CN106911632A - A kind of method and system of call capability encapsulation - Google Patents

A kind of method and system of call capability encapsulation Download PDF

Info

Publication number
CN106911632A
CN106911632A CN201510974871.8A CN201510974871A CN106911632A CN 106911632 A CN106911632 A CN 106911632A CN 201510974871 A CN201510974871 A CN 201510974871A CN 106911632 A CN106911632 A CN 106911632A
Authority
CN
China
Prior art keywords
security strategy
transaction message
ability
business
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510974871.8A
Other languages
Chinese (zh)
Other versions
CN106911632B (en
Inventor
赵培文
刘洋
全晓磊
董绍华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Liaoning Co Ltd
Original Assignee
China Mobile Group Liaoning Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Liaoning Co Ltd filed Critical China Mobile Group Liaoning Co Ltd
Priority to CN201510974871.8A priority Critical patent/CN106911632B/en
Publication of CN106911632A publication Critical patent/CN106911632A/en
Application granted granted Critical
Publication of CN106911632B publication Critical patent/CN106911632B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0633Lists, e.g. purchase orders, compilation or processing
    • G06Q30/0635Processing of requisition or of purchase orders
    • G06Q30/0637Approvals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of method of call capability encapsulation, corresponding first security strategy is set according to the address of ability calling platform;According to the risk class of type of service, corresponding second security strategy is set;The transaction message of encryption is sent to ability package system by the ability calling platform successively using second security strategy and first security strategy encryption transaction message;The ability package system is decrypted using first security strategy and second security strategy to the transaction message of the encryption successively, and the transaction message after decryption is sent into business support system;When the business support system determines that the service authority mark encapsulated in the transaction message after the decryption and customer service request meet authority configuration rule, the transaction message is processed.The invention also discloses a kind of system of call capability encapsulation.

Description

A kind of method and system of call capability encapsulation
Technical field
The present invention relates to communication traffic support field, more particularly to a kind of call capability encapsulation method and be System.
Background technology
In the mobile Internet epoch, based on a platform, handling capacity is opened, and assembles substantial amounts of developer, Numerous and complicated various application is provided, so as to set up the situation of all-win;This pattern has been included The increasing successful case checking such as FaceBook, AppStore, Taobao.
Exactly under the attraction of this successful pattern, telecom operators are also trying to explore telecommunication service ability It is open.Telecom operators take ability encapsulation means, for affiliate provides short message, positioning, voice, IT Deng service, it is related to products configuration, marketing recommendation, service order, charging charge, customer service, integration Etc. the encapsulation of various abilities, each stage of client's Life cycle is extended to.
At present, the provider ability encapsulation towards affiliate has been applied.As having one in existing scheme Plant safe and reliable ability open platform, including issue auditing system, authorization identifying system and Security Middleware Server;Wherein, issue auditing system carries out issue examination & verification to third-party application, it is ensured that the ability of being linked into is opened The third-party application for being laid flat platform is safe and reliable, so as to avoid the leak band due to third-party application itself Security threat or third-party application to platform turn into the attack back door of whole ability open platform;Authorization identifying System provides resource and is authorized and authentication management to third-party application access ability open platform, it is ensured that money The Lawful access in source, such that it is able to avoid the economic loss caused by unauthorized access;Finally, should to third party With open Security Middleware service is provided, increase the security of third-party application itself, drop to greatest extent Low development difficulty and development cost, improve the development efficiency of third-party application, so as to improve whole ability The practicality of open platform, convenience and flexibility.
But, current operator looks into for internet affiliate provides including the inquiry of client's essential information, product The functions such as inquiry, product subscription, remaining sum authentication, payment, integration managing, appeal of service, the encapsulation of these abilities It is the service provided on the internet for all affiliates;Due to the qualification of each affiliate, ability and The difference of level of security, if certain affiliate is broken on the internet, it will cause this cooperation group The repertoire of companion produces leakage of information or revenue losses using being affected;Further, it is also possible to make Ability encapsulation use into all affiliates is affected, and causes the safety problem of all affiliates. So, how to ensure the security in call capability encapsulation process, be problem demanding prompt solution before operator intention.
The content of the invention
In view of this, the embodiment of the present invention is expected to provide a kind of method and system of call capability encapsulation, can protect Security in card call capability encapsulation process.
To reach above-mentioned purpose, the technical proposal of the invention is realized in this way:
A kind of method of call capability encapsulation is the embodiment of the invention provides, methods described includes:
Corresponding first security strategy is set according to the address of each ability calling platform, according to each type of service Risk class sets corresponding second security strategy;
The ability calling platform is handed over using second security strategy and first security strategy encryption successively Easy message, and the transaction message of encryption is sent to ability package system;
The ability package system is successively using first security strategy and second security strategy to described The transaction message of encryption is decrypted, and the transaction message after decryption is sent into business support system.
In such scheme, the ability calling platform is added using the second security strategy and the first security strategy successively Close transaction message, including:
The ability calling platform receives customer service request;
With reference to pre-assigned service authority mark and customer service request generation transaction message;
The business risk grade asked according to the customer service and the address of the ability calling platform, successively The transaction message is encrypted according to second security strategy and the first security strategy.
In such scheme, the ability package system uses the first security strategy and the second security strategy pair successively The transaction message of the encryption is decrypted, including:
The ability package system uses the first security strategy, and the initiation address according to the transaction message is to institute Stating transaction message carries out ground floor decryption, extracts business risk grade;
Using the second security strategy, according to the business risk grade to stating the transaction message after ground floor decryption Carry out second layer decryption.
In such scheme, methods described also includes:In advance different business risk is distributed to different types of service Grade;
Pre-build the first security strategy;First security strategy is:According to the ability calling platform Corresponding AES and key are distributed in address, and periodically redistribute at random;
The AES includes:Data encryption standards (DES, Data Encryption Standard), height Level encryption standard (AES, Advanced Encryption Standard) or public key encryption algorithm (RSA, Ron Rivest、Adi Shamir、Leonard Adleman);
Pre-build the second security strategy;Second security strategy is:According to the business risk ranking score With corresponding encryption policy, and periodically redistribute at random;
The encryption policy includes:In plain text, (MD5, the Message Digest of Message Digest 55 Algorithm 5) cipher mode or hash algorithm cipher mode.
In such scheme, methods described also includes:The business support system determines the transaction after the decryption When the service authority mark and customer service request encapsulated in message meet authority configuration rule, the friendship is processed Easy message;
The authority configuration rule is:According to affiliate identify, distribution business capability identification and with the industry The corresponding service authority of business capability identification;
The service authority includes:The inquiry of client's essential information, product inquiry, product subscription, remaining sum mirror Power, payment, integration managing, appeal of service;
The business support system includes:CRM system (CRM, Customer Relationship ) or business operation support system (BOSS, Business&Operation Support Management System)。
The embodiment of the present invention additionally provides a kind of system of call capability encapsulation, and the system includes:Ability is adjusted With platform, ability package system, business support system, wherein,
The ability calling platform, for successively using the second security strategy and the encryption transaction of the first security strategy Message, and the transaction message of encryption is sent to ability package system;
The ability package system, for being added to described using the first security strategy and the second security strategy successively Close transaction message is decrypted, and the transaction message after decryption is sent into business support system;
The ability package system, is additionally operable to set corresponding first safety according to the address of ability calling platform Strategy, according to the risk class of type of service, sets corresponding second security strategy.
In such scheme, the ability calling platform, specifically for:Receive customer service request;
With reference to pre-assigned service authority mark and customer service request generation transaction message;
The risk class asked according to the customer service and the address of itself, successively according to the described second safety Strategy and the first security strategy are encrypted to the transaction message.
In such scheme, the ability package system, specifically for:
Using the first security strategy, the initiation address according to the transaction message carries out to the transaction message One layer of decryption, extracts the business risk grade;
Using the second security strategy, according to the business risk grade to stating the transaction message after ground floor decryption Carry out second layer decryption.
In such scheme, the ability package system, specifically for:
The first security strategy is pre-build, first security strategy is:According to the ability calling platform Address distribute corresponding AES and key, and periodically redistribute at random;
The AES includes:DES, AES or RSA;
The second security strategy is pre-build, second security strategy is:According to the business risk grade Corresponding encryption policy is distributed, and is periodically redistributed at random;
The encryption policy includes:In plain text, md5 encryption mode or hash algorithm cipher mode;
In advance different business risk class is distributed to different types of service.
In such scheme, the business support system, for determining to be encapsulated in the transaction message after the decryption Service authority mark and customer service request whether meet authority configuration rule, if met, process institute State transaction message;The authority configuration rule is:According to affiliate identify, distribution business capability identification and With the service authority corresponding service authority of mark;
The service authority includes:The inquiry of client's essential information, product inquiry, product subscription, remaining sum mirror Power, payment, integration managing, appeal of service;
The business support system includes:CRM or BOSS.
The method and system of the call capability encapsulation that the embodiment of the present invention is provided, according to each ability calling platform Address corresponding first security strategy is set, set corresponding second according to the risk class of each type of service Security strategy;The ability calling platform uses second security strategy and first security strategy successively Encryption transaction message, and the transaction message of encryption is sent to ability package system;The ability package system The transaction message of the encryption is solved using first security strategy and second security strategy successively It is close, the transaction message after decryption is sent to business support system;Further, the business support system Determine that the service authority mark encapsulated in the transaction message after the decryption meets authority and matches somebody with somebody with customer service request When putting rule, the transaction message is processed.In this way, establishing based on encryption policy, channel management, authority The layered security encryption handling mechanism of control, it is ensured that the security in call capability encapsulation process, realizes The safe encryption handling of Internet affiliate puies forward system.
Brief description of the drawings
Fig. 1 is a kind of composition structural representation of the system of call capability encapsulation of the embodiment of the present invention;
Fig. 2 is a kind of schematic flow sheet of the method for call capability encapsulation of the embodiment of the present invention;
Fig. 3 is the schematic flow sheet of embodiment of the present invention ability calling platform call capability encapsulation.
Specific embodiment
In the embodiment of the present invention, corresponding first security strategy is set according to the address of each ability calling platform, According to the risk class of each type of service, corresponding second security strategy is set;The ability calling platform is successively Using second security strategy and first security strategy encryption transaction message, and the transaction report that will be encrypted Text is sent to ability package system;The ability package system is successively using first security strategy and described Second security strategy is decrypted to the transaction message of the encryption, and the transaction message after decryption is sent into industry Business support system;Further, the business support system determines to be encapsulated in the transaction message after the decryption Service authority mark and customer service request when meeting authority configuration rule, process the transaction message.
With reference to embodiment, the present invention is further described in more detail.
The system that the embodiment of the present invention provides call capability encapsulation, as shown in figure 1, including:
Ability calling platform 11, ability package system 12, business support system 13, wherein,
The ability calling platform 11, for being handed over using the second security strategy and the encryption of the first security strategy successively Easy message, and the transaction message of encryption is sent to ability package system 12;
Specifically, the ability package system 12 presets the first security strategy and the second security strategy is Transaction message is encrypted;First security strategy can be:According to the address of ability calling platform 11 Distribute corresponding AES and key;The AES includes:DES, AES or RSA;This In, ability calling platform 11 can be:Affiliate's platform;
Because each affiliate both corresponds to an address for ability calling platform 11, ability calling platform 11 address i.e. the initiation address of the transaction message;Can be according to the initiation address of the transaction message For each affiliate distributes corresponding first security strategy, in this way, the first security strategy and the transaction report The initiation address of text is associated;The AES and key of the distribution can regularly update to ensure safety Property;Here it is possible to distribute AES and key using the initiation address for giving the transaction message at random.Together When, by the address of the ability calling platform 11 is distributed by for each affiliate, each cooperation group With corresponding affiliate's mark is assigned again, therefore, it can be looked into by the initiation address of the transaction message Obtain affiliate's mark.The AES and key of the distribution of ability calling platform 11 can be as shown in table 1, its Middle xxx.xxx.xxx.xxx represents the address of each ability calling platform 11, and the address can be internet protocol View (IP, Internet protocl) address;
Affiliate identifies Initiate address AES Key (encrypting storing)
H1 xxx.xxx.xxx.xxx DES *************
H2 xxx.xxx.xxx.xxx AES *************
H3 xxx.xxx.xxx.xxx RSA *************
Table 1
Second security strategy can be:In advance to different type of service distribution different business risk etc. Level, matches somebody with somebody correspondence encryption policy, it is possible to periodically redistribute according to business risk ranking score;Here it is possible to Match somebody with somebody correspondence encryption policy using the business risk ranking score is given at random;In this way, ability calling platform 11 can Encryption policy is distributed to check in business risk grade according to type of service;According to business risk ranking score with addition of Close strategy can be made shown in Partner traffic risk level configurations table as table is 2-in-1;In table 2, the encryption policy Can include:Using plaintext, md5 encryption mode or hash algorithm cipher mode etc., described risk etc. Level can include:It is senior, intermediate, rudimentary, it would however also be possible to employ more to segment rank.
Table 2
Ability calling platform 11 receives customer service request, first, with reference to pre-assigned with the energy The corresponding service authority of power calling platform 11 is identified and customer service request, forms transaction message;So Afterwards, using the second security strategy, according to customer service ask type of service check in corresponding to table 2 in plus Close strategy, ground floor encryption is carried out to the transaction message;The first security strategy is used again, according to the energy The address of power calling platform 11 checks in the AES and key corresponding to table 1, to using the first security strategy Encrypted transaction message carries out second layer encryption;By type of service or business risk grade and can be used The encrypted transaction message of one security strategy puts together and carries out second layer encryption, in this way, in decrypting process Risk class can be extracted after being decrypted using the first security strategy, next layer of decryption is carried out.After the completion of encryption, The transaction message of the encryption is sent to the ability package system 12.Here, the service authority mark Can include:Telecom operators distribute to the channel mark of channel sales business in operation.
The ability package system 12, for using the first security strategy and the second security strategy successively to institute The transaction message for stating encryption is decrypted, and the transaction message after decryption is sent into business support system 13;
Here, the ability package system 12 receives the transaction message of the encryption, and obtains transaction message Initiation address;First, determine the initiation address whether in affiliate's security configuration table;Then, The first security strategy according to the initiation address search, takes out corresponding AES and key, to handing over Easy message is decrypted;Transaction message according to decryption extracts business risk grade, and here, risk class can Be directly decryption transaction message in, it is also possible to according to decryption transaction message in type of service from Retrieved in second security strategy and got.Risk class according to extracting checks in encryption in the second security strategy Strategy, is decrypted to transaction message;If successful decryption, the transaction message of decryption is sent to business Support system 13;If decryption failure, feedback error.Here, the business support system 13 can be with Including:CRM or BOSS.
The business support system 13, for the operational authority for determining to be encapsulated in the transaction message after the decryption When limit mark and customer service request meet authority configuration rule, the transaction message is processed;
Here, pre-establish and have permission configuration rule, as shown in table 3, the authority configuration rule can be with For:According to affiliate identify, distribution business capability identification and with the service authority corresponding business of mark Authority;Here, the business support system 13 can first determine the service authority in the transaction file Identify whether to be present in the authority configuration rule, further according to the service authority mark in transaction message and user Type of service belonging to service request judges whether to meet the service authority of the affiliate for pre-establishing;Such as The transaction that really this affiliate initiates meets the related authority configuration rule, then call background program, is User's transacting business or feedback corresponding information;If the transaction that this affiliate initiates is unsatisfactory for the authority Configuration rule, then feeding back unsuccessful.Here, the business support system 13 can include:CRM or BOSS。
Table 3
The method of call capability encapsulation provided in an embodiment of the present invention, as shown in figure 1, including:
Step 201:Corresponding first security strategy is set according to the address of each ability calling platform, according to each The risk class of type of service sets corresponding second security strategy;
Here, the first security strategy and the second security strategy are preset for transaction message is encrypted;It is described First security strategy can be:Corresponding AES and key are distributed in address according to ability calling platform; The AES includes:DES, AES or RSA;Here, ability calling platform can be:Cooperation Partner's platform;
Because each affiliate both corresponds to an address for ability calling platform, the ground of ability calling platform Location i.e. the initiation address of the transaction message;Can be each according to the initiation address of the transaction message Affiliate distributes corresponding first security strategy, in this way, the hair of the first security strategy and the transaction message Playing address is associated;The AES and key of the distribution can regularly update to ensure security;Here, Can be using the distribution of initiation address AES and key at random to the transaction message.Simultaneously as institute The address for stating ability calling platform is distributed by for each affiliate, and each affiliate is assigned accordingly again Affiliate mark, therefore, it can by the initiation address of the transaction message check in affiliate mark Know.The AES and key of ability calling platform distribution can be such as the affiliate's security configuration table institutes of table 1 Show, wherein, xxx.xxx.xxx.xxx represents the address of each ability calling platform, and the address can be IP ground Location.
Second security strategy can be:In advance to different type of service distribution different business risk etc. Level, matches somebody with somebody correspondence encryption policy, it is possible to periodically redistribute according to business risk ranking score;Here it is possible to Match somebody with somebody correspondence encryption policy using the business risk ranking score is given at random;In this way, ability calling platform can be with root Business risk grade is checked according to type of service to distribute encryption policy;According to the encryption that business risk ranking score is matched somebody with somebody Strategy can be made shown in Partner traffic risk level configurations table as table is 2-in-1.In table 2, the encryption policy can To include:Using plaintext, md5 encryption mode or hash algorithm cipher mode etc., the risk class Can include:It is senior, intermediate, rudimentary, it would however also be possible to employ more to segment rank;
Step 202:Ability calling platform is successively using the second security strategy and the encryption transaction of the first security strategy Message, and the transaction message of encryption is sent to ability package system;
Ability calling platform receives customer service request, first, is adjusted with the ability with reference to pre-assigned Identified with the corresponding service authority of platform and the customer service is asked, form transaction message;Then, use Second security strategy, checks in corresponding to the encryption policy in table 2 according to the type of service that customer service is asked, Ground floor encryption is carried out to the transaction message;The first security strategy is used again, is called according to the ability flat The address of platform checks in the AES and key corresponding to table 1, to using the encrypted friendship of the first security strategy Easy message carries out second layer encryption;By type of service or business risk grade and the first security strategy can be used Encrypted transaction message puts together carries out second layer encryption, in this way, pacifying using first in decrypting process Risk class can be extracted after full strategy decryption, next layer of decryption is carried out.After the completion of encryption, by the encryption Transaction message be sent to the ability package system.Here, the service authority mark can include:Electricity Letter operator distributes to the channel mark of channel operator in operation.
Step 203:The ability package system is successively using the first security strategy and the second security strategy to institute The transaction message for stating encryption is decrypted, and the transaction message after decryption is sent into CRM/BOSS;
Here, the ability encapsulation receives the transaction message of the encryption, and obtains the initiation ground of transaction message Whether location, first, determine the initiation address in affiliate's security configuration table;Then, according to described The first security strategy described in address search is initiated, corresponding AES and key is taken out, transaction message is entered Row decryption;Transaction message according to decryption extracts business risk grade, and here, risk class can be direct In the transaction message of decryption, it is also possible to according to the type of service in the transaction message of decryption from described second Retrieval gets in security strategy.Risk class according to extracting checks in encryption policy in the second security strategy, right Transaction message is decrypted;If successful decryption, the transaction message of decryption is sent to business support system System;If decryption failure, feedback error.Here, the business support system can include:CRM、 Or BOSS.
Further, the method for call capability encapsulation provided in an embodiment of the present invention, also including step 204: The business support system determines the service authority mark encapsulated in the transaction message after the decryption and user's industry When business request meets authority configuration rule, the transaction message is processed;
Here, pre-establish and have permission configuration rule, as shown in table 3, the authority configuration rule can be with For:According to affiliate identify, distribution business capability identification and with the service authority corresponding business of mark Authority;Here it is possible to determine that the service authority in the transaction file identifies whether to be present in the power first Limit configuration rule, further according to the service authority mark in transaction message and the service class belonging to customer service request Type judges whether to meet the service authority of the affiliate for pre-establishing;What if this affiliate initiated Transaction meets the related authority configuration rule, then call background program, is user's transacting business or feedback phase Answer information;If the transaction that this affiliate initiates is unsatisfactory for the authority configuration rule, feedback is lost Lose.Here, the business support system can include:CRM or BOSS.
The good effect that the present invention is produced is described in further detail with reference to specific example.
As shown in figure 3, the example illustrates energy so that user is in ability calling platform initiation transaction request as an example Power encapsulates the idiographic flow of safe encryption method.
Step 301, user is initiated to ask in certain ability calling platform, and address is initiated in carrying in initiating request Information;Here, the ability calling platform can be affiliate's platform;
Step 302, ability calling platform is asked according to customer transaction, is input into the service authority mark shape of distribution Into transaction message, message is encrypted according to the AES, key appointed, issues ability encapsulation system System;Here, the service authority mark can include:Telecom operators distribute to channel operation in operation The channel mark of business.
Step 303, after ability package system receives transaction message, examines in affiliate's security configuration table first Rope is with the presence or absence of the initiation address in the transaction message.If not retrieving this address, directly terminate; If retrieving this address, flow is continued executing with;
Step 304, after ability package system retrieves address, extracts the corresponding AES of this address and close Key, is decrypted to message.If decryption failure, directly terminates;If successful decryption, flow after It is continuous to perform;
Step 305, ability package system identifies and initiates trading function retrieval affiliate according to affiliate Business risk grade allocation list, takes out risk class and encryption policy, and message is decrypted.If decryption Failure, then directly terminate;If successful decryption, flow is continued executing with;
Wherein, it is configured with affiliate's mark-risk class-friendship in affiliate's business risk grade allocation list Relation between easy function-encryption policy etc., and according to the different risk class of the difference of trading function correspondence And encryption policy;
Step 306, after ability package system is to message successful decryption, business is synchronized to by the message after decryption Support system;Here, the business support system can include:CRM or BOSS.
Step 307, after business support system receives the transaction message of decryption, first according in transaction message Service authority mark is in service authority and function privilege configuration table search.If not retrieving this service authority Mark, then directly terminate;If retrieving this mark, flow is continued executing with;
Step 308, after business support system retrieves service authority mark, extracts this corresponding function of mark Permissions list, judges whether this transaction meets authority.If not meeting authority, directly terminate;If symbol Authority is closed, then flow is continued executing with;
Step 309, business support system calls background program, is that user accepts business;
Step 310, terminates flow.
The above, good embodiment only of the invention is not intended to limit protection model of the invention Enclose, all any modification, equivalent and improvement made within the spirit and principles in the present invention etc. all should It is included within protection scope of the present invention.

Claims (10)

1. a kind of method that call capability is encapsulated, it is characterised in that set according to the address of ability calling platform Corresponding first security strategy is put, according to the risk class of type of service, corresponding second security strategy is set; Methods described also includes:
The ability calling platform is handed over using second security strategy and first security strategy encryption successively Easy message, and the transaction message of encryption is sent to ability package system;
The ability package system is successively using first security strategy and second security strategy to described The transaction message of encryption is decrypted, and the transaction message after decryption is sent into business support system.
2. method according to claim 1, it is characterised in that the ability calling platform is adopted successively Transaction message is encrypted with the second security strategy and the first security strategy, including:
The ability calling platform receives customer service request;
With reference to pre-assigned service authority mark and customer service request generation transaction message;
The business risk grade asked according to the customer service and the address of the ability calling platform, successively The transaction message is encrypted according to second security strategy and the first security strategy.
3. method according to claim 1, it is characterised in that the ability package system is adopted successively The transaction message of the encryption is decrypted with the first security strategy and the second security strategy, including:
The ability package system uses the first security strategy, and the initiation address according to the transaction message is to institute Stating transaction message carries out ground floor decryption, extracts business risk grade;
Using the second security strategy, according to the business risk grade to stating the transaction message after ground floor decryption Carry out second layer decryption.
4. the method according to any one of claims 1 to 3, it is characterised in that described to be adjusted according to ability Corresponding first security strategy is set with the address of platform, sets corresponding according to the risk class of type of service Second security strategy;Including:
In advance different business risk class is distributed to different types of service;
Pre-build the first security strategy;First security strategy is:According to the ability calling platform Corresponding AES and key are distributed in address, and periodically redistribute at random;
The AES includes:DES Cipher, Advanced Encryption Standard AES or public key encryption Algorithm RSA;
Pre-build the second security strategy;Second security strategy is:According to the business risk ranking score With corresponding encryption policy, and periodically redistribute at random;
The encryption policy includes:In plain text, Message Digest 5 5MD5 cipher modes or hash algorithm add Close mode.
5. the method according to any one of claims 1 to 3, it is characterised in that methods described is also wrapped Include:The business support system determines the service authority mark encapsulated in the transaction message after the decryption and uses When family service request meets authority configuration rule, the transaction message is processed;
The authority configuration rule is:According to affiliate identify, distribution business capability identification and with the industry The corresponding service authority of business capability identification;
The service authority includes:The inquiry of client's essential information, product inquiry, product subscription, remaining sum mirror Power, payment, integration managing, appeal of service;
The business support system includes:CRM system CRM or business operation support system BOSS。
6. the system that a kind of call capability is encapsulated, it is characterised in that the system includes:Ability is called flat Platform, ability package system, business support system, wherein,
The ability calling platform, for successively using the second security strategy and the encryption transaction of the first security strategy Message, and the transaction message of encryption is sent to ability package system;
The ability package system, for being added to described using the first security strategy and the second security strategy successively Close transaction message is decrypted, and the transaction message after decryption is sent into business support system;
The ability package system, is additionally operable to set corresponding first safety according to the address of ability calling platform Strategy, according to the risk class of type of service, sets corresponding second security strategy.
7. system according to claim 6, it is characterised in that the ability calling platform, specifically For:Receive customer service request;
With reference to pre-assigned service authority mark and customer service request generation transaction message;
The risk class asked according to the customer service and the address of itself, successively according to the described second safety Strategy and the first security strategy are encrypted to the transaction message.
8. system according to claim 6, it is characterised in that the ability package system, Specifically for:
Using the first security strategy, the initiation address according to the transaction message carries out to the transaction message One layer of decryption, extracts the business risk grade;
Using the second security strategy, according to the business risk grade to stating the transaction message after ground floor decryption Carry out second layer decryption.
9. the system according to any one of claim 6 or 8, it is characterised in that the ability envelope Dress system, specifically for:
The first security strategy is pre-build, first security strategy is:According to the ability calling platform Address distribute corresponding AES and key, and periodically redistribute at random;
The AES includes:DES, AES or RSA;
The second security strategy is pre-build, second security strategy is:According to the business risk grade Corresponding encryption policy is distributed, and is periodically redistributed at random;
The encryption policy includes:In plain text, md5 encryption mode or hash algorithm cipher mode;
In advance different business risk class is distributed to different types of service.
10. the system according to any one of claim 6 to 8, it is characterised in that
The business support system, for the service authority mark for determining to be encapsulated in the transaction message after the decryption When knowledge and customer service request meet authority configuration rule, the transaction message is processed;The authority configuration rule It is then:According to affiliate identify, distribution business capability identification and with the service authority corresponding industry of mark Business authority;
The service authority includes:The inquiry of client's essential information, product inquiry, product subscription, remaining sum mirror Power, payment, integration managing, appeal of service;
The business support system includes:CRM or BOSS.
CN201510974871.8A 2015-12-22 2015-12-22 Method and system for packaging calling capability Active CN106911632B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510974871.8A CN106911632B (en) 2015-12-22 2015-12-22 Method and system for packaging calling capability

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510974871.8A CN106911632B (en) 2015-12-22 2015-12-22 Method and system for packaging calling capability

Publications (2)

Publication Number Publication Date
CN106911632A true CN106911632A (en) 2017-06-30
CN106911632B CN106911632B (en) 2019-12-13

Family

ID=59200283

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510974871.8A Active CN106911632B (en) 2015-12-22 2015-12-22 Method and system for packaging calling capability

Country Status (1)

Country Link
CN (1) CN106911632B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110059110A (en) * 2019-04-12 2019-07-26 北京百度网讯科技有限公司 Business datum security processing, device, computer equipment and storage medium
CN110417778A (en) * 2019-07-30 2019-11-05 中国工商银行股份有限公司 The treating method and apparatus of access request
CN114221814A (en) * 2021-12-16 2022-03-22 上海市共进通信技术有限公司 System, method, device, processor and computer readable storage medium for realizing terminal equipment safe opening of special service

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413464A (en) * 2011-11-24 2012-04-11 杭州东信北邮信息技术有限公司 GBA (General Bootstrapping Architecture)-based secret key negotiation system and method of telecommunication capability open platform
CN102573112A (en) * 2010-12-07 2012-07-11 中国电信股份有限公司 Telecommunication network capability opening method, system and alliance support platform
CN104268716A (en) * 2014-10-14 2015-01-07 青岛海尔软件有限公司 Electronic commerce information processing method, electronic commerce server and electronic invoice server
CN104468126A (en) * 2014-12-26 2015-03-25 北京深思数盾科技有限公司 Safety communication system and method
CN104484620A (en) * 2014-12-26 2015-04-01 厦门雅迅网络股份有限公司 Method for avoiding false declaration of sales volume and inventory in fast-selling sales management cloud system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102573112A (en) * 2010-12-07 2012-07-11 中国电信股份有限公司 Telecommunication network capability opening method, system and alliance support platform
CN102413464A (en) * 2011-11-24 2012-04-11 杭州东信北邮信息技术有限公司 GBA (General Bootstrapping Architecture)-based secret key negotiation system and method of telecommunication capability open platform
CN104268716A (en) * 2014-10-14 2015-01-07 青岛海尔软件有限公司 Electronic commerce information processing method, electronic commerce server and electronic invoice server
CN104468126A (en) * 2014-12-26 2015-03-25 北京深思数盾科技有限公司 Safety communication system and method
CN104484620A (en) * 2014-12-26 2015-04-01 厦门雅迅网络股份有限公司 Method for avoiding false declaration of sales volume and inventory in fast-selling sales management cloud system

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110059110A (en) * 2019-04-12 2019-07-26 北京百度网讯科技有限公司 Business datum security processing, device, computer equipment and storage medium
CN110059110B (en) * 2019-04-12 2021-05-28 北京百度网讯科技有限公司 Business data security processing method and device, computer equipment and storage medium
CN110417778A (en) * 2019-07-30 2019-11-05 中国工商银行股份有限公司 The treating method and apparatus of access request
CN110417778B (en) * 2019-07-30 2022-02-11 中国工商银行股份有限公司 Access request processing method and device
CN114221814A (en) * 2021-12-16 2022-03-22 上海市共进通信技术有限公司 System, method, device, processor and computer readable storage medium for realizing terminal equipment safe opening of special service
CN114221814B (en) * 2021-12-16 2023-10-27 上海市共进通信技术有限公司 System, method, device, processor and computer readable storage medium for realizing terminal equipment safety starting special service

Also Published As

Publication number Publication date
CN106911632B (en) 2019-12-13

Similar Documents

Publication Publication Date Title
CN109858262B (en) Process approval method, device and system based on block chain system and storage medium
CN108513704B (en) Remote distribution method and system of terminal master key
CN103595718B (en) A kind of POS terminal Activiation method, system, service platform and POS terminal
CN106973036B (en) Block chain privacy protection method based on asymmetric encryption
CN101641976B (en) An authentication method
US8184811B1 (en) Mobile telephony content protection
CN103186850B (en) For obtaining the method for evidence for payment, equipment and system
CN108880995B (en) Block chain-based unfamiliar social network user information and message pushing encryption method
CN101771699A (en) Method and system for improving SaaS application security
CN104935758A (en) Calling method, calling device and system
CN101350718B (en) Method for protecting play content authority range base on user identification module
CN105812332A (en) Data protection method
CN103812651B (en) Method of password authentication, apparatus and system
CN104393993A (en) A security chip for electricity selling terminal and the realizing method
CN109379345B (en) Sensitive information transmission method and system
CN103198261A (en) Method and system for protecting file content security
CN102594568A (en) Method for ensuring safety of mobile equipment software mirror image based on multilevel digital certificate
CN101841814B (en) Terminal authentication method and system
CN104125230A (en) Short message authentication service system and authentication method
CN106911632A (en) A kind of method and system of call capability encapsulation
CN105119716A (en) Secret key negotiation method based on SD cards
CN107566413A (en) A kind of intelligent card security authentication method and system based on data SMS technology
CN110337100B (en) Block chain-based method, terminal and system for adding one-number multi-card service auxiliary card
CN106779662A (en) The processing method and financial terminal of a kind of financial business
CN110401531B (en) Cooperative signature and decryption system based on SM9 algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant