CN106911632A - A kind of method and system of call capability encapsulation - Google Patents
A kind of method and system of call capability encapsulation Download PDFInfo
- Publication number
- CN106911632A CN106911632A CN201510974871.8A CN201510974871A CN106911632A CN 106911632 A CN106911632 A CN 106911632A CN 201510974871 A CN201510974871 A CN 201510974871A CN 106911632 A CN106911632 A CN 106911632A
- Authority
- CN
- China
- Prior art keywords
- security strategy
- transaction message
- ability
- business
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0601—Electronic shopping [e-shopping]
- G06Q30/0633—Lists, e.g. purchase orders, compilation or processing
- G06Q30/0635—Processing of requisition or of purchase orders
- G06Q30/0637—Approvals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of method of call capability encapsulation, corresponding first security strategy is set according to the address of ability calling platform;According to the risk class of type of service, corresponding second security strategy is set;The transaction message of encryption is sent to ability package system by the ability calling platform successively using second security strategy and first security strategy encryption transaction message;The ability package system is decrypted using first security strategy and second security strategy to the transaction message of the encryption successively, and the transaction message after decryption is sent into business support system;When the business support system determines that the service authority mark encapsulated in the transaction message after the decryption and customer service request meet authority configuration rule, the transaction message is processed.The invention also discloses a kind of system of call capability encapsulation.
Description
Technical field
The present invention relates to communication traffic support field, more particularly to a kind of call capability encapsulation method and be
System.
Background technology
In the mobile Internet epoch, based on a platform, handling capacity is opened, and assembles substantial amounts of developer,
Numerous and complicated various application is provided, so as to set up the situation of all-win;This pattern has been included
The increasing successful case checking such as FaceBook, AppStore, Taobao.
Exactly under the attraction of this successful pattern, telecom operators are also trying to explore telecommunication service ability
It is open.Telecom operators take ability encapsulation means, for affiliate provides short message, positioning, voice, IT
Deng service, it is related to products configuration, marketing recommendation, service order, charging charge, customer service, integration
Etc. the encapsulation of various abilities, each stage of client's Life cycle is extended to.
At present, the provider ability encapsulation towards affiliate has been applied.As having one in existing scheme
Plant safe and reliable ability open platform, including issue auditing system, authorization identifying system and Security Middleware
Server;Wherein, issue auditing system carries out issue examination & verification to third-party application, it is ensured that the ability of being linked into is opened
The third-party application for being laid flat platform is safe and reliable, so as to avoid the leak band due to third-party application itself
Security threat or third-party application to platform turn into the attack back door of whole ability open platform;Authorization identifying
System provides resource and is authorized and authentication management to third-party application access ability open platform, it is ensured that money
The Lawful access in source, such that it is able to avoid the economic loss caused by unauthorized access;Finally, should to third party
With open Security Middleware service is provided, increase the security of third-party application itself, drop to greatest extent
Low development difficulty and development cost, improve the development efficiency of third-party application, so as to improve whole ability
The practicality of open platform, convenience and flexibility.
But, current operator looks into for internet affiliate provides including the inquiry of client's essential information, product
The functions such as inquiry, product subscription, remaining sum authentication, payment, integration managing, appeal of service, the encapsulation of these abilities
It is the service provided on the internet for all affiliates;Due to the qualification of each affiliate, ability and
The difference of level of security, if certain affiliate is broken on the internet, it will cause this cooperation group
The repertoire of companion produces leakage of information or revenue losses using being affected;Further, it is also possible to make
Ability encapsulation use into all affiliates is affected, and causes the safety problem of all affiliates.
So, how to ensure the security in call capability encapsulation process, be problem demanding prompt solution before operator intention.
The content of the invention
In view of this, the embodiment of the present invention is expected to provide a kind of method and system of call capability encapsulation, can protect
Security in card call capability encapsulation process.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
A kind of method of call capability encapsulation is the embodiment of the invention provides, methods described includes:
Corresponding first security strategy is set according to the address of each ability calling platform, according to each type of service
Risk class sets corresponding second security strategy;
The ability calling platform is handed over using second security strategy and first security strategy encryption successively
Easy message, and the transaction message of encryption is sent to ability package system;
The ability package system is successively using first security strategy and second security strategy to described
The transaction message of encryption is decrypted, and the transaction message after decryption is sent into business support system.
In such scheme, the ability calling platform is added using the second security strategy and the first security strategy successively
Close transaction message, including:
The ability calling platform receives customer service request;
With reference to pre-assigned service authority mark and customer service request generation transaction message;
The business risk grade asked according to the customer service and the address of the ability calling platform, successively
The transaction message is encrypted according to second security strategy and the first security strategy.
In such scheme, the ability package system uses the first security strategy and the second security strategy pair successively
The transaction message of the encryption is decrypted, including:
The ability package system uses the first security strategy, and the initiation address according to the transaction message is to institute
Stating transaction message carries out ground floor decryption, extracts business risk grade;
Using the second security strategy, according to the business risk grade to stating the transaction message after ground floor decryption
Carry out second layer decryption.
In such scheme, methods described also includes:In advance different business risk is distributed to different types of service
Grade;
Pre-build the first security strategy;First security strategy is:According to the ability calling platform
Corresponding AES and key are distributed in address, and periodically redistribute at random;
The AES includes:Data encryption standards (DES, Data Encryption Standard), height
Level encryption standard (AES, Advanced Encryption Standard) or public key encryption algorithm (RSA,
Ron Rivest、Adi Shamir、Leonard Adleman);
Pre-build the second security strategy;Second security strategy is:According to the business risk ranking score
With corresponding encryption policy, and periodically redistribute at random;
The encryption policy includes:In plain text, (MD5, the Message Digest of Message Digest 55
Algorithm 5) cipher mode or hash algorithm cipher mode.
In such scheme, methods described also includes:The business support system determines the transaction after the decryption
When the service authority mark and customer service request encapsulated in message meet authority configuration rule, the friendship is processed
Easy message;
The authority configuration rule is:According to affiliate identify, distribution business capability identification and with the industry
The corresponding service authority of business capability identification;
The service authority includes:The inquiry of client's essential information, product inquiry, product subscription, remaining sum mirror
Power, payment, integration managing, appeal of service;
The business support system includes:CRM system (CRM, Customer Relationship
) or business operation support system (BOSS, Business&Operation Support Management
System)。
The embodiment of the present invention additionally provides a kind of system of call capability encapsulation, and the system includes:Ability is adjusted
With platform, ability package system, business support system, wherein,
The ability calling platform, for successively using the second security strategy and the encryption transaction of the first security strategy
Message, and the transaction message of encryption is sent to ability package system;
The ability package system, for being added to described using the first security strategy and the second security strategy successively
Close transaction message is decrypted, and the transaction message after decryption is sent into business support system;
The ability package system, is additionally operable to set corresponding first safety according to the address of ability calling platform
Strategy, according to the risk class of type of service, sets corresponding second security strategy.
In such scheme, the ability calling platform, specifically for:Receive customer service request;
With reference to pre-assigned service authority mark and customer service request generation transaction message;
The risk class asked according to the customer service and the address of itself, successively according to the described second safety
Strategy and the first security strategy are encrypted to the transaction message.
In such scheme, the ability package system, specifically for:
Using the first security strategy, the initiation address according to the transaction message carries out to the transaction message
One layer of decryption, extracts the business risk grade;
Using the second security strategy, according to the business risk grade to stating the transaction message after ground floor decryption
Carry out second layer decryption.
In such scheme, the ability package system, specifically for:
The first security strategy is pre-build, first security strategy is:According to the ability calling platform
Address distribute corresponding AES and key, and periodically redistribute at random;
The AES includes:DES, AES or RSA;
The second security strategy is pre-build, second security strategy is:According to the business risk grade
Corresponding encryption policy is distributed, and is periodically redistributed at random;
The encryption policy includes:In plain text, md5 encryption mode or hash algorithm cipher mode;
In advance different business risk class is distributed to different types of service.
In such scheme, the business support system, for determining to be encapsulated in the transaction message after the decryption
Service authority mark and customer service request whether meet authority configuration rule, if met, process institute
State transaction message;The authority configuration rule is:According to affiliate identify, distribution business capability identification and
With the service authority corresponding service authority of mark;
The service authority includes:The inquiry of client's essential information, product inquiry, product subscription, remaining sum mirror
Power, payment, integration managing, appeal of service;
The business support system includes:CRM or BOSS.
The method and system of the call capability encapsulation that the embodiment of the present invention is provided, according to each ability calling platform
Address corresponding first security strategy is set, set corresponding second according to the risk class of each type of service
Security strategy;The ability calling platform uses second security strategy and first security strategy successively
Encryption transaction message, and the transaction message of encryption is sent to ability package system;The ability package system
The transaction message of the encryption is solved using first security strategy and second security strategy successively
It is close, the transaction message after decryption is sent to business support system;Further, the business support system
Determine that the service authority mark encapsulated in the transaction message after the decryption meets authority and matches somebody with somebody with customer service request
When putting rule, the transaction message is processed.In this way, establishing based on encryption policy, channel management, authority
The layered security encryption handling mechanism of control, it is ensured that the security in call capability encapsulation process, realizes
The safe encryption handling of Internet affiliate puies forward system.
Brief description of the drawings
Fig. 1 is a kind of composition structural representation of the system of call capability encapsulation of the embodiment of the present invention;
Fig. 2 is a kind of schematic flow sheet of the method for call capability encapsulation of the embodiment of the present invention;
Fig. 3 is the schematic flow sheet of embodiment of the present invention ability calling platform call capability encapsulation.
Specific embodiment
In the embodiment of the present invention, corresponding first security strategy is set according to the address of each ability calling platform,
According to the risk class of each type of service, corresponding second security strategy is set;The ability calling platform is successively
Using second security strategy and first security strategy encryption transaction message, and the transaction report that will be encrypted
Text is sent to ability package system;The ability package system is successively using first security strategy and described
Second security strategy is decrypted to the transaction message of the encryption, and the transaction message after decryption is sent into industry
Business support system;Further, the business support system determines to be encapsulated in the transaction message after the decryption
Service authority mark and customer service request when meeting authority configuration rule, process the transaction message.
With reference to embodiment, the present invention is further described in more detail.
The system that the embodiment of the present invention provides call capability encapsulation, as shown in figure 1, including:
Ability calling platform 11, ability package system 12, business support system 13, wherein,
The ability calling platform 11, for being handed over using the second security strategy and the encryption of the first security strategy successively
Easy message, and the transaction message of encryption is sent to ability package system 12;
Specifically, the ability package system 12 presets the first security strategy and the second security strategy is
Transaction message is encrypted;First security strategy can be:According to the address of ability calling platform 11
Distribute corresponding AES and key;The AES includes:DES, AES or RSA;This
In, ability calling platform 11 can be:Affiliate's platform;
Because each affiliate both corresponds to an address for ability calling platform 11, ability calling platform
11 address i.e. the initiation address of the transaction message;Can be according to the initiation address of the transaction message
For each affiliate distributes corresponding first security strategy, in this way, the first security strategy and the transaction report
The initiation address of text is associated;The AES and key of the distribution can regularly update to ensure safety
Property;Here it is possible to distribute AES and key using the initiation address for giving the transaction message at random.Together
When, by the address of the ability calling platform 11 is distributed by for each affiliate, each cooperation group
With corresponding affiliate's mark is assigned again, therefore, it can be looked into by the initiation address of the transaction message
Obtain affiliate's mark.The AES and key of the distribution of ability calling platform 11 can be as shown in table 1, its
Middle xxx.xxx.xxx.xxx represents the address of each ability calling platform 11, and the address can be internet protocol
View (IP, Internet protocl) address;
Affiliate identifies | Initiate address | AES | Key (encrypting storing) |
H1 | xxx.xxx.xxx.xxx | DES | ************* |
H2 | xxx.xxx.xxx.xxx | AES | ************* |
H3 | xxx.xxx.xxx.xxx | RSA | ************* |
… | … | … | … |
Table 1
Second security strategy can be:In advance to different type of service distribution different business risk etc.
Level, matches somebody with somebody correspondence encryption policy, it is possible to periodically redistribute according to business risk ranking score;Here it is possible to
Match somebody with somebody correspondence encryption policy using the business risk ranking score is given at random;In this way, ability calling platform 11 can
Encryption policy is distributed to check in business risk grade according to type of service;According to business risk ranking score with addition of
Close strategy can be made shown in Partner traffic risk level configurations table as table is 2-in-1;In table 2, the encryption policy
Can include:Using plaintext, md5 encryption mode or hash algorithm cipher mode etc., described risk etc.
Level can include:It is senior, intermediate, rudimentary, it would however also be possible to employ more to segment rank.
Table 2
Ability calling platform 11 receives customer service request, first, with reference to pre-assigned with the energy
The corresponding service authority of power calling platform 11 is identified and customer service request, forms transaction message;So
Afterwards, using the second security strategy, according to customer service ask type of service check in corresponding to table 2 in plus
Close strategy, ground floor encryption is carried out to the transaction message;The first security strategy is used again, according to the energy
The address of power calling platform 11 checks in the AES and key corresponding to table 1, to using the first security strategy
Encrypted transaction message carries out second layer encryption;By type of service or business risk grade and can be used
The encrypted transaction message of one security strategy puts together and carries out second layer encryption, in this way, in decrypting process
Risk class can be extracted after being decrypted using the first security strategy, next layer of decryption is carried out.After the completion of encryption,
The transaction message of the encryption is sent to the ability package system 12.Here, the service authority mark
Can include:Telecom operators distribute to the channel mark of channel sales business in operation.
The ability package system 12, for using the first security strategy and the second security strategy successively to institute
The transaction message for stating encryption is decrypted, and the transaction message after decryption is sent into business support system 13;
Here, the ability package system 12 receives the transaction message of the encryption, and obtains transaction message
Initiation address;First, determine the initiation address whether in affiliate's security configuration table;Then,
The first security strategy according to the initiation address search, takes out corresponding AES and key, to handing over
Easy message is decrypted;Transaction message according to decryption extracts business risk grade, and here, risk class can
Be directly decryption transaction message in, it is also possible to according to decryption transaction message in type of service from
Retrieved in second security strategy and got.Risk class according to extracting checks in encryption in the second security strategy
Strategy, is decrypted to transaction message;If successful decryption, the transaction message of decryption is sent to business
Support system 13;If decryption failure, feedback error.Here, the business support system 13 can be with
Including:CRM or BOSS.
The business support system 13, for the operational authority for determining to be encapsulated in the transaction message after the decryption
When limit mark and customer service request meet authority configuration rule, the transaction message is processed;
Here, pre-establish and have permission configuration rule, as shown in table 3, the authority configuration rule can be with
For:According to affiliate identify, distribution business capability identification and with the service authority corresponding business of mark
Authority;Here, the business support system 13 can first determine the service authority in the transaction file
Identify whether to be present in the authority configuration rule, further according to the service authority mark in transaction message and user
Type of service belonging to service request judges whether to meet the service authority of the affiliate for pre-establishing;Such as
The transaction that really this affiliate initiates meets the related authority configuration rule, then call background program, is
User's transacting business or feedback corresponding information;If the transaction that this affiliate initiates is unsatisfactory for the authority
Configuration rule, then feeding back unsuccessful.Here, the business support system 13 can include:CRM or
BOSS。
Table 3
The method of call capability encapsulation provided in an embodiment of the present invention, as shown in figure 1, including:
Step 201:Corresponding first security strategy is set according to the address of each ability calling platform, according to each
The risk class of type of service sets corresponding second security strategy;
Here, the first security strategy and the second security strategy are preset for transaction message is encrypted;It is described
First security strategy can be:Corresponding AES and key are distributed in address according to ability calling platform;
The AES includes:DES, AES or RSA;Here, ability calling platform can be:Cooperation
Partner's platform;
Because each affiliate both corresponds to an address for ability calling platform, the ground of ability calling platform
Location i.e. the initiation address of the transaction message;Can be each according to the initiation address of the transaction message
Affiliate distributes corresponding first security strategy, in this way, the hair of the first security strategy and the transaction message
Playing address is associated;The AES and key of the distribution can regularly update to ensure security;Here,
Can be using the distribution of initiation address AES and key at random to the transaction message.Simultaneously as institute
The address for stating ability calling platform is distributed by for each affiliate, and each affiliate is assigned accordingly again
Affiliate mark, therefore, it can by the initiation address of the transaction message check in affiliate mark
Know.The AES and key of ability calling platform distribution can be such as the affiliate's security configuration table institutes of table 1
Show, wherein, xxx.xxx.xxx.xxx represents the address of each ability calling platform, and the address can be IP ground
Location.
Second security strategy can be:In advance to different type of service distribution different business risk etc.
Level, matches somebody with somebody correspondence encryption policy, it is possible to periodically redistribute according to business risk ranking score;Here it is possible to
Match somebody with somebody correspondence encryption policy using the business risk ranking score is given at random;In this way, ability calling platform can be with root
Business risk grade is checked according to type of service to distribute encryption policy;According to the encryption that business risk ranking score is matched somebody with somebody
Strategy can be made shown in Partner traffic risk level configurations table as table is 2-in-1.In table 2, the encryption policy can
To include:Using plaintext, md5 encryption mode or hash algorithm cipher mode etc., the risk class
Can include:It is senior, intermediate, rudimentary, it would however also be possible to employ more to segment rank;
Step 202:Ability calling platform is successively using the second security strategy and the encryption transaction of the first security strategy
Message, and the transaction message of encryption is sent to ability package system;
Ability calling platform receives customer service request, first, is adjusted with the ability with reference to pre-assigned
Identified with the corresponding service authority of platform and the customer service is asked, form transaction message;Then, use
Second security strategy, checks in corresponding to the encryption policy in table 2 according to the type of service that customer service is asked,
Ground floor encryption is carried out to the transaction message;The first security strategy is used again, is called according to the ability flat
The address of platform checks in the AES and key corresponding to table 1, to using the encrypted friendship of the first security strategy
Easy message carries out second layer encryption;By type of service or business risk grade and the first security strategy can be used
Encrypted transaction message puts together carries out second layer encryption, in this way, pacifying using first in decrypting process
Risk class can be extracted after full strategy decryption, next layer of decryption is carried out.After the completion of encryption, by the encryption
Transaction message be sent to the ability package system.Here, the service authority mark can include:Electricity
Letter operator distributes to the channel mark of channel operator in operation.
Step 203:The ability package system is successively using the first security strategy and the second security strategy to institute
The transaction message for stating encryption is decrypted, and the transaction message after decryption is sent into CRM/BOSS;
Here, the ability encapsulation receives the transaction message of the encryption, and obtains the initiation ground of transaction message
Whether location, first, determine the initiation address in affiliate's security configuration table;Then, according to described
The first security strategy described in address search is initiated, corresponding AES and key is taken out, transaction message is entered
Row decryption;Transaction message according to decryption extracts business risk grade, and here, risk class can be direct
In the transaction message of decryption, it is also possible to according to the type of service in the transaction message of decryption from described second
Retrieval gets in security strategy.Risk class according to extracting checks in encryption policy in the second security strategy, right
Transaction message is decrypted;If successful decryption, the transaction message of decryption is sent to business support system
System;If decryption failure, feedback error.Here, the business support system can include:CRM、
Or BOSS.
Further, the method for call capability encapsulation provided in an embodiment of the present invention, also including step 204:
The business support system determines the service authority mark encapsulated in the transaction message after the decryption and user's industry
When business request meets authority configuration rule, the transaction message is processed;
Here, pre-establish and have permission configuration rule, as shown in table 3, the authority configuration rule can be with
For:According to affiliate identify, distribution business capability identification and with the service authority corresponding business of mark
Authority;Here it is possible to determine that the service authority in the transaction file identifies whether to be present in the power first
Limit configuration rule, further according to the service authority mark in transaction message and the service class belonging to customer service request
Type judges whether to meet the service authority of the affiliate for pre-establishing;What if this affiliate initiated
Transaction meets the related authority configuration rule, then call background program, is user's transacting business or feedback phase
Answer information;If the transaction that this affiliate initiates is unsatisfactory for the authority configuration rule, feedback is lost
Lose.Here, the business support system can include:CRM or BOSS.
The good effect that the present invention is produced is described in further detail with reference to specific example.
As shown in figure 3, the example illustrates energy so that user is in ability calling platform initiation transaction request as an example
Power encapsulates the idiographic flow of safe encryption method.
Step 301, user is initiated to ask in certain ability calling platform, and address is initiated in carrying in initiating request
Information;Here, the ability calling platform can be affiliate's platform;
Step 302, ability calling platform is asked according to customer transaction, is input into the service authority mark shape of distribution
Into transaction message, message is encrypted according to the AES, key appointed, issues ability encapsulation system
System;Here, the service authority mark can include:Telecom operators distribute to channel operation in operation
The channel mark of business.
Step 303, after ability package system receives transaction message, examines in affiliate's security configuration table first
Rope is with the presence or absence of the initiation address in the transaction message.If not retrieving this address, directly terminate;
If retrieving this address, flow is continued executing with;
Step 304, after ability package system retrieves address, extracts the corresponding AES of this address and close
Key, is decrypted to message.If decryption failure, directly terminates;If successful decryption, flow after
It is continuous to perform;
Step 305, ability package system identifies and initiates trading function retrieval affiliate according to affiliate
Business risk grade allocation list, takes out risk class and encryption policy, and message is decrypted.If decryption
Failure, then directly terminate;If successful decryption, flow is continued executing with;
Wherein, it is configured with affiliate's mark-risk class-friendship in affiliate's business risk grade allocation list
Relation between easy function-encryption policy etc., and according to the different risk class of the difference of trading function correspondence
And encryption policy;
Step 306, after ability package system is to message successful decryption, business is synchronized to by the message after decryption
Support system;Here, the business support system can include:CRM or BOSS.
Step 307, after business support system receives the transaction message of decryption, first according in transaction message
Service authority mark is in service authority and function privilege configuration table search.If not retrieving this service authority
Mark, then directly terminate;If retrieving this mark, flow is continued executing with;
Step 308, after business support system retrieves service authority mark, extracts this corresponding function of mark
Permissions list, judges whether this transaction meets authority.If not meeting authority, directly terminate;If symbol
Authority is closed, then flow is continued executing with;
Step 309, business support system calls background program, is that user accepts business;
Step 310, terminates flow.
The above, good embodiment only of the invention is not intended to limit protection model of the invention
Enclose, all any modification, equivalent and improvement made within the spirit and principles in the present invention etc. all should
It is included within protection scope of the present invention.
Claims (10)
1. a kind of method that call capability is encapsulated, it is characterised in that set according to the address of ability calling platform
Corresponding first security strategy is put, according to the risk class of type of service, corresponding second security strategy is set;
Methods described also includes:
The ability calling platform is handed over using second security strategy and first security strategy encryption successively
Easy message, and the transaction message of encryption is sent to ability package system;
The ability package system is successively using first security strategy and second security strategy to described
The transaction message of encryption is decrypted, and the transaction message after decryption is sent into business support system.
2. method according to claim 1, it is characterised in that the ability calling platform is adopted successively
Transaction message is encrypted with the second security strategy and the first security strategy, including:
The ability calling platform receives customer service request;
With reference to pre-assigned service authority mark and customer service request generation transaction message;
The business risk grade asked according to the customer service and the address of the ability calling platform, successively
The transaction message is encrypted according to second security strategy and the first security strategy.
3. method according to claim 1, it is characterised in that the ability package system is adopted successively
The transaction message of the encryption is decrypted with the first security strategy and the second security strategy, including:
The ability package system uses the first security strategy, and the initiation address according to the transaction message is to institute
Stating transaction message carries out ground floor decryption, extracts business risk grade;
Using the second security strategy, according to the business risk grade to stating the transaction message after ground floor decryption
Carry out second layer decryption.
4. the method according to any one of claims 1 to 3, it is characterised in that described to be adjusted according to ability
Corresponding first security strategy is set with the address of platform, sets corresponding according to the risk class of type of service
Second security strategy;Including:
In advance different business risk class is distributed to different types of service;
Pre-build the first security strategy;First security strategy is:According to the ability calling platform
Corresponding AES and key are distributed in address, and periodically redistribute at random;
The AES includes:DES Cipher, Advanced Encryption Standard AES or public key encryption
Algorithm RSA;
Pre-build the second security strategy;Second security strategy is:According to the business risk ranking score
With corresponding encryption policy, and periodically redistribute at random;
The encryption policy includes:In plain text, Message Digest 5 5MD5 cipher modes or hash algorithm add
Close mode.
5. the method according to any one of claims 1 to 3, it is characterised in that methods described is also wrapped
Include:The business support system determines the service authority mark encapsulated in the transaction message after the decryption and uses
When family service request meets authority configuration rule, the transaction message is processed;
The authority configuration rule is:According to affiliate identify, distribution business capability identification and with the industry
The corresponding service authority of business capability identification;
The service authority includes:The inquiry of client's essential information, product inquiry, product subscription, remaining sum mirror
Power, payment, integration managing, appeal of service;
The business support system includes:CRM system CRM or business operation support system
BOSS。
6. the system that a kind of call capability is encapsulated, it is characterised in that the system includes:Ability is called flat
Platform, ability package system, business support system, wherein,
The ability calling platform, for successively using the second security strategy and the encryption transaction of the first security strategy
Message, and the transaction message of encryption is sent to ability package system;
The ability package system, for being added to described using the first security strategy and the second security strategy successively
Close transaction message is decrypted, and the transaction message after decryption is sent into business support system;
The ability package system, is additionally operable to set corresponding first safety according to the address of ability calling platform
Strategy, according to the risk class of type of service, sets corresponding second security strategy.
7. system according to claim 6, it is characterised in that the ability calling platform, specifically
For:Receive customer service request;
With reference to pre-assigned service authority mark and customer service request generation transaction message;
The risk class asked according to the customer service and the address of itself, successively according to the described second safety
Strategy and the first security strategy are encrypted to the transaction message.
8. system according to claim 6, it is characterised in that the ability package system,
Specifically for:
Using the first security strategy, the initiation address according to the transaction message carries out to the transaction message
One layer of decryption, extracts the business risk grade;
Using the second security strategy, according to the business risk grade to stating the transaction message after ground floor decryption
Carry out second layer decryption.
9. the system according to any one of claim 6 or 8, it is characterised in that the ability envelope
Dress system, specifically for:
The first security strategy is pre-build, first security strategy is:According to the ability calling platform
Address distribute corresponding AES and key, and periodically redistribute at random;
The AES includes:DES, AES or RSA;
The second security strategy is pre-build, second security strategy is:According to the business risk grade
Corresponding encryption policy is distributed, and is periodically redistributed at random;
The encryption policy includes:In plain text, md5 encryption mode or hash algorithm cipher mode;
In advance different business risk class is distributed to different types of service.
10. the system according to any one of claim 6 to 8, it is characterised in that
The business support system, for the service authority mark for determining to be encapsulated in the transaction message after the decryption
When knowledge and customer service request meet authority configuration rule, the transaction message is processed;The authority configuration rule
It is then:According to affiliate identify, distribution business capability identification and with the service authority corresponding industry of mark
Business authority;
The service authority includes:The inquiry of client's essential information, product inquiry, product subscription, remaining sum mirror
Power, payment, integration managing, appeal of service;
The business support system includes:CRM or BOSS.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510974871.8A CN106911632B (en) | 2015-12-22 | 2015-12-22 | Method and system for packaging calling capability |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510974871.8A CN106911632B (en) | 2015-12-22 | 2015-12-22 | Method and system for packaging calling capability |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106911632A true CN106911632A (en) | 2017-06-30 |
CN106911632B CN106911632B (en) | 2019-12-13 |
Family
ID=59200283
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510974871.8A Active CN106911632B (en) | 2015-12-22 | 2015-12-22 | Method and system for packaging calling capability |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106911632B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110059110A (en) * | 2019-04-12 | 2019-07-26 | 北京百度网讯科技有限公司 | Business datum security processing, device, computer equipment and storage medium |
CN110417778A (en) * | 2019-07-30 | 2019-11-05 | 中国工商银行股份有限公司 | The treating method and apparatus of access request |
CN114221814A (en) * | 2021-12-16 | 2022-03-22 | 上海市共进通信技术有限公司 | System, method, device, processor and computer readable storage medium for realizing terminal equipment safe opening of special service |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102413464A (en) * | 2011-11-24 | 2012-04-11 | 杭州东信北邮信息技术有限公司 | GBA (General Bootstrapping Architecture)-based secret key negotiation system and method of telecommunication capability open platform |
CN102573112A (en) * | 2010-12-07 | 2012-07-11 | 中国电信股份有限公司 | Telecommunication network capability opening method, system and alliance support platform |
CN104268716A (en) * | 2014-10-14 | 2015-01-07 | 青岛海尔软件有限公司 | Electronic commerce information processing method, electronic commerce server and electronic invoice server |
CN104468126A (en) * | 2014-12-26 | 2015-03-25 | 北京深思数盾科技有限公司 | Safety communication system and method |
CN104484620A (en) * | 2014-12-26 | 2015-04-01 | 厦门雅迅网络股份有限公司 | Method for avoiding false declaration of sales volume and inventory in fast-selling sales management cloud system |
-
2015
- 2015-12-22 CN CN201510974871.8A patent/CN106911632B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102573112A (en) * | 2010-12-07 | 2012-07-11 | 中国电信股份有限公司 | Telecommunication network capability opening method, system and alliance support platform |
CN102413464A (en) * | 2011-11-24 | 2012-04-11 | 杭州东信北邮信息技术有限公司 | GBA (General Bootstrapping Architecture)-based secret key negotiation system and method of telecommunication capability open platform |
CN104268716A (en) * | 2014-10-14 | 2015-01-07 | 青岛海尔软件有限公司 | Electronic commerce information processing method, electronic commerce server and electronic invoice server |
CN104468126A (en) * | 2014-12-26 | 2015-03-25 | 北京深思数盾科技有限公司 | Safety communication system and method |
CN104484620A (en) * | 2014-12-26 | 2015-04-01 | 厦门雅迅网络股份有限公司 | Method for avoiding false declaration of sales volume and inventory in fast-selling sales management cloud system |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110059110A (en) * | 2019-04-12 | 2019-07-26 | 北京百度网讯科技有限公司 | Business datum security processing, device, computer equipment and storage medium |
CN110059110B (en) * | 2019-04-12 | 2021-05-28 | 北京百度网讯科技有限公司 | Business data security processing method and device, computer equipment and storage medium |
CN110417778A (en) * | 2019-07-30 | 2019-11-05 | 中国工商银行股份有限公司 | The treating method and apparatus of access request |
CN110417778B (en) * | 2019-07-30 | 2022-02-11 | 中国工商银行股份有限公司 | Access request processing method and device |
CN114221814A (en) * | 2021-12-16 | 2022-03-22 | 上海市共进通信技术有限公司 | System, method, device, processor and computer readable storage medium for realizing terminal equipment safe opening of special service |
CN114221814B (en) * | 2021-12-16 | 2023-10-27 | 上海市共进通信技术有限公司 | System, method, device, processor and computer readable storage medium for realizing terminal equipment safety starting special service |
Also Published As
Publication number | Publication date |
---|---|
CN106911632B (en) | 2019-12-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109858262B (en) | Process approval method, device and system based on block chain system and storage medium | |
CN108513704B (en) | Remote distribution method and system of terminal master key | |
CN103595718B (en) | A kind of POS terminal Activiation method, system, service platform and POS terminal | |
CN106973036B (en) | Block chain privacy protection method based on asymmetric encryption | |
CN101641976B (en) | An authentication method | |
US8184811B1 (en) | Mobile telephony content protection | |
CN103186850B (en) | For obtaining the method for evidence for payment, equipment and system | |
CN108880995B (en) | Block chain-based unfamiliar social network user information and message pushing encryption method | |
CN101771699A (en) | Method and system for improving SaaS application security | |
CN104935758A (en) | Calling method, calling device and system | |
CN101350718B (en) | Method for protecting play content authority range base on user identification module | |
CN105812332A (en) | Data protection method | |
CN103812651B (en) | Method of password authentication, apparatus and system | |
CN104393993A (en) | A security chip for electricity selling terminal and the realizing method | |
CN109379345B (en) | Sensitive information transmission method and system | |
CN103198261A (en) | Method and system for protecting file content security | |
CN102594568A (en) | Method for ensuring safety of mobile equipment software mirror image based on multilevel digital certificate | |
CN101841814B (en) | Terminal authentication method and system | |
CN104125230A (en) | Short message authentication service system and authentication method | |
CN106911632A (en) | A kind of method and system of call capability encapsulation | |
CN105119716A (en) | Secret key negotiation method based on SD cards | |
CN107566413A (en) | A kind of intelligent card security authentication method and system based on data SMS technology | |
CN110337100B (en) | Block chain-based method, terminal and system for adding one-number multi-card service auxiliary card | |
CN106779662A (en) | The processing method and financial terminal of a kind of financial business | |
CN110401531B (en) | Cooperative signature and decryption system based on SM9 algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |