CN102065070A - Method and device for controlling information safety of telecommunications service (TS) - Google Patents
Method and device for controlling information safety of telecommunications service (TS) Download PDFInfo
- Publication number
- CN102065070A CN102065070A CN2009102380606A CN200910238060A CN102065070A CN 102065070 A CN102065070 A CN 102065070A CN 2009102380606 A CN2009102380606 A CN 2009102380606A CN 200910238060 A CN200910238060 A CN 200910238060A CN 102065070 A CN102065070 A CN 102065070A
- Authority
- CN
- China
- Prior art keywords
- query requests
- user profile
- information
- user
- profile query
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method for controlling information safety of a telecommunications service (TS), comprising the following steps: determining scene elements by a user information inquiry request; judging whether the user information inquiry request is legal in accordance with the attributes of the scene elements; and calling requested information based on the scene elements and the legal user information inquiry request. The invention also discloses a device for controlling information safety of the TS. The method and device is applied, thus ensuring operation of normal services, and preventing divulging user information illegally.
Description
Technical field
The present invention relates to field of information security technology, more specifically, relate to a kind of control method and device of telecommunication service information security.
Background technology
Along with the development of IT application process and the expansion of industry user's scale, the telecommunication service operation support system has accumulated a large amount of user profile.The user profile of magnanimity is the valuable source of every profession and trade operation, also is many commercial persons' target.How to protect user information safety, maintenance customer's legitimate rights and interests become one of problem that each company's telecommunication service operation support system must solve.
In the present telecommunication service operation support system, to the control of user information safety according to business demand or according to user role configuration service function, all kinds of scattered safety control strategies are dispersed among various telecommunication services use, and lack complete and security control platform independently.
For example, when business demand is arrearage control, complaint workflow, the telecommunication service operation support system then needs the bill of inquiring user, and the service that the partial query interface can not be subjected to time and number of the account restriction directly to call the inquiring user bill obtains information such as subscriber's account, user's name.
For example, certain operator has the search access right of user's ticket, then can not be subjected to IP and the restriction of situation of continuing, and the service of calling the inquiring user ticket whenever and wherever possible by related application in the office net obtains the ticket of Any user.
The telecommunication service operation support system is also revealed other required relevant information of non-this service of user when a service is provided for the user.As seen, prior art is not stopped the illegal leakage of user profile.
Summary of the invention
The embodiment of the invention proposes a kind of control method of telecommunication service information security, when guaranteeing the regular traffic operation, and the illegal leakage of stopping user profile.
The embodiment of the invention also proposes a kind of control device of telecommunication service information security, when guaranteeing the regular traffic operation, and the illegal leakage of stopping user profile.
The technical scheme of the embodiment of the invention is as follows:
A kind of control method of telecommunication service information security, this method comprises:
Determine situation elements by the user profile query requests;
Determined property user profile query requests according to situation elements is legal;
Call institute's information requested according to situation elements and validated user information inquiring request.
The described user profile query requests of described judgement judges that the user profile query requests for illegal, then writes down the situation elements of disabled user's information inquiring request legal further comprising.
The described user profile query requests of described judgement judges that the user profile query requests is that part is legal legal further comprising, after then in described user profile query requests, increasing check information, determine situation elements according to the described user profile query requests behind the increase check information once more.
Described check information is the password of making an appointment, the letter that generates at random, generates in the numeral any one at random.
Preferably, when initiating described user profile query requests, further be included in the timestamp A that is provided with in the described user profile query requests when initiating query requests;
Before the described call request information, the timestamp B when receiving described query requests is set in described validated user information inquiring request, if the information of described request is then called less than life cycle in the interval between timestamp A and the timestamp B; Otherwise, refuse described user profile query requests.
Described situation elements comprises access IP, interface mode, operator's attribute, traffic information, proofing state, application type, class of business, data area, access type.
A kind of control device of telecommunication service information security, this device comprises:
Initialization module receives the user profile query requests, determines situation elements according to the user profile query requests, is sent to the scene controller;
The scene controller, legal according to the determined property user profile query requests of situation elements, with validated user information inquiring request and situation elements input scene module thereof;
Scene module is directly called institute's information requested according to validated user information inquiring request and situation elements.
Described scene controller judges that the user profile query requests is legal, further comprises judging that the user profile query requests is illegal, and described device further comprises,
Logging modle, the situation elements of record disabled user information inquiring request.
Described scene controller judges that the user profile query requests is legal, judges that further user profile query requests part is legal, and described device further comprises,
The verification module is for part validated user information inquiring request, to the described part validated user information inquiring request of initialization module input having increased check information.
Between described initialization module and described scene controller, further comprise,
Time module, the timestamp A mark initialization module output user profile query requests during with the initiation query requests, and with user inquiring request behind the mark and described situation elements input scene controller;
Between described scene controller and described scene module, further comprise,
Judge module, timestamp B mark when receiving described query requests is from the validated user information inquiring request of scene controller output, whether the interval of judging timestamp A and timestamp B in the described validated user information inquiring request then is less than life cycle, if at interval less than life cycle then with validated user information inquiring request input scene module; Otherwise, the refusing user's information inquiry.
From technique scheme, as can be seen, in embodiments of the present invention, determine situation elements by the user profile query requests earlier; Legal according to the determined property user profile query requests of situation elements then; Just can call the telecommunication service information of being asked according to situation elements and validated user information inquiring request.Judge the legitimacy of user profile query requests by extracting situation elements, only just can call institute's information requested by the validated user information inquiring request, thereby when guaranteeing the regular traffic operation, the illegal leakage of stopping telecommunication service user profile.
Description of drawings
Fig. 1 is a user information safety grade classification schematic diagram in the embodiment of the invention;
Fig. 2 is the control method schematic flow sheet of information security in the embodiment of the invention;
Fig. 3 is the control device framework map of information security in the embodiment of the invention;
Fig. 4 is the control device structure chart of information security in the embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention express clearlyer, the present invention is further described in more detail below in conjunction with drawings and the specific embodiments.
In embodiments of the present invention, Fig. 1 user profile is divided into essential information, business information, account information, key message and sensitive information five parts from low to high according to safe class, and every part comprises concrete content again.
User profile can be determined situation elements by the user profile query requests earlier after classifying according to safe class, judges whether this request is legal, if the validated user information inquiring request is then called institute's requested user according to situation elements again.Thereby in the regular traffic operation, the illegal leakage of stopping user profile guarantees user information safety.
The control method of the information security of the embodiment of the invention comprises the steps: as shown in Figure 2
For the relevant customer service of incoming call, exhalation, message reference, service handling or the application of business class, by access waies such as Socket, Tuxdo, Soap, calling party information.
Timestamp A when initiating query requests can be set, so that recording user begins query time in the user profile query requests.
The initialization of step 202, situation elements.
Determine situation elements by the user profile query requests.Situation elements comprises the essential informations relevant with query requests and security control such as inserting IP, interface mode, operator's attribute, traffic information, proofing state, application type, class of business, data area, access type.The attribute of corresponding situation elements is meant pairing concrete parameter of situation elements or specifying information.For example, for situation elements IP, corresponding situation elements attribute is the specific address 10.32.14.0 of IP.As seen, situation elements and situation elements attribute all are to determine according to concrete operations, and the present invention does not do concrete qualification to situation elements and attribute thereof.
The legitimacy of step 203, judgement user profile query requests.
According to the attribute of the situation elements of user profile query requests correspondence, judge whether this user profile query requests is legal.If the attribute of situation elements meets in the telecommunication service operation support system by the requirement of Query Information, then this user profile query requests is legal.
For example, the IP of situation elements is 10.32.14.0, and the key message of user profile query requests inquiring user is user's perfect instrument number.It is 10.32.X.X inquiry that user's key message only allows IP, so this user profile query requests is legal, execution in step 206.If judge that this user profile query requests is illegal, then execution in step 205.
In addition, as, situation elements is IP 10.32.14.0 and operating personnel's a job number 888, the product information of user profile query requests inquiring user.It is that 10.32.14.X and job number are the 8XX inquiries of having the right that product information allows IP, but when IP and job number meet querying condition, also needs input validation information.The user profile query requests of this moment is that part is legal, needs execution in step 204, and after waiting to increase correct check information, it is legal that this user profile query requests is only, and returns step 206.
The telecommunication service operation support system pre-establishes corresponding conditions, allows qualified user profile query requests searching user's information.
The user profile query requests is that part is legal, then needs to increase check information.Be that the scene element is all legal, lack auxiliary elements such as check information.Judge the original subscriber's information inquiring request execution in step 202 that has check information once more.Checking information can be the password of making an appointment, and also can be the letter or number that generates at random.
The situation elements of step 205, record disabled user information inquiring request.
The situation elements of record disabled user information inquiring request, so that this record of later-stage utilization carries out operating audit, the leak of anti-locking system.
For example, situation elements is IP 10.32.14.0 and operating personnel's a job number 888, the product information of user profile query requests inquiring user.By situation elements IP 10.32.14.0 and job number 888, and the product information invoke user information query interface then of request inquiring user.20 yuan of set meals of the product information-M-ZONE of recording user have 20 yuan of set meals of product information-M-ZONE of user in the scene view of output.
After receiving the user profile query requests, at first write down the timestamp B of this moment.And the reduced time whether stab interval between A and the timestamp B less than life cycle, if should interval less than life cycle, then can searching user's information; Otherwise, the refusing user's information inquiring request.Life cycle is to be pre-established by the telecommunication service operation support system.
In the present invention, as shown in Figure 3, the data Layer of bottom comprises the user profile of distinguishing according to level of security; The logic determines layer comprises several situation elements; Drive Layer comprises scene controller and scene module; The application layer that is in the top comprises the scene view of being exported by scene module.Scene view is by the user profile that sends information inquiring request output.
Fig. 4 is the control device structure chart of information security in the embodiment of the invention, comprising:
When life period module 402, judge module 406 also is set, timestamp B mark when receiving described query requests is from the validated user information inquiring request of scene controller output, whether the interval of judging timestamp A and timestamp B in the validated user information inquiring request then is less than life cycle, if at interval less than life cycle then with validated user information inquiring request input scene module; Otherwise, finish;
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the control method of a telecommunication service information security is characterized in that, this method comprises:
Determine situation elements by the user profile query requests;
Determined property user profile query requests according to situation elements is legal;
Call institute's information requested according to situation elements and validated user information inquiring request.
2. according to the control method of the described telecommunication service information security of claim 1, it is characterized in that, the described user profile query requests of described judgement judges that the user profile query requests for illegal, then writes down the situation elements of disabled user's information inquiring request legal further comprising.
3. according to the control method of the described telecommunication service information security of claim 1, it is characterized in that, the described user profile query requests of described judgement judges that the user profile query requests is that part is legal legal further comprising, after then in described user profile query requests, increasing check information, determine situation elements according to the described user profile query requests behind the increase check information once more.
4. according to the control method of the described telecommunication service information security of claim 3, it is characterized in that described check information is the password of making an appointment, the letter that generates at random, generates in the numeral any one at random.
5. according to the control method of the described telecommunication service information security of claim 1, it is characterized in that,
When initiating described user profile query requests, further be included in the timestamp A that is provided with in the described user profile query requests when initiating query requests;
Before the described call request information, the timestamp B when receiving described query requests is set in described validated user information inquiring request, if the information of described request is then called less than life cycle in the interval between timestamp A and the timestamp B; Otherwise, refuse described user profile query requests.
6. according to the control method of any described telecommunication service information security of claim 1 to 5, it is characterized in that described situation elements comprises access IP, interface mode, operator's attribute, traffic information, proofing state, application type, class of business, data area, access type.
7. the control device of a telecommunication service information security is characterized in that, this device comprises:
Initialization module receives the user profile query requests, determines situation elements according to the user profile query requests, is sent to the scene controller;
The scene controller, legal according to the determined property user profile query requests of situation elements, with validated user information inquiring request and situation elements input scene module thereof;
Scene module is directly called institute's information requested according to validated user information inquiring request and situation elements.
8. according to the control device of the described telecommunication service information security of claim 7, it is characterized in that described scene controller judges that the user profile query requests is legal, further comprise and judge that the user profile query requests is illegal that described device further comprises,
Logging modle, the situation elements of record disabled user information inquiring request.
9. according to the control device of the described telecommunication service information security of claim 7, it is characterized in that described scene controller judges that the user profile query requests is legal, judges that further user profile query requests part is legal, described device further comprises,
The verification module is for part validated user information inquiring request, to the described part validated user information inquiring request of initialization module input having increased check information.
10. according to the control device of the described telecommunication service information security of claim 7, it is characterized in that, between described initialization module and described scene controller, further comprise,
Time module, the timestamp A mark initialization module output user profile query requests during with the initiation query requests, and with user inquiring request behind the mark and described situation elements input scene controller;
Between described scene controller and described scene module, further comprise,
Judge module, timestamp B mark when receiving described query requests is from the validated user information inquiring request of scene controller output, whether the interval of judging timestamp A and timestamp B in the described validated user information inquiring request then is less than life cycle, if at interval less than life cycle then with validated user information inquiring request input scene module; Otherwise, the refusing user's information inquiry.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910238060.6A CN102065070B (en) | 2009-11-18 | 2009-11-18 | Method and device for controlling information safety of telecommunications service (TS) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910238060.6A CN102065070B (en) | 2009-11-18 | 2009-11-18 | Method and device for controlling information safety of telecommunications service (TS) |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102065070A true CN102065070A (en) | 2011-05-18 |
| CN102065070B CN102065070B (en) | 2014-09-03 |
Family
ID=44000173
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910238060.6A Active CN102065070B (en) | 2009-11-18 | 2009-11-18 | Method and device for controlling information safety of telecommunications service (TS) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102065070B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1614903A (en) * | 2003-11-07 | 2005-05-11 | 华为技术有限公司 | Method for authenticating users |
| CN101212510A (en) * | 2006-12-30 | 2008-07-02 | 上海贝尔阿尔卡特股份有限公司 | Method and device for searching for user relevance information in multi-LAN environment in fixed network |
| CN101426009A (en) * | 2007-10-31 | 2009-05-06 | 中国移动通信集团公司 | Identity management platform, service server, uniform login system and method |
-
2009
- 2009-11-18 CN CN200910238060.6A patent/CN102065070B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1614903A (en) * | 2003-11-07 | 2005-05-11 | 华为技术有限公司 | Method for authenticating users |
| CN101212510A (en) * | 2006-12-30 | 2008-07-02 | 上海贝尔阿尔卡特股份有限公司 | Method and device for searching for user relevance information in multi-LAN environment in fixed network |
| CN101426009A (en) * | 2007-10-31 | 2009-05-06 | 中国移动通信集团公司 | Identity management platform, service server, uniform login system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102065070B (en) | 2014-09-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109889503B (en) | Identity management method based on block chain, electronic device and storage medium | |
| RU2768197C1 (en) | Method and system of server architecture for combining payments, computer device and data medium | |
| US20060218407A1 (en) | Method of confirming the identity of a person | |
| CN110084048B (en) | Method for implementing bank unified user management | |
| TWI256227B (en) | Device, system and method to manage security credentials in a protected computer network domain | |
| US20090106844A1 (en) | System and method for vulnerability assessment of network based on business model | |
| CN111651738A (en) | Fine-grained role authority unified management method based on front-end and back-end separation framework and electronic device | |
| CN103347019A (en) | Secret-leakage-resisting method based on watermark technology | |
| CN111625803B (en) | End-to-end verification method and system for preventing unauthorized access of telecommunication service | |
| CN106203110B (en) | Android safety enhancing system based on resolving inversely mechanism | |
| CN104866774A (en) | Method and system for managing account authorities | |
| CN111541743B (en) | Method for integrating multiple APIs (application program interfaces) | |
| CN108804940A (en) | A kind of anti-brush method of Web Api interfaces | |
| CN110493008B (en) | Block chain authentication method, device, equipment and medium | |
| CN112785274A (en) | Pass management system for realizing multi-platform interaction | |
| CN102065070B (en) | Method and device for controlling information safety of telecommunications service (TS) | |
| Guermouche et al. | Privacy-aware web service protocol replaceability | |
| CN107124429B (en) | Network service safety protection method and system based on double data table design | |
| CN102467494A (en) | Discrete report processing method and device | |
| KR20000002671A (en) | Monitoring system and method of illegal software use using security system | |
| CN111045841B (en) | Marketing issuing management system based on Api interface | |
| CN116246745A (en) | High-security storage database system based on medical data | |
| CN112183781A (en) | Authentication method and device for elevator maintenance personnel, computer equipment and storage medium | |
| CN115801472B (en) | Authority management method and system based on authentication gateway | |
| KR20040040412A (en) | Management System and method of Social Security number |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |