CN108366075B - Security privacy number protection platform based on core network security protection strategy - Google Patents
Security privacy number protection platform based on core network security protection strategy Download PDFInfo
- Publication number
- CN108366075B CN108366075B CN201810196489.2A CN201810196489A CN108366075B CN 108366075 B CN108366075 B CN 108366075B CN 201810196489 A CN201810196489 A CN 201810196489A CN 108366075 B CN108366075 B CN 108366075B
- Authority
- CN
- China
- Prior art keywords
- network element
- service layer
- element layer
- layer
- calling
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a security privacy number protection platform based on a core network security protection strategy, and belongs to the field of mobile internet. The system comprises a service layer and a network element layer, wherein the service layer is deployed outside a core network, a service layer northbound interface is in butt joint with a third-party internet platform background, and a southbound interface is in butt joint with the core network; the network element layer is deployed in the core network, a north interface of the network element layer is in butt joint with the service layer, and a south interface of the network element layer is in butt joint with the core network; the service layer provides an intermediate number for calling the third-party Internet platform according to the received third-party Internet platform binding request, binds the intermediate number and the calling number and stores the binding relationship; the network element layer inquires the binding relation of the service layer, establishes a call channel between the intermediate number and the calling number and carries out connection. The invention provides security protection for mobile phone numbers of both parties of communication in O2O, and customizes inter-group isolation strategy to ensure the information security of operator core network.
Description
Technical Field
The invention relates to the field of mobile internet, in particular to a security privacy number protection platform based on a core network security protection strategy.
Background
The safety privacy number platform is a product with open voice capability, can respond to the trend of voice IP, and when electronic commerce is rapidly developed, many users do not want to expose personal telephone information to others in a one-time conversation process, and the safety call center aims to provide personal information safety guarantee service in an O2O electronic commerce process.
The implementation mode of the technical scheme is the opening of the core network function, a similar cooperation case does not appear before, the process is from 0 to 1, the internal and external network access safety problem exists, and the method mainly focuses on the illegal acquisition of data information by a northbound client through the inquiry of an IP side to a core network signaling side or is used for an illegal purpose.
Disclosure of Invention
The invention aims to provide a security privacy number protection platform based on a core network security protection strategy for providing security protection for mobile phone numbers of two parties in a conversation in an O2O electronic commerce process, and simultaneously customizing an inter-group isolation strategy, and realizing the service isolation strategy for a service layer deployed in a core network and a service layer deployed outside the core network so as to ensure the information security of the core network of an operator.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
a security privacy number protection platform based on a core network security protection strategy comprises a service layer and a network element layer, wherein the service layer is deployed outside a core network, a northbound interface of the service layer is in butt joint with a third-party internet platform background, and a southbound interface of the service layer is in butt joint with the core network; the network element layer is deployed in the core network, a north interface of the network element layer is in butt joint with the service layer, and a south interface of the network element layer is in butt joint with the core network;
the service layer provides an intermediate number for calling the third-party Internet platform according to the received binding relation distribution request of the third-party Internet platform, binds the intermediate number and the calling number and stores the binding relation; the network element layer receives a third-party internet platform call request roamed by a core network; and the network element layer inquires the binding relation for the service layer, establishes a communication channel between the intermediate number and the calling number respectively and performs connection.
Preferably, the calling number includes a calling number and a called number, and the network element layer controls the establishment and connection of the speech paths between the calling number and the middle number, and between the middle number and the called number respectively.
Preferably, the network element layer does not receive an active access request initiated by the service layer.
Preferably, the interaction scene between the network element layer pair and the service layer comprises call strategy inquiry, short message strategy inquiry, sound recording push and ticket notification;
calling policy inquiry, wherein when the network element layer receives a call request of a calling number for an intermediate number, the network element layer initiates calling policy inquiry to the service layer according to the calling number and the intermediate number, and the service layer inquires a binding relationship and feeds back the binding relationship according to the request;
the short message strategy inquiry comprises the steps that when the network element layer receives a short message request of a calling number to an intermediate number, the network element layer initiates short message strategy inquiry to the service layer according to the calling number and the intermediate number, and the service layer inquires a binding relation and feeds back the binding relation according to the request;
recording and pushing, wherein the network element layer records the connected speech channel calls and pushes the recorded speech channel calls to the service layer after the calls are finished;
and (5) ticket notification, wherein the network element layer generates a ticket for the connected speech path conversation and pushes the ticket to the service layer.
Preferably, the work flow of the security privacy number protection platform is,
(1) when a calling number initiates a calling request through a third-party Internet platform, the third-party Internet sends a binding relationship distribution request to the service layer;
(2) the service layer receives a binding relation distribution request of a third-party internet platform; allocating a middle number; binding the calling number, the intermediate number and the called number, and storing the obtained binding relationship; the service layer returns a success state to the third-party Internet platform;
(3) the calling number initiates a call request for the intermediate number; a calling request from a calling number to an intermediate number roams to the network element layer through a core network; the network element layer initiates an access call strategy inquiry request to the service layer; the business layer receives the service request of the network element layer, and returns the intermediate number and the called number to the network element layer after inquiring the binding relationship; the network element layer initiates a call request from an intermediate number to a called number; the called number responds; the network element layer respectively controls the establishment of the speech paths between the calling number and the middle number and between the middle number and the called number and carries out connection; recording all the voice channels until the call is finished;
(4) the network element layer pushes the record to the service layer, and the service layer stores the record;
(5) and the network element layer generates a call ticket of the call and pushes the call ticket to a service layer, and the service layer stores the call ticket.
Preferably, after the step (5) is finished, the calling number can send a binding relationship unbinding request through the third-party internet platform, the service layer receives the binding relationship unbinding request of the third-party internet platform, and the service layer unbinds the binding relationship.
Preferably, the third-party internet platform includes one of a platform APP, a website server, and a third-party server.
Due to the adoption of the technical scheme, the invention has the following beneficial effects:
1. the invention provides security protection for mobile phone numbers of both parties of communication in O2O electronic commerce process, simultaneously customizes inter-group isolation strategy, realizes service isolation strategy for service layer disposed in core network and service layer disposed outside core network, and ensures information security of operator core network.
2. The particularity of the security level of the core network is a key important consideration point of a core network project, the interlayer isolation technical scheme solves the security problem of the core network, the network element layer deployed in the core network does not accept all access from the service layer, and the interactive scenes of the service layer and the network element layer are transparently quantized into four scenes, so that the security of the core network is guaranteed against being invaded from the service layer.
3. The invention comprises a network element layer and a service layer, wherein the service layer is deployed outside a core network, the network element layer is deployed in the core network, and an inter-group isolation strategy between the service layer and the network element layer ensures that the network element layer deployed in the core network does not receive all access services from the service layer, and all interactions are driven by the network element layer deployed in the core network, thereby ensuring the safety of the core network.
Drawings
FIG. 1 is a schematic diagram of information interaction of an application example of the present invention.
Detailed Description
The following further describes the embodiments of the present invention with reference to the drawings.
As shown in fig. 1, the information interaction diagram of the application example of the present invention is shown. The security privacy number protection platform comprises a service layer and a network element layer, wherein the service layer is deployed outside a core network, a northbound interface of the service layer is in butt joint with a third-party internet platform background, and a southbound interface of the service layer is in butt joint with the core network; the network element layer is deployed in the core network, a north interface of the network element layer is in butt joint with the service layer, and a south interface of the network element layer is in butt joint with the core network.
The service layer provides an intermediate number for calling the third-party Internet platform according to the received binding relation distribution request of the third-party Internet platform, binds the intermediate number and the calling number and stores the binding relation; the network element layer receives a third-party internet platform call request roamed by a core network; and the network element layer inquires the binding relation for the service layer, establishes a communication channel between the intermediate number and the calling number respectively and performs connection. The calling number comprises a calling number and a called number, and the network element layer respectively controls the establishment of the speech paths between the calling number and the middle number and between the middle number and the called number and carries out connection. And the network element layer does not receive the active access request initiated by the service layer. The inter-group isolation strategy between the service layer and the network element layer ensures that the network element layer deployed in the core network does not receive all access services from the service layer, and all interaction is driven by the network element layer deployed in the core network, thereby ensuring the safety of the core network.
The interaction scene of the network element layer to the service layer comprises call strategy inquiry, short message strategy inquiry, recording push and ticket notification.
1) And (3) calling policy query: calling of a calling party to the intermediate number can roam to a network element layer of the privacy number platform, the network element layer initiates calling strategy inquiry to a service layer according to the calling party number and the intermediate number, the service layer inquires a binding strategy of a binding relation database according to a request and then returns the intermediate number and a called number, and then the network element layer initiates a calling request from the intermediate number to the called number.
2) Short message strategy query: the short message sending end sends the short message of the intermediate number to the network element layer of the privacy number platform, the network element layer initiates short message strategy inquiry to the service layer according to the calling number and the intermediate number, the service layer returns the intermediate number and the short message receiving number after inquiring the binding strategy of the binding relation database according to the request, and then the network element layer initiates the short message sending of the intermediate number to the short message receiving party.
3) And (3) recording pushing: the network element layer of the privacy number platform can continue a speech path from a calling party to an intermediate number and a speech path from the intermediate number to a called party, the calling party and the called party are exposed and communicated with each other through the intermediate number, the network element layer respectively records the calling and called calls, the calls are actively pushed to the service layer after the communication is finished, and the service layer receives and stores the calls for third-party Internet clients to download.
4) And (5) ticket notification: after the conversation is finished, the network element layer actively pushes the call ticket details to the service layer.
The particularity of the security level of the core network is a key important consideration point of a core network project, the interlayer isolation technical scheme solves the security problem of the telecommunication core network, the network element layer deployed in the core network does not accept all access from the service layer, and the interaction scenes of the service layer and the network element layer are transparently quantized into four scenes, so that the security of the core network is not invaded from the service layer.
The whole call flow of the invention is explained as follows:
the third-party internet platform is a taxi-taking APP and uses the safety privacy number protection platform.
1) The APP user needs to dial the called user through the APP, and at this time, the APP user first initiates a binding relationship allocation request of an intermediate number to the APP background: and applying for binding between the calling number, the intermediate number and the called number.
2) And the APP background initiates a binding relation distribution request to the service layer of the security privacy number protection platform.
3) After receiving the request, the service layer of the security privacy number protection platform allocates a middle number in the network element layer management range to be bound to the calling number and the called number, and stores the binding relationship: caller number-middle number-called number.
4) And after the business layer is successfully bound, returning a successful state to the APP background, informing a binding success message by the APP background, and initiating a call request from the calling number to the intermediate number by the APP.
5) And the calling request from the calling number to the intermediate number is roamed to a network element layer of the security privacy number protection platform through the core network.
6) The network element layer obtains the calling number and the intermediate number and initiates an access calling strategy inquiry request to the service layer.
7) The service layer receives the service request of the network element layer, and returns the intermediate number and the called number to the network element layer after inquiring the binding relation.
8) After the network element layer obtains the intermediate number and the called number, a calling request from the intermediate number to the called number is initiated.
9) After the called party answers, the network element layer connects the calling intermediate number and the intermediate number calling called speech path, and records the calling party and the called party respectively.
10) And after the speech path is finished, the recording is actively pushed to the service layer.
11) The business layer receives and stores the audio for the APP enterprise to monitor and download.
12) After the network element layer generates the call ticket, the call ticket is actively pushed to the service layer.
The core network may be any mobile, telecommunications or connectivity based core network. The invention is constructed based on a core network, and is provided with a service layer positioned outside the core network and a network element layer positioned in the core network, wherein the service layer and the network element layer form a protection platform. And simultaneously customizing an inter-group isolation strategy, and realizing the service isolation strategy by a service layer deployed in the core network and a service layer deployed outside the core network so as to ensure the information security of the core network of an operator.
The above description is intended to describe in detail the preferred embodiments of the present invention, but the embodiments are not intended to limit the scope of the claims of the present invention, and all equivalent changes and modifications made within the technical spirit of the present invention should fall within the scope of the claims of the present invention.
Claims (5)
1. A security privacy number protection platform based on a core network security protection strategy is characterized in that: the service layer is deployed outside a core network, a northbound interface of the service layer is in butt joint with a third-party internet platform background, and a southbound interface of the service layer is in butt joint with the core network; the network element layer is deployed in the core network, a north interface of the network element layer is in butt joint with the service layer, and a south interface of the network element layer is in butt joint with the core network;
the service layer provides an intermediate number for calling the third-party Internet platform according to the received binding relation distribution request of the third-party Internet platform, binds the intermediate number and the calling number and stores the binding relation; the network element layer receives a third-party internet platform call request roamed by a core network; the network element layer inquires the binding relation of the service layer, respectively establishes a communication channel between the intermediate number and the calling number, and performs connection; the network element layer does not receive an active access request initiated by the service layer;
the working process of the security privacy number protection platform is as follows,
(1) when a calling number initiates a calling request through a third-party Internet platform, the third-party Internet sends a binding relationship distribution request to the service layer;
(2) the service layer receives a binding relation distribution request of a third-party internet platform; allocating a middle number; binding the calling number, the intermediate number and the called number, and storing the obtained binding relationship; the service layer returns a success state to the third-party Internet platform;
(3) the calling number initiates a call request for the intermediate number; a calling request from a calling number to an intermediate number roams to the network element layer through a core network; the network element layer initiates an access call strategy inquiry request to the service layer; the business layer receives the service request of the network element layer, and returns the intermediate number and the called number to the network element layer after inquiring the binding relationship; the network element layer initiates a call request from an intermediate number to a called number; the called number responds; the network element layer respectively controls the establishment of the speech paths between the calling number and the middle number and between the middle number and the called number and carries out connection; recording all the voice channels until the call is finished;
(4) the network element layer pushes the record to the service layer, and the service layer stores the record;
(5) and the network element layer generates a call ticket of the call and pushes the call ticket to a service layer, and the service layer stores the call ticket.
2. The platform for protecting the security privacy number based on the security protection policy of the core network according to claim 1, wherein: the calling number comprises a calling number and a called number, and the network element layer respectively controls the establishment and connection of the speech paths between the calling number and the middle number and between the middle number and the called number.
3. The platform of claim 2, wherein the platform comprises: the interaction scene between the network element layer pair and the service layer comprises call strategy inquiry, short message strategy inquiry, sound recording push and ticket notification;
calling policy inquiry, wherein when the network element layer receives a call request of a calling number for an intermediate number, the network element layer initiates calling policy inquiry to the service layer according to the calling number and the intermediate number, and the service layer inquires a binding relationship and feeds back the binding relationship according to the request;
the short message strategy inquiry comprises the steps that when the network element layer receives a short message request of a calling number to an intermediate number, the network element layer initiates short message strategy inquiry to the service layer according to the calling number and the intermediate number, and the service layer inquires a binding relation and feeds back the binding relation according to the request;
recording and pushing, wherein the network element layer records the connected speech channel calls and pushes the recorded speech channel calls to the service layer after the calls are finished;
and (5) ticket notification, wherein the network element layer generates a ticket for the connected speech path conversation and pushes the ticket to the service layer.
4. The platform for protecting the security privacy number based on the security protection policy of the core network according to claim 1, wherein: and (5) after the step (5) is finished, the calling number can send a binding relationship unbinding request through the third-party internet platform, the service layer receives the binding relationship unbinding request of the third-party internet platform, and the service layer unbinds the binding relationship.
5. The platform for protecting the security privacy number based on the security protection policy of the core network according to claim 1, wherein: the third-party internet platform comprises one of a platform APP, a website server and a third-party server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810196489.2A CN108366075B (en) | 2018-03-09 | 2018-03-09 | Security privacy number protection platform based on core network security protection strategy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810196489.2A CN108366075B (en) | 2018-03-09 | 2018-03-09 | Security privacy number protection platform based on core network security protection strategy |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108366075A CN108366075A (en) | 2018-08-03 |
| CN108366075B true CN108366075B (en) | 2020-09-08 |
Family
ID=63003783
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810196489.2A Active CN108366075B (en) | 2018-03-09 | 2018-03-09 | Security privacy number protection platform based on core network security protection strategy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108366075B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111542018B (en) * | 2020-04-17 | 2023-05-05 | 汉海信息技术(上海)有限公司 | Communication method and system based on vehicle-mounted terminal |
| CN112671864B (en) * | 2020-12-15 | 2023-04-07 | 广西东信易通科技有限公司 | Privacy number dynamic allocation system based on active request |
| CN115002743A (en) * | 2022-06-28 | 2022-09-02 | 广西东信易通科技有限公司 | Median scene call enhancement system based on machine learning algorithm |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6731832B2 (en) * | 2001-02-28 | 2004-05-04 | Lambda Opticalsystems Corporation | Detection of module insertion/removal in a modular optical network, and methods and apparatus therefor |
| CN101052064A (en) * | 2007-04-06 | 2007-10-10 | 中兴通讯股份有限公司 | Virtual main call number business realizing system and method |
| CN106161807A (en) * | 2015-04-13 | 2016-11-23 | 阿里巴巴集团控股有限公司 | Communication means and server |
| CN106302927A (en) * | 2016-08-23 | 2017-01-04 | 中邮科通信技术股份有限公司 | The voice call platform that two-way number is hidden |
| CN106921951A (en) * | 2015-12-28 | 2017-07-04 | 中国电信股份有限公司 | Number method for secret protection and system and relevant device based on relation number |
| WO2017161416A1 (en) * | 2016-03-21 | 2017-09-28 | Adhar Vireshwar K | Method and system for digital privacy management |
| CN107708103A (en) * | 2017-11-05 | 2018-02-16 | 浙江东信昆辰科技股份有限公司 | The method and system of number secrecy are realized based on MAP signalings |
-
2018
- 2018-03-09 CN CN201810196489.2A patent/CN108366075B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6731832B2 (en) * | 2001-02-28 | 2004-05-04 | Lambda Opticalsystems Corporation | Detection of module insertion/removal in a modular optical network, and methods and apparatus therefor |
| CN101052064A (en) * | 2007-04-06 | 2007-10-10 | 中兴通讯股份有限公司 | Virtual main call number business realizing system and method |
| CN106161807A (en) * | 2015-04-13 | 2016-11-23 | 阿里巴巴集团控股有限公司 | Communication means and server |
| CN106921951A (en) * | 2015-12-28 | 2017-07-04 | 中国电信股份有限公司 | Number method for secret protection and system and relevant device based on relation number |
| WO2017161416A1 (en) * | 2016-03-21 | 2017-09-28 | Adhar Vireshwar K | Method and system for digital privacy management |
| CN106302927A (en) * | 2016-08-23 | 2017-01-04 | 中邮科通信技术股份有限公司 | The voice call platform that two-way number is hidden |
| CN107708103A (en) * | 2017-11-05 | 2018-02-16 | 浙江东信昆辰科技股份有限公司 | The method and system of number secrecy are realized based on MAP signalings |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108366075A (en) | 2018-08-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8244252B2 (en) | Method for activating a network-based service in a communication network, apparatus, device and network therefore | |
| US6600928B1 (en) | Method for establishing a temporary simplex call group in a wireless communication system | |
| CN101375584B (en) | Call screening for VoIP calls at gateway | |
| CN108366075B (en) | Security privacy number protection platform based on core network security protection strategy | |
| JP5351765B2 (en) | Method and apparatus for linking identification data to calls between networks | |
| CN110337091B (en) | Number conversion method and device | |
| US20030108163A1 (en) | Origin device based caller identification | |
| CN104284031A (en) | Speech communication method, communication terminal and server | |
| CN101917524A (en) | Authentification information interacting method triggered by call center and orienting mobile Internet cellphone terminals | |
| CN101127949A (en) | A method for realizing instant recording service based on mobile communication network | |
| EP1883256B1 (en) | A method, system and device for realizing the record of the speech data in semi-duplex talking | |
| US10547572B2 (en) | Messaging service | |
| CN112738351B (en) | Number outbound privacy protection system and method based on SaaS environment | |
| CN109660677A (en) | Call method, device, system, storage medium and computer equipment | |
| CN104869262A (en) | Method and device for intercepting terminal blacklist | |
| US8804936B2 (en) | Shared media access for real time first and third party media control | |
| CN101827334A (en) | Call processing method and call processing center equipment | |
| EP2986040B1 (en) | Call service method and system, system terminal | |
| CN102355713A (en) | Calling method in voice communication and mobile terminal | |
| US20070005729A1 (en) | Internet telephony through hosts | |
| CN108769436B (en) | USSD and two-dimensional code based customized protection method for security and privacy of user mobile phone | |
| US9065918B2 (en) | Third party call control utilizing a voice user interface | |
| CN102694927A (en) | Method and system for switching identities of calling and called parties | |
| CN103095938A (en) | Voice message method and voice mailbox system | |
| CN102083027B (en) | Method, device and equipment for interconnecting call of WEB voice client service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |