the same as the communication identifier corresponding to the historical terminal.

In some implementations, determining whether a corresponding communication identifier of the disconnect terminal is stolen according to the communication verification information, the social security verification information, and the financial verification information includes: judging whether a communication identifier corresponding to the unhook terminal logs in a social security platform or not according to the social security verification information, and acquiring identity card information corresponding to the communication identifier to obtain a first judgment result; judging whether the communication identifier corresponding to the off-hook terminal carries out financial transaction or not according to the financial verification information to obtain a second judgment result; determining whether the historical communication record information comprises communication information of the off-hook terminal or not according to the record verification result, and obtaining a third judgment result; determining whether the equipment identifier of the off-hook terminal is the same as the equipment identifier of the historical terminal according to the identifier verification result to obtain a fourth judgment result; and determining whether the corresponding communication identifier of the off-hook terminal is stolen or not according to any one or more of the first judgment result, the second judgment result, the third judgment result and the fourth judgment result.

In some implementations, in the case that it is determined that the communication identifier is stolen, limiting the right of use of the unlinking terminal includes: under the condition that the communication identifier is determined to be stolen, generating an identifier, which is used for stealing the corresponding communication identifier of the off-hook terminal; acquiring registered user information corresponding to the off-hook terminal; and generating and sending a freezing message to the block chain network according to the registered user information and the stolen identifier so as to freeze an account corresponding to the communication identifier by each financial node in the block chain network.

In some specific implementations, after limiting the usage right of the suspend terminal when it is determined that the communication identifier is stolen, the method further includes: acquiring living body verification information of a user of the off-hook terminal, wherein the living body verification information comprises any one or more of video information, voice information and fingerprint information of the user; and verifying the user according to the living body verification information, and determining whether the use authority of the off-hook terminal is recovered.

In order to achieve the above object, a second aspect of the present application provides a method for verifying a communication identifier, the method including: determining a record verification result according to the acquired communication information of the off-hook terminal and historical communication record information of the off-hook terminal fed back by the operator node; determining an identification verification result according to the equipment identification of the off-hook terminal, the communication identification corresponding to the off-hook terminal and preset database information; and generating and sending communication verification information to the block chain network according to the record verification result and the identification verification result so that the user number security assurance node obtains the communication verification information, determining whether the communication identification corresponding to the off-hook terminal is stolen or not according to the communication verification information, the social security verification information of the off-hook terminal and the financial verification information, and limiting the use permission of the off-hook terminal under the condition of determining that the communication identification is stolen.

In some specific implementations, determining a record verification result according to the acquired communication information of the off-hook terminal and the historical communication record information of the off-hook terminal fed back by the operator node includes: comparing the communication information of the unhooking terminal with the historical communication record information, and determining a record verification result; the record verification result comprises that the historical communication record information comprises the communication information of the off-hook terminal, or the historical communication record information does not comprise the communication information of the off-hook terminal.

In some specific implementations, before determining the record verification result according to the acquired communication information of the off-hook terminal and the historical communication record information of the off-hook terminal fed back by the operator node, the method further includes: acquiring communication information of the off-hook terminal; the communication information of the off-hook terminal comprises any one or more of call records, short message records and address book information of the off-hook terminal.

In some specific implementations, determining an identifier verification result according to the device identifier of the detach terminal, the communication identifier corresponding to the detach terminal, and the preset database information includes: inquiring preset database information according to the communication identifier corresponding to the off-hook terminal to obtain the equipment identifier of the historical terminal corresponding to the communication identifier; comparing the equipment identification of the off-hook terminal with the equipment identification of the historical terminal to determine an identification verification result; the identification verification result comprises that the equipment identification of the off-hook terminal is the same as the equipment identification of the historical terminal, or the equipment identification of the off-hook terminal is different from the equipment identification of the historical terminal.

In order to achieve the above object, a third aspect of the present application provides a subscriber number security node server, including: the first acquisition module is used for acquiring communication verification information of the core network equipment to the off-hook terminal, social security verification information corresponding to the off-hook terminal and financial verification information; the judging module is used for determining whether the corresponding communication identifier of the unhook terminal is stolen or not according to the communication verification information, the social security verification information and the financial verification information; and the limiting module is used for limiting the use permission of the off-hook terminal under the condition that the communication identifier is determined to be stolen.

In order to achieve the above object, a fourth aspect of the present application provides a core network device, including: the record verification module is used for determining a record verification result according to the acquired communication information of the off-hook terminal and the historical communication record information of the off-hook terminal fed back by the operator node; the identification verification module is used for determining an identification verification result according to the equipment identification of the off-hook terminal, the communication identification corresponding to the off-hook terminal and preset database information; and the processing module is used for generating and sending communication verification information to the block chain network according to the record verification result and the identification verification result so as to enable the user number security assurance node to obtain the communication verification information, determining whether the communication identification corresponding to the off-hook terminal is stolen according to the communication verification information, the social security verification information of the off-hook terminal and the financial verification information, and limiting the use permission of the off-hook terminal under the condition of determining that the communication identification is stolen.

According to the verification method of the communication identifier, the server and the core network device, the information security of the off-hook terminal can be determined by acquiring the communication verification information of the off-hook terminal by the core network device, the social security verification information corresponding to the off-hook terminal and the financial verification information; determining whether the corresponding communication identifier of the off-hook terminal is stolen or not according to the communication verification information, the social security verification information and the financial verification information, and judging whether the communication identifier is stolen by other people or not so as to determine whether the off-hook terminal is in a safe state or not; under the condition that the communication identifier is determined to be stolen, the use permission of the unlinking terminal is limited, leakage of user information and loss of user property caused by leakage of identity information are avoided, safety of the user information and property is guaranteed, and user experience is improved.

Drawings

The accompanying drawings are included to provide a further understanding of the embodiments of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the principles of the application. The above and other features and advantages will become more apparent to those skilled in the art by describing in detail exemplary embodiments thereof with reference to the attached drawings, in which:

fig. 1 shows a flowchart of a method for verifying a communication identifier in an embodiment of the present application.

Fig. 2 is a flowchart illustrating a method for verifying a communication identifier in another embodiment of the present application.

Fig. 3 is a flowchart illustrating a method for verifying a communication identifier according to still another embodiment of the present application.

Fig. 4 shows a block diagram of a user number security node server in the embodiment of the present application.

Fig. 5 shows a block diagram of the core network device in the embodiment of the present application.

Fig. 6 is a block diagram showing components of a communication identifier verification system in the embodiment of the present application.

Fig. 7 is a flowchart illustrating an operating method of a communication identifier verification system in an embodiment of the present application.

In the drawings:

401: the first obtaining module 402: judging module

403: the limiting module 501: record verification module

502: the identification verification module 503: processing module

601: the user number security node server 602: hang-off terminal

603: loss reporting terminal

604: social security node server 605: bank supervision node server

606: the network loan platform supervision node server 607: core network device

609: one-number multi-terminal management node server

608: operator short message node server 610: user behavior analysis node server

611: operator server

Detailed Description

The following detailed description of embodiments of the present application will be made with reference to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present application, are given by way of illustration and explanation only, and are not intended to limit the present application. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present application by illustrating examples thereof.

In the technical solution according to the present application, the acquisition of the personal information data of the user complies with the relevant national laws and regulations (e.g., "information security technology personal information security regulations"). Moreover, the information acquisition mode is that the user is explicitly informed, and a legal way is passed; the type of the obtained information is directly related to the service function of the product or service, and the obtained information is collected with the lowest frequency and the minimum quantity; collecting personal information without violating the autonomous will of the personal information subject; obtaining authorization approval when collecting personal information; when the personal information is obtained indirectly, or a data set is disclosed for a network, or obtained in other ways, and the specification requirement of obtaining the indirect personal information is met.

In the technical solution according to the present application, the storage of the user personal information data complies with the relevant national laws and regulations (e.g., "information security technology personal information security regulations"). If the technical scheme involves some specific operations as follows, the following corresponding processing modes can be further selected: personal information storage time is minimized; the personal information has been subjected to a de-identification process; encrypting and storing the personal sensitive information; the personal biological information and the personal identity information are stored separately; the original personal biometric information is not stored, such as only the digest information is stored, or only used, or deleted after use.

The technical scheme is characterized in that the use of the user data follows the relevant national laws and regulations (such as personal information safety regulations of information safety technology). Such as: the personal information access control takes corresponding prescribed measures; the display of personal information gives regulatory restrictions; the personal information use purpose is not beyond the direct or reasonable association range; and when the personal information is used, the definite identity directivity is eliminated, and the specific individual is prevented from being accurately positioned.

To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

Fig. 1 shows a flowchart of a method for verifying a communication identifier in an embodiment of the present application. The communication identifier verification method can be applied to a user number security guarantee node server. As shown in fig. 1, the method for verifying the communication identifier includes the following steps:

step S101, communication verification information of the core network equipment to the off-hook terminal, social security verification information corresponding to the off-hook terminal and financial verification information are obtained.

The communication verification information comprises a recording verification result and an identification verification result, the recording verification result is a result determined by the core network device according to the communication information of the off-hook terminal and historical communication record information of the off-hook terminal fed back by the operator node, the identification verification result is a result determined by the core network device according to the device identification of the off-hook terminal and the device identification of the historical terminal, and the communication identification corresponding to the off-hook terminal is the same as the communication identification corresponding to the historical terminal.

The social security verification information is determined by the social security node server searching the social security database through the communication identifier corresponding to the unlinking terminal, and for example, the social security verification information includes information such as whether the communication identifier logs in the social security node server, whether the communication identifier obtains user identity information corresponding to the communication identifier, and operation time. The social security verification information is only illustrated, and may be specifically set according to actual needs, and other social security verification information not illustrated is also within the protection scope of the present application, and is not described herein again.

The financial verification information is determined by the bank monitoring node server and/or the network credit platform monitoring node server searching the corresponding database through the communication identifier corresponding to the unlinking terminal. For example, the financial verification information includes: the bank supervision node server searches a bank database through the communication identifier corresponding to the unlinking terminal, and determines whether the communication identifier logs in a bank system and carries out financial transaction (for example, financial operation information such as login, registration, card binding, account transfer and the like) information, time information corresponding to the information carrying out the financial transaction and the like. The financial verification information may further include: the network loan platform supervision node server searches a network loan database through the communication identifier corresponding to the unlinking terminal, and determines whether the communication identifier is subjected to network loan operation, network loan operation information (such as information of operations of login, registration, loan and the like) during network loan operation, time information corresponding to the performed network loan operation information and the like. The financial verification information is only illustrated, and may be specifically set according to actual needs, and other financial verification information that is not illustrated is also within the protection scope of the present application, and is not described herein again.

It should be noted that, the first-number multi-terminal management node, the security node server, the bank supervision node server and the network credit platform supervision node server all perform inquiry, confirmation and verification on the communication identifier under the condition of obtaining the authorization and approval of the user. The obtained information type is directly related to the business function of the product or the service, the obtained information is collected with the lowest frequency and the minimum quantity, and the collected personal information does not violate the independent intention of a personal information main body.

And step S102, determining whether the corresponding communication identifier of the unhook terminal is stolen or not according to the communication verification information, the social security verification information and the financial verification information.

In the process of determining whether the communication identifier corresponding to the unlinking terminal is stolen, any one or more of communication verification information, social security verification information and financial verification information can be used to ensure the safety of the communication identifier.

The first judgment result comprises that the communication identifier logs in the social security platform and obtains identity card information and login time corresponding to the communication identifier; or the communication identifier is not logged in the social security platform. The second judgment result comprises the information that the communication identifier carries out financial transaction (for example, information of operations such as login, registration, card binding, transfer, loan and the like) and financial transaction time information; or, the communication identifies that no financial transaction has been conducted. The third judgment result includes: the historical communication record information comprises communication information of the off-hook terminal, or the historical communication record information does not comprise the communication information of the off-hook terminal; the fourth judgment result comprises that the equipment identifier of the off-hook terminal is the same as the equipment identifier of the historical terminal, or the equipment identifier of the off-hook terminal is different from the equipment identifier of the historical terminal. The historical communication record information is communication information of the off-hook terminal acquired by the operator node server within a preset time (for example, within 2 days).

When any one or more of the following conditions is met, determining that the communication identifier corresponding to the off-hook terminal is not stolen: the first judgment result is that the communication identifier does not log in the social security platform, the second judgment result is that the communication identifier does not perform financial transaction, and the third judgment result is that the historical communication record information comprises communication information of the off-hook terminal and the fourth judgment result is that the equipment identifier of the off-hook terminal is the same as the equipment identifier of the historical terminal; otherwise, determining that the communication identifier corresponding to the off-hook terminal is stolen.

And step S103, limiting the use authority of the off-hook terminal under the condition that the communication identifier is determined to be stolen.

The using authority of the off-hook terminal comprises any one or more of the authorities of receiving and sending short messages, making a call, carrying out data flow communication and the like. And under the condition that the communication identifier is determined to be stolen, the user number security guarantee node server can close any one or more of the using authorities of the off-hook terminal. The usage right of the off-hook terminal is only illustrated by way of example, and may be specifically set according to actual needs, and the usage rights of other off-hook terminals not illustrated are also within the protection scope of the present application, and are not described herein again.

The video information in the living body authentication information may be a video recorded by a user of the off-hook terminal, the language information may be a voice information recorded by the user of the off-hook terminal, and the like, and by using the characteristics of the user in the video information and/or the voice information, the user is compared with the identification information (for example, facial information or voice information, and the like) of the registered user corresponding to the communication identifier, so as to determine whether the user of the off-hook terminal is the registered user corresponding to the communication identifier.

Or comparing the fingerprint information of the registered user corresponding to the mobile phone number arranged in the off-hook terminal and stored in advance with the fingerprint information of the user currently reported by the off-hook terminal, if the two fingerprint information are the same, the user is the registered user corresponding to the mobile phone number, and the use authority of the off-hook terminal can be recovered; otherwise, the user is a third party, the user cannot recover the use permission of the off-hook terminal, the user cannot provide the user with the on-line recovery of the use permission of the off-hook terminal, and the registered user corresponding to the mobile phone number arranged in the off-hook terminal needs to go to an off-line operator business hall to recover the use permission of the mobile phone number. The mobile phone number is prevented from being stolen by a third party, leakage of user information and property loss of the user due to leakage of identity information are avoided, safety of the user information and property is guaranteed, and user experience is improved.

In the embodiment, the information security of the off-hook terminal can be determined by acquiring the communication verification information of the core network device on the off-hook terminal, the social security verification information corresponding to the off-hook terminal and the financial verification information; determining whether the corresponding communication identifier of the off-hook terminal is stolen or not according to the communication verification information, the social security verification information and the financial verification information, and judging whether the communication identifier is stolen by other people or not so as to determine whether the off-hook terminal is in a safe state or not; under the condition that the communication identifier is determined to be stolen, the use permission of the unlinking terminal is limited, leakage of user information and loss of user property caused by leakage of identity information are avoided, safety of the user information and property is guaranteed, and user experience is improved.

Fig. 2 is a flowchart illustrating a method for verifying a communication identifier in another embodiment of the present application. The communication identifier verification method can be applied to a user number security guarantee node server. As shown in fig. 2, the method for verifying the communication identifier includes the following steps:

step S201, acquiring communication verification information of the core network device to the off-hook terminal, social security verification information corresponding to the off-hook terminal, and financial verification information.

Step S202, according to the communication verification information, the social security verification information and the financial verification information, whether the corresponding communication identification of the off-hook terminal is stolen is determined.

It should be noted that steps S201 to S202 in this embodiment are the same as steps S101 to S102 in the previous embodiment, and are not repeated herein.

And step S203, generating the stolen identifier of the corresponding communication identifier of the off-hook terminal under the condition that the communication identifier is determined to be stolen.

Wherein the stolen identity characterizes that the communication identity has been used by a third party device, and that the third party device has not obtained permission to register the user. The third-party device may use the communication identifier to obtain identity information of a registered user corresponding to the communication identifier, or perform online transaction using the communication identifier, and the property of the registered user may be damaged.

And step S204, acquiring the registered user information corresponding to the off-hook terminal.

The registered user information is Identity information of a registered user, which is filled when a communication identifier (for example, International Mobile Subscriber Identity (IMSI)) corresponding to the off-hook terminal performs network entry registration by an operator node server.

And step S205, generating and sending a freezing message to the block chain network according to the registered user information and the stolen identifier.

After each financial node in the block chain network obtains the stolen identifier, the account corresponding to the communication identifier is frozen according to the information of the registered user, so that the property safety of the registered user is ensured.

The financial node comprises any one or more of a network credit platform supervision node server, a bank supervision node server and a network payment platform server. Under the condition that the communication identifier is determined to be stolen, each financial node acquires the stolen identifier from the block chain network, and an account corresponding to the communication identifier is closed or frozen according to the stolen identifier, so that the fund loss of a user is avoided, and the property safety of the user is improved.

In the embodiment, the information security of the off-hook terminal can be determined by acquiring the communication verification information of the core network device on the off-hook terminal, the social security verification information corresponding to the off-hook terminal and the financial verification information; determining whether the corresponding communication identifier of the off-hook terminal is stolen or not according to the communication verification information, the social security verification information and the financial verification information, and judging whether the communication identifier is stolen by other people or not so as to determine whether the off-hook terminal is in a safe state or not; under the condition that the communication identification is determined to be stolen, the identification that the corresponding communication identification of the off-hook terminal is stolen is generated, and a freezing message is generated and sent to the block chain network according to the registered user information and the stolen identification, so that after each financial node in the block chain network obtains the stolen identification, an account corresponding to the communication identification is frozen according to the registered user information, leakage of the user information and loss of user property caused by leakage of identity information are avoided, safety of the user information and property is guaranteed, and user experience is improved.

Fig. 3 is a flowchart illustrating a method for verifying a communication identifier according to still another embodiment of the present application. The communication identifier verification method can be applied to core network equipment. As shown in fig. 3, the method for verifying the communication identifier includes the following steps:

step S301, determining a record verification result according to the acquired communication information of the off-hook terminal and the historical communication record information of the off-hook terminal fed back by the operator node.

In some specific implementations, before determining the record verification result according to the acquired communication information of the off-hook terminal and the historical communication record information of the off-hook terminal fed back by the operator node, the method further includes: and acquiring the communication information of the off-hook terminal.

The communication information of the off-hook terminal comprises any one or more of call records, short message records and address book information of the off-hook terminal. The communication information of the off-hook terminal may be the latest N call records, M short messages, and the address book friend information of the off-hook terminal, which are actively reported to the core network device by the off-hook terminal within a preset time (e.g., 1 hour). Wherein N and M are integers greater than or equal to 1. The historical communication record information comprises historical call record information, historical short messages and the like of communication identifiers corresponding to the unhook terminals.

Whether the communication information of the off-hook terminal is consistent with the historical communication record information or not is verified through the historical communication record information, for example, whether a called terminal called by the off-hook terminal is consistent with a called terminal in the historical communication record information or not and whether a sender device corresponding to the short message received by the off-hook terminal exists in the historical communication record information or not are verified through the historical communication record information, so that the off-hook terminal is ensured to be in a normal communication range.

Step S302, determining an identification verification result according to the equipment identification of the off-hook terminal, the communication identification corresponding to the off-hook terminal and preset database information.

The device identifier of the off-hook terminal may be a serial number of the off-hook terminal, and the like, and the communication identifier corresponding to the off-hook terminal may be an IMSI, a mobile phone number, and the like, and by searching preset database information, it is determined whether the serial number (or the IMSI, or the mobile phone number, and the like) of the off-hook terminal is in the preset database information, and it is verified whether the off-hook terminal is an old terminal that has been used by a registered user corresponding to the communication identifier.

When the device identification of the off-hook terminal is the same as that of the historical terminal, the off-hook terminal is represented as an old terminal used by the registered user corresponding to the communication identification. When the device identifier of the off-hook terminal is different from the device identifier of the historical terminal, the fact that the off-hook terminal is not an old terminal used by the registered user corresponding to the communication identifier once is represented, and it is possible that the off-hook terminal is a third-party device which uses the communication identifier without permission of the registered user. The communication identity is at risk of being misappropriated.

Step S303, generating and sending communication verification information to the block chain network according to the record verification result and the identification verification result.

When the user number security guarantee node in the block chain network obtains the communication verification information, whether the communication identification corresponding to the off-hook terminal is stolen or not is determined according to the communication verification information, the social security verification information of the off-hook terminal and the financial verification information, and the use permission of the off-hook terminal is limited under the condition that the communication identification is determined to be stolen.

In this embodiment, a record verification result is determined according to the acquired communication information of the off-hook terminal and the historical communication record information of the off-hook terminal fed back by the operator node, and whether the off-hook terminal is in a normal communication range is determined according to the record verification result. And determining an identification verification result according to the equipment identification of the off-hook terminal, the communication identification corresponding to the off-hook terminal and preset database information, and verifying whether the off-hook terminal is an old terminal used by a registered user corresponding to the communication identification. And generating and sending communication verification information to the block chain network according to the record verification result and the identification verification result so as to enable the user number security assurance node to obtain the communication verification information, determining whether the communication identification corresponding to the unlinking terminal is stolen or not by combining the social security verification information and the financial verification information of the unlinking terminal, and limiting the use permission of the unlinking terminal under the condition of determining that the communication identification is stolen so as to ensure the information security and property security of the registered user corresponding to the communication identification.

Fig. 4 shows a block diagram of a user number security node server in the embodiment of the present application. As shown in fig. 4, the user number security node server specifically includes the following modules:

a first obtaining module 401, configured to obtain communication verification information of the core network device on the disconnected terminal, social security verification information corresponding to the disconnected terminal, and financial verification information; a determining module 402, configured to determine whether a corresponding communication identifier of the disconnect terminal is stolen according to the communication verification information, the social security verification information, and the financial verification information; and a limiting module 403, configured to limit the usage right of the off-hook terminal when it is determined that the communication identifier is stolen.

In this embodiment, the first obtaining module obtains communication verification information of the core network device to the disconnected terminal, social security verification information corresponding to the disconnected terminal, and financial verification information, so as to determine information security of the disconnected terminal; the use judgment module determines whether the corresponding communication identifier of the off-hook terminal is stolen or not according to the communication verification information, the social security verification information and the financial verification information, and judges whether the communication identifier is stolen by other people or not so as to determine whether the off-hook terminal is in a safe state or not; the use limiting module limits the use permission of the unhooking terminal under the condition that the communication identifier is determined to be stolen, so that the leakage of user information and the loss of user property caused by the leakage of identity information are avoided, the safety of the user information and the property is guaranteed, and the user experience degree is improved.

Fig. 5 shows a block diagram of the core network device in the embodiment of the present application. As shown in fig. 5, the core network device specifically includes the following modules:

the record verification module 501 is configured to determine a record verification result according to the acquired communication information of the off-hook terminal and historical communication record information of the off-hook terminal fed back by the operator node; the identifier verification module 502 is configured to determine an identifier verification result according to the device identifier of the off-hook terminal, the communication identifier corresponding to the off-hook terminal, and preset database information; the processing module 503 is configured to generate and send communication verification information to the blockchain network according to the record verification result and the identifier verification result, so that the user number security assurance node obtains the communication verification information, determine whether the communication identifier corresponding to the detach terminal is stolen according to the communication verification information, the social security verification information of the detach terminal, and the financial verification information, and limit the usage right of the detach terminal when it is determined that the communication identifier is stolen.

In this embodiment, the record verification module determines a record verification result according to the acquired communication information of the off-hook terminal and the historical communication record information of the off-hook terminal fed back by the operator node, and determines whether the off-hook terminal is in a normal communication range according to the record verification result. And determining an identification verification result by using an identification verification module according to the equipment identification of the off-hook terminal, the communication identification corresponding to the off-hook terminal and preset database information, and verifying whether the off-hook terminal is an old terminal used by a registered user corresponding to the communication identification. The use processing module generates and sends communication verification information to the block chain network according to the record verification result and the identification verification result so that the user number security assurance node obtains the communication verification information, determines whether the communication identification corresponding to the unlinking terminal is stolen or not by combining the social security verification information and the financial verification information of the unlinking terminal, limits the use permission of the unlinking terminal under the condition of determining that the communication identification is stolen, and ensures the information security and property security of the registered user corresponding to the communication identification.

It should be noted that each module referred to in this embodiment is a logical module, and in practical applications, one logical unit may be one physical unit, may be a part of one physical unit, and may be implemented by a combination of multiple physical units. In addition, in order to highlight the innovative part of the present application, a unit that is not so closely related to solving the technical problem proposed by the present application is not introduced in the present embodiment, but it does not indicate that no other unit exists in the present embodiment.

Fig. 6 is a block diagram showing components of a communication identifier verification system in the embodiment of the present application. As shown in fig. 6, the verification system for communication identifiers specifically includes the following devices:

the system comprises a user number security assurance node server 601, an unlinking terminal 602, a loss report terminal 603, a social security node server 604, a bank supervision node server 605, a network credit platform supervision node server 606, core network equipment 607, an operator short message node server 608, a one-number-multiple-terminal management node server 609, a user behavior analysis node server 610 and an operator server 611.

The communication identifier corresponding to the unlink terminal 602 is the same as the communication identifier corresponding to the loss reporting terminal 603 (for example, the unlink terminal 602 and the loss reporting terminal 603 are two terminals in a one-number multi-terminal service). In the case that the loss reporting terminal 603 is lost, the release terminal 602 may be configured to release the IMSI corresponding to the loss reporting terminal 603. The communication identifier may be a communication identifier (e.g., IMSI, a serial number of a terminal, etc.) in the one-number multi-terminal service, where the communication identifier is a number corresponding to user information acquired after a user agrees to the communication identifier.

It should be noted that each device in the mobile phone number theft prevention system communicates with each other through a blockchain network.

Fig. 7 is a flowchart illustrating an operating method of a communication identifier verification system in an embodiment of the present application. As shown in fig. 7, the method specifically includes the following steps.

In step S701, the loss report terminal 603 logs in the operator server 611, and reports the loss of the IMSI corresponding to the loss report terminal 603.

The IMSI may be 186XXXX8866 waiting for a verification number.

For example, the loss reporting terminal 603 may log in the operator server 611 by calling an operator customer service phone (e.g., 10010/10000/10086, etc.), or by using a mobile phone client (e.g., a mobile phone business office, etc.) of the loss reporting terminal 603, perform loss reporting processing on the number to be verified, and generate loss reporting information.

The loss reporting information includes any one or more of a device identifier of the loss reporting terminal 603, location information (e.g., latitude and longitude information, etc.) of the loss reporting terminal 603, and communication information of the loss reporting terminal 603. The communication information of the loss report terminal 603 includes: information of a Cell of the base station where the loss report terminal 603 is located (e.g., a Physical Cell Identifier (PCI), etc.), an IMSI corresponding to the loss report terminal 603, and the like.

In step S702, the detach terminal 602 logs in the operator server 611, and performs an detach operation on the number to be verified.

For example, the off-hook terminal 602 may log in to the operator server 611 by calling an operator customer service telephone (e.g., 10010/10000/10086), or by using a mobile phone client (e.g., a mobile phone business office) of the off-hook terminal 602, to perform off-hook processing of the number to be authenticated.

The information of the off-hook includes any one or more of a device identifier of the off-hook terminal 602, location information (e.g., latitude and longitude information, etc.) of the off-hook terminal 602, and communication information of the off-hook terminal 602. The communication information of the detach terminal 602 includes cell information (e.g., PCI, etc.) of a base station where the detach terminal 602 is located, IMSI corresponding to the detach terminal 602, and the like.

In step S703, the operator server 611 generates and sends a verification message to the user number security assurance node server 601 according to the loss report information and the hang release information corresponding to the number to be verified.

Step S704, after the user number security node server 601 obtains the verification message, it is known that the number to be verified is subjected to loss reporting processing, and then hang-up processing is performed, and these two processing processes are executed by different terminals, and the user number security node server 601 marks the number to be verified as a mobile phone number with a risk of fraudulent use, and starts a monitoring operation on the number to be verified, so as to prevent the number to be verified from being stolen. The user number security assurance node server 601 generates a first broadcast message according to the loss reporting information, the drop releasing information and the number to be verified in the verification message.

Step S705, the user number security assurance node server 601 signs the first broadcast message using its own private key, generates and sends the signed first broadcast message to the blockchain network, so that each node in the blockchain network obtains the first broadcast message and verifies the number to be verified.

Step S706, after the social security node server 604 in the block chain network receives the first broadcast message and verifies the private key signature thereof, the social security node server 604 obtains a number to be verified, and according to the number to be verified, the social security node server 604 searches its own database to obtain a first search result, where the first search result includes: whether the number to be verified logs in the social security node server 604 and whether the number to be verified acquires user identity information corresponding to the number to be verified; if the social security node server 604 is determined to be logged in, generating social security verification information according to the operation information of the number to be verified on the social security node server 604, the time information corresponding to the operation information, and the identity information corresponding to the number to be verified. And performs private key signature on the social security verification information, generates and sends the signed social security verification information to the blockchain network, so that the user number security assurance node server 601 obtains the social security verification information.

In step S707, the bank supervisory node server 605 receives the first broadcast message, obtains the number to be verified after the private key signature verification passes, searches its internal database according to the number to be verified, and obtains a second search result, where the second search result includes information of whether the number to be verified logs in the bank system and performs financial transactions (e.g., financial operation information such as login, registration, card binding, and account transfer), and time information corresponding to the information of performing financial transactions. The bank supervision node server 605 generates first financial verification information according to the number to be verified, the financial transaction information corresponding to the number to be verified, and the time information corresponding to the financial transaction information, signs the first financial verification information by using a private key of the bank supervision node server, generates and sends the signed first financial verification information to the block chain network, so that the user number security assurance node server 601 obtains the first financial verification information.

Step S708, the network loan platform supervisory node server 606 receives the first broadcast message, obtains the number to be verified after the private key signature verification passes, searches its internal database according to the number to be verified, and obtains a third search result, where the third search result includes whether the number to be verified has performed network loan operation, network loan operation information (such as information of operations of login, registration, loan, and the like) during the network loan operation, and time information corresponding to the performed network loan operation information. The network credit platform supervision node server 606 generates second financial verification information according to the number to be verified, the network credit operation information corresponding to the number to be verified, and the time information corresponding to the network credit operation information, signs the second financial verification information by using a private key of the network credit platform supervision node server 606, generates and sends the signed second financial verification information to the block chain network, so that the user number security assurance node server 601 obtains the second financial verification information.

Step S709, when the operator short message node server 608 receives the first broadcast message, after the private key signature of the first broadcast message is verified, a to-be-verified number is obtained; calling a short message record corresponding to the number to be verified according to the number to be verified; according to the short message record, judging whether the number to be verified sends short messages to a plurality of strange numbers or not, and whether verification short messages sent by a plurality of banks or verification short messages sent by a network credit platform are received or not, and obtaining a judgment result; and generating a short message verification message according to the judgment result and the number to be verified, performing private key signature on the short message verification message, and generating and sending the signed short message verification message to the blockchain network so that the user number security assurance node server 601 obtains the short message verification message.

Step S710, when the user behavior analysis node server 610 in the blockchain network receives the first broadcast message and passes the verification of the private key signature, obtaining a number to be verified, searching its own internal database according to the number to be verified, and obtaining a fourth search result, where the fourth search result includes a call record corresponding to the number to be verified; judging whether the number to be verified has communicated with a plurality of strange telephone numbers or not according to the call record; if so, the private key signature is carried out on the call record information, and a call record verification message is generated and sent to the block chain network, so that the user number security assurance node server 601 obtains the call record verification message.

In step S711, the core network device 607 receives the first broadcast message from the blockchain network, and obtains the number to be verified, the loss report information, and the release information after passing the signature verification of the private key.

In some implementations, the core network device 607 may first send a query message to the off-hook terminal 602, so that the off-hook terminal 602 can report communication information (e.g., call records, short message records, etc.) within a last period of time (e.g., within a preset 10 minutes), and address book information of the off-hook terminal to the core network device 607. The core network device 607 may also obtain historical communication record information of the off-hook terminal 602 through the blockchain network.

The core network device 607 compares the acquired communication information of the off-hook terminal 602 with the historical communication record information of the off-hook terminal 602 to determine a record verification result; then, preset database information is searched according to the device identifier (e.g., a serial number of the terminal, etc.) of the off-hook terminal 602 and the communication identifier (e.g., IMSI, etc.) corresponding to the off-hook terminal 602, and an identifier verification result (i.e., whether the off-hook terminal 607 is an old terminal that was used by a registered user corresponding to a number to be verified originally) is determined. And generating and sending communication verification information to the block chain network according to the record verification result and the identification verification result so that the user number security assurance node server 601 obtains the communication verification information.

In step S712, the user number security node server 601 obtains social security verification information, first financial verification information, second financial verification information, short message verification information, call record verification information, and communication verification information from the blockchain network, respectively. Then, the private key signature of each verification message is verified respectively. And when the verification is passed, obtaining the number to be verified. Acquiring whether the user logs in the social security node server 604 to acquire identity card information through the terminal according to the number to be authenticated; whether to log in the bank supervision node server 605 for relevant operations; whether to register and bind the network credit platform supervision node server 606; whether operation information of the verification short messages sent by a plurality of banks and network credit platform servers is received or not; whether the un-hang terminal 607 is an old terminal originally used by the registered user corresponding to the number to be verified or not is judged according to the operation information and the information such as the identifier, the position information, the call record and the like of the user terminal equipment used by the user when the user performs the loss report processing and the un-hang processing on the number to be verified. If any one or more of the following conditions are determined to be true: 1) the number to be verified has a plurality of strange numbers to carry out communication; 2) logging in a plurality of network credit platform servers or banks for registration, card swiping and other operations; 3) the identifier of the terminal device performing the loss reporting processing and the release reporting processing is different from the identifier of the terminal device stored in the core network device 607, 4) the information of the registered cell is different, and 5) the geographical location is different; 6) the hang release terminal 607 is not the old terminal used by the registered user corresponding to the number to be verified, which indicates that the number to be verified has the risk of being stolen, and generates the identifier to be verified.

In step S713, the user number security node server 601 generates and sends a verification message to the one-number-multi-terminal management node server 609 according to the identifier to be verified.

Step S714, the first multi-terminal management node server 609 obtains a verification message from the blockchain network; and obtaining the identifier to be verified through analyzing the verification message. According to the to-be-verified identifier, an authentication request is generated and respectively sent to the loss reporting terminal 603 and the loss reporting terminal 602, so that the loss reporting terminal 603 and the loss reporting terminal 602 perform mutual authentication.

In step S715, the unlinking terminal 602 and the loss report terminal 603 perform mutual authentication.

Specifically, the suspend terminal 602 performs hash operation on the password to be verified to obtain a hash value to be verified, performs private key signature on the hash value to be verified to generate a signed message to be verified, and sends the signed message to be verified to the blockchain network, so that the loss report terminal 603 obtains the hash value to be verified. When the loss reporting terminal 603 obtains a to-be-verified message sent by the drop terminal 602 from the blockchain network, a private key signature of the to-be-verified message is verified first, and when the verification passes, a hash value to be verified is obtained. Meanwhile, the loss report terminal 603 performs hash calculation on a preset password preset by a user and stored in advance to obtain a preset hash value; comparing the preset hash value with the hash value to be verified, and determining that the off-hook terminal 602 is verified when the preset hash value is the same as the hash value to be verified; otherwise, it is determined that the authentication of the detach terminal 602 fails.

In step S716, the loss report terminal 603 sends the result of mutual authentication to the user number security assurance node server 601.

Wherein, the result of mutual authentication comprises verification success or verification failure.

For example, when the loss reporting terminal 603 determines that the verification of the release terminal 602 fails, the loss reporting terminal 603 generates a verification failure identifier; and generating and sending a verification failure message to the blockchain network according to the verification failure identifier and the device identifier of the hang terminal 602, so that the user number security node server 601 obtains the verification failure identifier. When the loss reporting terminal 603 determines that the verification of the loss reporting terminal 602 is successful, the loss reporting terminal 603 generates and sends a verification success message to the blockchain network, so that the user number security node server 601 determines that the verification of the loss reporting terminal 603 on the loss reporting terminal 602 is successful.

Step 717, the user number security node server 601 generates an identifier that the mobile phone number corresponding to the off-hook terminal 602 is stolen under the condition that the authentication on the off-hook terminal 602 is determined to be failed; and generating and sending an alarm message to the block chain network according to the stolen identifier so that each node in the block chain network freezes an account corresponding to the communication identifier.

For example, when the bank supervisory node server 605 and the network credit platform supervisory node server 606 obtain an alarm message from the blockchain network, the financial account corresponding to the unlinking terminal 602 is searched and obtained according to the device identifier of the unlinking terminal 602, and is frozen, so that property loss of the user is avoided, and safety of the user is improved.

For example, after the network loan platform supervisory node server 606 obtains the alarm message from the blockchain network, the network loan account corresponding to the off-hook terminal 602 is closed, so that the user of the off-hook terminal 602 can avoid the behavior of loan or online consumption and the like by using the network loan account, and the property safety of the user can be ensured.

When the bank supervision node server 605 obtains the alarm message from the blockchain network, the bank account corresponding to the un-hung terminal 602 is temporarily frozen, so that the user of the current un-hung terminal 602 cannot withdraw cash, cannot perform financial behaviors such as transfer or consumption, and the like, and property loss of the user is reduced.

When the operator core network node server 672 obtains the alarm message from the blockchain network, the communication function of the off-hook terminal 602 is stopped, and the off-hook terminal 602 is locked.

When the social security node server 604 obtains the alarm message from the blockchain network, the account corresponding to the unlinking terminal 602 is prohibited from logging in, so as to ensure the security of the identity information of the user.

In some implementations, in a case where the off-hook terminal 602 determines that its communication function is stopped, the off-hook terminal 602 still needs to continue using the mobile phone number, and the off-hook terminal 602 needs to upload the living body authentication information (for example, any one or more of video information, voice information, and fingerprint information of the user) corresponding to the user of the off-hook terminal 602 to the subscriber number security and assurance node server 601, so that the subscriber number security and assurance node server 601 performs living body authentication on the user (for example, comparing the fingerprint information corresponding to the user of the off-hook terminal 602 with the preset fingerprint information) to determine whether the user of the off-hook terminal 602 is a registered subscriber of the to-be-authenticated number corresponding to the off-hook terminal 602.

If the user of the off-hook terminal 602 is a registered user of the number to be authenticated corresponding to the off-hook terminal 602, it is determined that the usage right of the off-hook terminal 602 can be restored. If the user of the off-hook terminal 602 is not the registered user of the to-be-verified number corresponding to the off-hook terminal 602, the communication function of the off-hook terminal 602 will still be stopped, for example, the user of the off-hook terminal 602 will stop making a call, accessing the internet, sending and receiving short messages, and the like. Meanwhile, the identifier of the off-hook terminal 602 and the identifier of the stolen mobile phone number corresponding to the off-hook terminal 602 are sent to the blockchain network, so that it is ensured that other nodes in the blockchain network do not perform online opening operation for the user of the off-hook terminal 602 any more, and the user of the off-hook terminal 602 is informed that the service recovery operation can only be performed through the offline business hall.

In this embodiment, in the working hours of a business hall, two different terminals in a one-number multi-terminal service respectively perform loss reporting operation and hang releasing operation on a number to be verified, and a user number security assurance node server judges whether the number to be verified has a risk of being stolen or not through various verification information such as social security verification information, first financial verification information, second financial verification information, short message verification information, call record verification information, communication verification information and the like acquired from a block chain network, so that the security of the number to be verified is comprehensively measured; and under the condition that the number to be verified is not stolen, mutually authenticating the unlink terminal and the loss reporting terminal through the password to be verified so as to ensure the accuracy of the verification result and further determine whether the number to be verified is stolen. And under the condition that the number to be verified is stolen, the communication function of the un-hung terminal is stopped, and the financial account corresponding to the un-hung terminal is frozen through a bank supervision node server and a network credit platform supervision node server in the block chain network, so that the property loss of a stolen user is avoided, the safety of the user is improved, and the user experience degree is improved.

It is to be understood that the above embodiments are merely exemplary embodiments that are employed to illustrate the principles of the present application, and that the present application is not limited thereto. It will be apparent to those skilled in the art that various changes and modifications can be made therein without departing from the spirit and scope of the application, and these changes and modifications are to be considered as the scope of the application.

Claims

1. A method for verifying a communication identifier, the method comprising:

acquiring communication verification information of core network equipment to an off-hook terminal, social security verification information and financial verification information corresponding to the off-hook terminal;

determining whether the corresponding communication identifier of the off-hook terminal is stolen or not according to the communication verification information, the social security verification information and the financial verification information;

and limiting the use permission of the off-hook terminal under the condition that the communication identifier is determined to be stolen.

2. The method according to claim 1, wherein the communication verification information includes a record verification result and an identifier verification result, the record verification result is a result determined by the core network device according to the communication information of the off-hook terminal and historical communication record information of the off-hook terminal fed back by an operator node, the identifier verification result is a result determined by the core network device according to a device identifier of the off-hook terminal and a device identifier of a historical terminal, and a communication identifier corresponding to the off-hook terminal is the same as a communication identifier corresponding to the historical terminal.

3. The method according to claim 2, wherein the determining whether the corresponding communication identifier of the disconnect terminal is stolen according to the communication verification information, the social security verification information and the financial verification information comprises:

judging whether a communication identifier corresponding to the off-hook terminal logs in a social security platform or not according to the social security verification information, and acquiring identity card information corresponding to the communication identifier to obtain a first judgment result;

judging whether the communication identifier corresponding to the off-hook terminal carries out financial transaction according to the financial verification information to obtain a second judgment result;

determining whether the historical communication record information comprises the communication information of the off-hook terminal according to the record verification result, and obtaining a third judgment result;

determining whether the equipment identification of the off-hook terminal is the same as the equipment identification of the historical terminal according to the identification verification result to obtain a fourth judgment result;

and determining whether the corresponding communication identifier of the off-hook terminal is stolen according to any one or more of the first judgment result, the second judgment result, the third judgment result and the fourth judgment result.

4. The method according to claim 1, wherein the limiting the usage right of the suspension terminal in the case that the communication identifier is determined to be stolen comprises:

under the condition that the communication identification is determined to be stolen, generating an identification that the corresponding communication identification of the off-hook terminal is stolen;

acquiring registered user information corresponding to the off-hook terminal;

and generating and sending a freezing message to the block chain network according to the registered user information and the stolen identifier so as to freeze an account corresponding to the communication identifier by each financial node in the block chain network.

5. The method according to claim 1, wherein after limiting the usage right of the suspension terminal in case of determining that the communication identifier is stolen, the method further comprises:

acquiring living body verification information of the user of the off-hook terminal, wherein the living body verification information comprises any one or more of video information, voice information and fingerprint information of the user;

and verifying the user according to the living body verification information, and determining whether to recover the use authority of the off-hook terminal.

6. A method for verifying a communication identifier, the method comprising:

determining a record verification result according to the acquired communication information of the off-hook terminal and the historical communication record information of the off-hook terminal fed back by the operator node;

determining an identification verification result according to the equipment identification of the off-hook terminal, the communication identification corresponding to the off-hook terminal and preset database information;

and generating and sending communication verification information to a block chain network according to the record verification result and the identification verification result so that a user number security assurance node obtains the communication verification information, determining whether the communication identification corresponding to the off-hook terminal is stolen according to the communication verification information, the social security verification information of the off-hook terminal and the financial verification information, and limiting the use permission of the off-hook terminal under the condition that the communication identification is stolen.

7. The method according to claim 6, wherein the determining a record verification result according to the acquired communication information of the off-hook terminal and the historical communication record information of the off-hook terminal fed back by the operator node comprises:

comparing the communication information of the off-hook terminal with the historical communication record information, and determining the record verification result;

the record verification result comprises that the historical communication record information comprises the communication information of the off-hook terminal, or the historical communication record information does not comprise the communication information of the off-hook terminal.

8. The method according to claim 6 or 7, before determining a record verification result according to the acquired communication information of the off-hook terminal and the historical communication record information of the off-hook terminal fed back by the operator node, further comprising:

acquiring communication information of the off-hook terminal;

the communication information of the off-hook terminal comprises any one or more of call records, short message records and address book information of the off-hook terminal.

9. The method according to claim 6, wherein the determining an identifier verification result according to the device identifier of the off-hook terminal, the communication identifier corresponding to the off-hook terminal, and preset database information includes:

inquiring the preset database information according to the communication identifier corresponding to the off-hook terminal to obtain the equipment identifier of the historical terminal corresponding to the communication identifier;

comparing the equipment identification of the off-hook terminal with the equipment identification of the historical terminal to determine the identification verification result;

the identification verification result comprises that the equipment identification of the off-hook terminal is the same as the equipment identification of the historical terminal, or the equipment identification of the off-hook terminal is different from the equipment identification of the historical terminal.

10. A subscriber number security node server, comprising:

the system comprises a first acquisition module, a second acquisition module and a third acquisition module, wherein the first acquisition module is used for acquiring communication verification information of a core network device to an off-hook terminal, social security verification information corresponding to the off-hook terminal and financial verification information;

the judging module is used for determining whether the corresponding communication identifier of the unhook terminal is stolen or not according to the communication verification information, the social security verification information and the financial verification information;

and the limiting module is used for limiting the use permission of the off-hook terminal under the condition that the communication identifier is determined to be stolen.

11. A core network device, comprising:

the record verification module is used for determining a record verification result according to the acquired communication information of the off-hook terminal and the historical communication record information of the off-hook terminal fed back by the operator node;

the identification verification module is used for determining an identification verification result according to the equipment identification of the off-hook terminal, the communication identification corresponding to the off-hook terminal and preset database information;

and the processing module is used for generating and sending communication verification information to a block chain network according to the record verification result and the identification verification result so as to enable a user number security assurance node to obtain the communication verification information, determining whether the communication identification corresponding to the off-hook terminal is stolen according to the communication verification information, the social security verification information of the off-hook terminal and the financial verification information, and limiting the use permission of the off-hook terminal under the condition of determining that the communication identification is stolen.