CN110944300B - Short message service system, forwarding interface device and defense server - Google Patents

Short message service system, forwarding interface device and defense server Download PDF

Info

Publication number
CN110944300B
CN110944300B CN201911342215.0A CN201911342215A CN110944300B CN 110944300 B CN110944300 B CN 110944300B CN 201911342215 A CN201911342215 A CN 201911342215A CN 110944300 B CN110944300 B CN 110944300B
Authority
CN
China
Prior art keywords
short message
interface device
terminal
verification request
operator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911342215.0A
Other languages
Chinese (zh)
Other versions
CN110944300A (en
Inventor
蒋承
陈良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Hongmei Intelligent Technology Co Ltd
Original Assignee
Sichuan Hongmei Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Hongmei Intelligent Technology Co Ltd filed Critical Sichuan Hongmei Intelligent Technology Co Ltd
Priority to CN201911342215.0A priority Critical patent/CN110944300B/en
Publication of CN110944300A publication Critical patent/CN110944300A/en
Application granted granted Critical
Publication of CN110944300B publication Critical patent/CN110944300B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/088Access security using filters or firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention discloses a short message service system, a forwarding interface device and a defense server, which detect whether a short message verification request is filtered by a short message defense server or not by acquiring the short message verification request sent by a terminal to an operator short message interface device, forward the short message verification request to the operator short message interface device if the short message verification request is filtered by the short message defense server, trigger the operator short message interface device to provide a short message verification service to the terminal, detect whether the terminal is in a locally pre-stored white list or not if the short message verification request is not filtered by the short message defense server, forward the short message verification request to the operator short message interface device if the terminal is in the white list, and trigger the operator short message interface device to provide the short message verification service to the terminal. Therefore, the short message verification request sent to the short message interface device of the operator is filtered, and the abnormal short message verification request is eliminated, so that the defense capability of the short message interface is improved. The embodiment of the invention is only used for short message verification.

Description

Short message service system, forwarding interface device and defense server
Technical Field
The present invention relates to the field of communications, and in particular, to a short message service system, a forwarding interface device, and a defense server.
Background
With the popularization of smart phones, short message verification codes or short message pushing services are widely applied to the internet field. In the traditional short message interface architecture, the short message interface is easy to be called by an attacker, and the short message is maliciously consumed, so that the normal short message verification code or the short message pushing service is influenced.
Disclosure of Invention
The embodiment of the invention provides a short message service system, a forwarding interface device and a defense server, which can improve the defense capability of a short message interface.
The embodiment of the invention adopts the following technical scheme:
a short message service system includes: the short message protection system comprises an operator short message interface device, a short message forwarding interface device and a short message protection server, wherein the short message forwarding interface device is arranged at the front end of the operator short message interface device, the short message protection server is arranged at the front end of the short message forwarding interface device, and the operator short message interface device is used for providing short message verification service for a terminal;
the short message forwarding interface device acquires a short message verification request sent by a terminal to the operator short message interface device, and detects whether the short message verification request is filtered by a short message defense server;
if the short message verification request is filtered by the short message defense server, the short message forwarding interface device forwards the short message verification request to the operator short message interface device, and triggers the operator short message interface device to provide a short message verification service for the terminal;
if the short message verification request is not filtered by the short message defense server, the short message forwarding interface device detects whether the terminal is in a white list pre-stored locally, and if the terminal is in the white list, the short message verification request is forwarded to the operator short message interface device to trigger the operator short message interface device to provide short message verification service for the terminal.
Optionally, the short message defense server verifies the identity of the terminal, and after the terminal passes the identity verification, the short message defense server receives a short message verification request sent by the terminal;
and the short message defense server forwards the short message verification request to the short message forwarding interface device.
A short message forwarding interface device is arranged at the front end of an operator short message interface device, and the operator short message interface device is used for providing short message verification service for a terminal;
the short message forwarding interface device acquires a short message verification request sent by a terminal to the operator short message interface device, and detects whether the short message verification request is filtered by a short message defense server;
if the short message verification request is filtered by the short message defense server, forwarding the short message verification request to the operator short message interface device, and triggering the operator short message interface device to provide a short message verification service for the terminal;
if the short message verification request is not filtered by the short message defense server, detecting whether the terminal is in a white list pre-stored locally, if so, forwarding the short message verification request to the operator short message interface device, and triggering the operator short message interface device to provide short message verification service for the terminal.
Optionally, the forwarding the short message verification request to the operator short message interface device includes:
and asymmetrically encrypting the short message verification request, and forwarding the encrypted short message verification request to the operator short message interface device.
A short message defending server is arranged at the front end of a short message forwarding interface device, the short message forwarding interface device is arranged at the front end of an operator short message interface device, and the operator short message interface device is used for providing short message verification service for a terminal;
the short message defense server verifies the terminal identity;
after the terminal passes the identity authentication, the short message defense server receives a first short message authentication request sent by the terminal to the operator short message interface device;
and the short message defense server forwards the first short message verification request to the operator short message interface device, and triggers the operator short message interface device to provide short message verification service for the terminal.
Optionally, the verifying the terminal identity by the short message defense server includes:
the short message defense server receives registration information sent by the terminal, and if the registration information is correct, a verification character string corresponding to the terminal is generated;
the short message defense server returns the verification character string to the terminal, so that the terminal stores the verification character string;
and the short message defense server acquires the verification character string from the terminal and verifies the terminal identity according to the verification character string.
Optionally, the generating a verification string corresponding to the terminal includes:
the short message defense server generates a first part of characters by applying a Hash algorithm;
the short message defense server acquires a random number to generate a second part of characters;
and combining the first partial character and the second partial character to obtain the verification character string.
Optionally, after the short message defense server forwards the short message verification request to the operator short message interface device, the method further includes:
receiving a second short message verification request sent by the terminal;
detecting the interval time between the second short message verification request and the first short message verification request, and if the interval time is less than the preset time, stopping forwarding the second short message verification request to the operator short message interface device by the short message defense server; or detecting the number of short message verification requests sent by the terminal between the second short message verification request and the first short message verification request, and if the number of short message verification requests sent by the terminal between the second short message verification request and the first short message verification request is larger than a preset number, the short message defense server stops forwarding the second short message verification request to the operator short message interface device.
Optionally, before the receiving, by the short message defense server, the first short message verification request sent by the terminal to the operator short message interface device, the method further includes:
the short message defense server detects the received short message verification request quantity;
if the short message verification request amount is larger than a first preset amount, starting a static graphic verification code to verify the terminal identity; if the short message verification request quantity is larger than a second preset quantity, starting a dynamic graphic verification code to verify the terminal identity; if the short message verification request quantity is larger than a third preset quantity, limiting to receive the first short message verification request; the first preset amount is smaller than the second preset amount, and the second preset amount is smaller than the third preset amount.
Optionally, the forwarding, by the short message defense server, the first short message verification request to the operator short message interface device includes:
and the short message defense server carries out asymmetric encryption on the first short message verification request and forwards the encrypted first short message verification request to the operator short message interface device.
Based on the short message service system, the forwarding interface device and the defense server of the technical scheme, whether the short message verification request is filtered by the short message defense server or not is detected by acquiring the short message verification request sent by the terminal to the short message interface device of the operator, if the short message verification request is filtered by the short message defense server, the short message verification request is forwarded to the short message interface device of the operator, the short message interface device of the operator is triggered to provide the short message verification service for the terminal, if the short message verification request is not filtered by the short message defense server, whether the terminal is in a white list prestored locally or not is detected, if the terminal is in the white list, the short message verification request is forwarded to the short message interface device of the operator, and the short message verification service is triggered to be provided for the terminal by the short message interface device of the operator. Therefore, the short message verification request sent to the short message interface device of the operator is filtered, and the abnormal short message verification request is eliminated, so that the defense capability of the short message interface is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
Fig. 1 is a schematic diagram of a short message service system architecture according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of forwarding a verification request by an operator short message interface device according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
Fig. 1 is a schematic diagram of a short message service system architecture according to an embodiment of the present invention, where the short message service system architecture includes a terminal 100, a short message defense server 200, a short message forwarding interface device 300, and an operator short message interface device 400. The terminal 100 may be a smart phone, a computer, or other devices having a verification request function; the short message defense server 200 receives a verification request (for example, an account login verification code request) of the terminal 100, filters the request and then sends the request to the short message forwarding interface device 300, and the short message defense server 200 can set different defense levels according to the condition of the terminal verification request; the short message forwarding interface device 300 sends the verification request filtered by the short message defense server 200 to the operator short message interface device 400, and the operator short message interface device 400 sends verification (such as a verification code) to the terminal 100; the short message forwarding interface device 300 may further store a white list, and when the verification request is directly sent by the receiving terminal 100, and the verification terminal 100 is in the stored white list, forward the request to the operator short message interface device 400, and the operator short message interface device 400 sends verification information (e.g., a verification code) to the receiving terminal 100.
The short message service system architecture shown in fig. 1 provided in the embodiment of the present invention protects the short message interface device 400 of the operator provided by the short message operator at the back end, so that an attacker cannot obtain the short message interface device 400 of the operator, thereby reducing the number of malicious verifications for calling the short message interface device 400 of the operator.
The short message service system, the forwarding interface device and the defense server provided by the embodiment of the invention are used for realizing short message interface attack defense, filtering the short message verified terminal 100 through https transparent proxy interface service and combining a white list calling mechanism, protecting the back end of an operator short message interface device 400 providing the short message verification service for the terminal, constructing a safety framework of short message interface attack defense, and adjusting a defense mode according to different attack strength. The short message forwarding interface device 300 receives the verification request filtered by the short message defense server 200 from the terminal 100, and sends the verification request to the operator short message interface device 400. The short message forwarding interface device 300 performs white list verification on the verification request bypassing the short message defense server 200, thereby improving the defense capability.
The terminal in each embodiment of the invention can be a smart phone, a computer and other equipment with a verification request function, and the smart phone can be provided with an application with a verification requirement.
Example 1
The present embodiment provides a short message service system, which adopts the architecture shown in fig. 1, and the system shown in fig. 1 includes: the short message service system comprises an operator short message interface device 400, a short message forwarding interface device 300 and a short message defense server 200, wherein the short message forwarding interface device 300 is arranged at the front end of the operator short message interface device 400, the short message defense server 200 is arranged at the front end of the short message forwarding interface device 300, and the operator short message interface device 400 is used for providing short message verification service for a terminal.
The short message forwarding interface device 300 obtains a short message verification request sent by the terminal 100 to the operator short message interface device 400, and detects whether the short message verification request is filtered by the short message defense server 200;
if the short message verification request is filtered by the short message defense server 200, the short message forwarding interface device 300 forwards the short message verification request to the operator short message interface device 400, and triggers the operator short message interface device 400 to provide a short message verification service to the terminal 100.
If the short message verification request is not filtered by the short message defense server 200, the short message forwarding interface device 300 detects whether the terminal is in a white list pre-stored locally, and if the terminal is in the white list, forwards the short message verification request to the operator short message interface device, and triggers the operator short message interface device to provide short message verification service for the terminal. The white list pre-stored in the short message forwarding interface device 300 can be established by the short message forwarding interface device 300 according to the setting of the administrator, and can be modified in real time according to different scenes and network conditions.
The operator sms interface device 400 may be provided by a wireless communication network operator, and the verification service provided by the operator sms interface device 400 to the terminal 100 may be a verification code service. It should be understood that the terminal 100 is a mobile phone, and the operator short message interface device 400 directly sends the verification to the mobile phone; the terminal 100 is a non-mobile phone device such as a computer, the computer and the non-mobile phone device initiate an authentication request, and the operator short message interface device 400 directly sends authentication to a mobile phone corresponding to the non-mobile phone device such as the computer.
In this embodiment, https defense is opened between the operator short message interface device 400, the short message forwarding interface device 300, and the short message defense server 200, so that the probability of information being captured is reduced.
In one embodiment, the short message defense server 200 verifies the identity of the terminal 100, and after the terminal 100 passes the identity verification, the short message defense server 200 receives a short message verification request sent by the terminal 100. In different embodiments, the short message defense server 200 verifies the ID of the terminal 100, or verifies the identification code carried by the terminal 100, or other verification methods, but the embodiment of the present invention does not limit a specific verification method, and the verification function is implemented.
After the terminal 100 passes the verification, the short message defense server 200 forwards the short message verification request to the short message forwarding interface device 300, and the short message forwarding interface device 300 forwards the short message verification request to the operator short message interface device 400 to send verification information (e.g. verification code). If the terminal 100 fails to be authenticated, the short message defense server 200 does not forward the authentication request to the short message forwarding interface device 300, thereby terminating the authentication request process. Therefore, whether to carry out service is determined according to the identity of the terminal 100, the abnormal verification request of the terminal 100 can be eliminated, and the verification system resource is saved.
In this embodiment, https defense is started among the operator short message interface device 400, the short message forwarding interface device 300, and the short message defense server 200, so that the probability of information being captured is reduced. The interface device parameters can be further encrypted by an asymmetric encryption algorithm, so that the risk of parameter leakage of the interface device can be reduced, and the system safety is improved.
The short message service system of the embodiment detects whether the short message verification request is filtered by the short message defense server by acquiring the short message verification request sent by the terminal to the operator short message interface device, forwards the short message verification request to the operator short message interface device if the short message verification request is filtered by the short message defense server, triggers the operator short message interface device to provide the short message verification service to the terminal, detects whether the terminal is in a locally pre-stored white list if the short message verification request is not filtered by the short message defense server, forwards the short message verification request to the operator short message interface device if the terminal is in the white list, and triggers the operator short message interface device to provide the short message verification service to the terminal. Therefore, the short message verification request sent to the short message interface device of the operator is filtered, and the abnormal short message verification request is eliminated, so that the defense capability of the short message interface is improved.
Example 2
In this embodiment, a short message forwarding interface device 300 in the architecture shown in fig. 1 is provided, as shown in fig. 1, the short message forwarding interface device 300 is disposed at a front end of the operator short message interface device 400, the short message forwarding interface device 300 forwards a verification request from a terminal 100 to the operator short message interface device 400, and the operator short message interface device 400 is configured to provide a short message verification service to the terminal 100.
As shown in fig. 2, the step of forwarding the verification request to the operator sms interface device 400 by the sms interface device 300 includes:
21. acquiring a short message verification request sent by the terminal 100 to the operator short message interface device 400.
22. It is detected whether the short message authentication request is filtered by the short message defense server 200.
If the short message authentication request is filtered by the short message defense server 200, step 23 is performed, and if the short message authentication request is not filtered by the short message defense server 200, step 24 is performed.
23. If the short message verification request is filtered by the short message defense server 200, the short message forwarding interface device 300 forwards the short message verification request to the operator short message interface device 400, and triggers the operator short message interface device 400 to provide a short message verification service to the terminal 100.
24. If the short message verification request is not filtered by the short message defense server 200, the short message forwarding interface device 300 detects whether the terminal 100 is in a locally pre-stored white list.
If the terminal 100 is in the locally pre-stored white list, step 25 is performed, and if the terminal 100 is not in the locally pre-stored white list, step 26 is performed.
25. If the terminal 100 is in the white list, the short message verification request is forwarded to the operator short message interface device 400, and the operator short message interface device 400 is triggered to provide the short message verification service to the terminal 100. In this way, even if the terminal 100 bypasses the short message defense server 200 to directly send a verification request to the short message forwarding interface device 300, the short message forwarding interface device 300 can still verify the identity of the terminal 100 through the white list, thereby improving the defense capability of the system.
26. If the terminal 100 is not in the white list, the short message authentication is not forwarded to the operator short message interface device 400, and the present authentication request of the terminal 100 is terminated.
In this embodiment, a specific implementation manner of the short message defense server 200 for filtering the verification request of the terminal 100 may refer to other embodiments.
In this embodiment, https is opened between the operator short message interface device 400, the short message forwarding interface device 300 and the short message defense server 200, so that the probability of information being captured is reduced. The interface device parameters can be further encrypted by an asymmetric encryption algorithm, so that the parameter leakage risk can be reduced, and the system safety can be improved.
In one embodiment, the forwarding the short message verification request to the operator short message interface device includes:
the short message forwarding interface device 300 asymmetrically encrypts the short message verification request and forwards the encrypted short message verification request to the operator short message interface device 400. Therefore, the short message interface device 400 of the operator is not easy to expose, and the system safety is enhanced.
In this embodiment, a specific asymmetric encryption algorithm is not limited, and in a specific implementation, different asymmetric encryption algorithms may be reused according to different scenarios.
The short message forwarding interface device of the embodiment detects whether the short message verification request is filtered by the short message defense server by acquiring the short message verification request sent by the terminal to the operator short message interface device, forwards the short message verification request to the operator short message interface device if the short message verification request is filtered by the short message defense server, triggers the operator short message interface device to provide the short message verification service to the terminal, detects whether the terminal is in a locally pre-stored white list if the short message verification request is not filtered by the short message defense server, forwards the short message verification request to the operator short message interface device if the terminal is in the white list, and triggers the operator short message interface device to provide the short message verification service to the terminal. Therefore, the short message verification request sent to the short message interface device of the operator is filtered, and the abnormal short message verification request is eliminated, so that the defense capability of the short message interface is improved.
Example 3
The present embodiment provides a short message defense server 200 in the architecture shown in fig. 1, as shown in fig. 1, the short message defense server is disposed at the front end of a short message forwarding interface device, the short message forwarding interface device is disposed at the front end of an operator short message interface device, and the operator short message interface device is used for providing a short message verification service to a terminal;
the short message defense server 200 verifies the identity of the terminal 100.
In this embodiment, in order to ensure that each request is from a normal or authorized terminal 100, the identity of the terminal 100 is verified before the terminal 100 requests the short message verification code, so as to ensure the validity of the request. The specific verification method may be token authentication, Session authentication, and the like, and this embodiment is not limited.
After the terminal 100 passes the identity authentication, the short message defense server 200 receives a first short message authentication request sent by the terminal to the operator short message interface device 400;
the short message defense server 200 forwards the first short message verification request to the operator short message interface device 400, and triggers the operator short message interface device to provide a short message verification service to the terminal.
Specifically, as shown in fig. 1, the short message defense server 200 may forward the first short message verification request to the operator short message interface device 400 through the short message forwarding interface device 300. In other embodiments, the short message defense server 200 may directly forward the first short message verification request to the carrier short message interface device 400 without passing through the short message forwarding interface device 300.
In this embodiment, https is opened between the operator short message interface device 400, the short message forwarding interface device 300 and the short message defense server 200, so that the probability of information being captured is reduced. The interface device parameters can be further encrypted by an asymmetric encryption algorithm, so that the parameter leakage risk can be reduced, and the system safety can be improved.
In one embodiment, the verifying the terminal identity by the short message defense server 200 includes:
the short message defense server 200 receives registration information sent by the terminal, and if the registration information is correct, a verification character string corresponding to the terminal 100 is generated;
the short message defense server 200 returns the verification character string to the terminal, so that the terminal 100 stores the verification character string;
when the identity of the terminal 100 needs to be verified (for example, before the first short message verification request is received), the short message defense server 200 obtains the verification character string from the terminal, and verifies the identity of the terminal 100 according to the verification character string.
Wherein the generating of the verification string corresponding to the terminal 100 includes:
the short message defense server 200 applies a hash algorithm to generate a first part of characters;
the short message defense server 200 acquires a random number to generate a second part of characters;
and combining the first partial character and the second partial character to obtain the verification character string.
In one embodiment, after the short message defense server 200 forwards the short message verification request to the operator short message interface device 400, the method further includes:
the short message defense server 200 receives a second short message verification request sent by the terminal 100;
the short message defense server 200 detects the interval time between the second short message verification request and the first short message verification request, and if the interval time is less than the preset time, the short message defense server 200 stops forwarding the second short message verification request to the operator short message interface device 400; or detecting the number of short message verification requests sent by the terminal between the second short message verification request and the first short message verification request, if the number of short message verification requests sent by the terminal 100 between the second short message verification request and the first short message verification request is greater than a preset number, the short message defense server 200 stops forwarding the second short message verification request to the operator short message interface device 400.
In this embodiment, the frequency of the terminal 100 authentication requests may be set, for example, not more than 5 requests per minute, not more than 10 requests per hour, not more than 30 requests per day, etc., to prevent malicious attacks.
In one embodiment, before the short message defense server 200 receives the first short message verification request sent by the terminal 100 to the operator short message interface device 400, the method further includes:
the short message defense server 200 detects the received short message verification request amount;
if the short message verification request amount is greater than a first preset amount, the short message defense server 200 starts a preset primary defense, for example, a static graphic verification code is started to verify the terminal identity; if the short message verification request amount is greater than a second preset amount, the short message defense server 200 starts preset secondary defense, for example, a dynamic graphic verification code is started to verify the terminal identity; if the short message verification request amount is greater than a third preset amount, the short message defense server 200 starts a preset third-level defense, for example, restricts receiving the first short message verification request.
The first preset amount is smaller than the second preset amount, and the second preset amount is smaller than the third preset amount. Different defense levels can be initiated manually or automatically in this embodiment depending on the scenario.
In one embodiment, the forwarding the first short message verification request to the operator short message interface device by the short message defense server 200 includes:
the short message defense server 200 asymmetrically encrypts the first short message verification request, and forwards the encrypted first short message verification request to the operator short message interface device 400. In this way, encrypting the authentication request can improve system security.
The short message defense server of the embodiment verifies the terminal identity, receives a short message verification request sent by the terminal to the operator short message interface device after the terminal passes the identity verification, forwards the first short message verification request to the operator short message interface device, and triggers the operator short message interface device to provide a short message verification service for the terminal. Therefore, the short message verification request sent to the short message interface device of the operator is filtered, and the abnormal short message verification request is eliminated, so that the defense capability of the short message interface is improved.
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein. The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (10)

1. A short message service system, comprising: the short message defense system comprises an operator short message interface device, a short message forwarding interface device and a short message defense server, wherein the short message forwarding interface device is arranged at the front end of the operator short message interface device, the short message defense server is arranged at the front end of the short message forwarding interface device, and the operator short message interface device is used for providing short message verification service for a terminal;
the short message forwarding interface device acquires a short message verification request sent by a terminal to the operator short message interface device, and detects whether the short message verification request is filtered by a short message defense server;
if the short message verification request is filtered by the short message defense server, the short message forwarding interface device forwards the short message verification request to the operator short message interface device, and triggers the operator short message interface device to provide a short message verification service for the terminal;
for the verification request bypassing the short message defense server, if the short message verification request is not filtered by the short message defense server, the short message forwarding interface device detects whether the terminal is in a locally pre-stored white list, and if the terminal is in the white list, the short message verification request is forwarded to the operator short message interface device to trigger the operator short message interface device to provide short message verification service for the terminal.
2. The system of claim 1, wherein the short message defense server verifies the identity of the terminal, and after the terminal passes the identity verification, the short message defense server receives a short message verification request sent by the terminal;
and the short message defense server forwards the short message verification request to the short message forwarding interface device.
3. The short message forwarding interface device is characterized in that the short message forwarding interface device is arranged at the front end of an operator short message interface device, and the operator short message interface device is used for providing short message verification service for a terminal;
the short message forwarding interface device acquires a short message verification request sent by a terminal to the operator short message interface device, and detects whether the short message verification request is filtered by a short message defense server;
if the short message verification request is filtered by the short message defense server, forwarding the short message verification request to the operator short message interface device, and triggering the operator short message interface device to provide a short message verification service for the terminal;
if the short message verification request is not filtered by the short message defense server, detecting whether the terminal is in a white list pre-stored locally, if so, forwarding the short message verification request to the operator short message interface device, and triggering the operator short message interface device to provide short message verification service for the terminal.
4. The SMS forwarding interface of claim 3, wherein the forwarding the SMS validation request to the carrier SMS interface device comprises:
and asymmetrically encrypting the short message verification request, and forwarding the encrypted short message verification request to the operator short message interface device.
5. A short message defense server is characterized in that the short message defense server is arranged at the front end of a short message forwarding interface device, the short message forwarding interface device is arranged at the front end of an operator short message interface device, and the operator short message interface device is used for providing a short message verification service for a terminal;
the short message defense server verifies the terminal identity;
after the terminal passes the identity authentication, the short message defense server receives a first short message authentication request sent by the terminal to the operator short message interface device;
and the short message defense server forwards the first short message verification request to the operator short message interface device, and triggers the operator short message interface device to provide short message verification service for the terminal.
6. The short message defense server as claimed in claim 5, wherein the short message defense server verifying the terminal identity comprises:
the short message defense server receives registration information sent by the terminal, and if the registration information is correct, a verification character string corresponding to the terminal is generated;
the short message defense server returns the verification character string to the terminal, so that the terminal stores the verification character string;
and the short message defense server acquires the verification character string from the terminal and verifies the terminal identity according to the verification character string.
7. The short message defense server of claim 6, wherein the generating of the validation string corresponding to the terminal comprises:
the short message defense server generates a first part of characters by applying a Hash algorithm;
the short message defense server acquires a random number to generate a second part of characters;
and combining the first partial character and the second partial character to obtain the verification character string.
8. The SMS defense server of any one of claims 5 to 7, wherein the SMS defense server further comprises after forwarding the SMS verification request to the carrier SMS interface device:
receiving a second short message verification request sent by the terminal;
detecting the interval time between the second short message verification request and the first short message verification request, and if the interval time is less than the preset time, stopping forwarding the second short message verification request to the operator short message interface device by the short message defense server; or detecting the number of short message verification requests sent by the terminal between the second short message verification request and the first short message verification request, and if the number of short message verification requests sent by the terminal between the second short message verification request and the first short message verification request is larger than a preset number, the short message defense server stops forwarding the second short message verification request to the operator short message interface device.
9. The short message defense server as claimed in any one of claims 5 to 7, wherein before the short message defense server receives the first short message verification request sent by the terminal to the operator short message interface device, the short message defense server further comprises:
the short message defense server detects the received short message verification request quantity;
if the short message verification request quantity is larger than a first preset quantity, starting a static graphic verification code to verify the terminal identity; if the short message verification request quantity is larger than a second preset quantity, starting a dynamic graphic verification code to verify the terminal identity; if the short message verification request quantity is larger than a third preset quantity, limiting to receive the first short message verification request; the first preset amount is smaller than the second preset amount, and the second preset amount is smaller than the third preset amount.
10. The short message defense server as claimed in any one of claims 5 to 7, wherein the short message defense server forwards the first short message verification request to the operator short message interface device comprises:
and the short message defense server carries out asymmetric encryption on the first short message verification request and forwards the encrypted first short message verification request to the operator short message interface device.
CN201911342215.0A 2019-12-23 2019-12-23 Short message service system, forwarding interface device and defense server Active CN110944300B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911342215.0A CN110944300B (en) 2019-12-23 2019-12-23 Short message service system, forwarding interface device and defense server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911342215.0A CN110944300B (en) 2019-12-23 2019-12-23 Short message service system, forwarding interface device and defense server

Publications (2)

Publication Number Publication Date
CN110944300A CN110944300A (en) 2020-03-31
CN110944300B true CN110944300B (en) 2022-06-24

Family

ID=69912659

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911342215.0A Active CN110944300B (en) 2019-12-23 2019-12-23 Short message service system, forwarding interface device and defense server

Country Status (1)

Country Link
CN (1) CN110944300B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111935655A (en) * 2020-05-27 2020-11-13 武汉小码联城科技有限公司 Short message sending processing method, system, client, server and verification device
CN113067814B (en) * 2021-03-17 2023-02-28 成都飞鱼星科技股份有限公司 Connection pipe control method and device for server and Internet of things terminal

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104768139A (en) * 2015-02-28 2015-07-08 北京奇艺世纪科技有限公司 Method and device for sending short messages
CN107786573A (en) * 2017-11-09 2018-03-09 张昭 A kind of data verification system
CN108900479A (en) * 2018-06-12 2018-11-27 泰康保险集团股份有限公司 Short message verification code acquisition methods and device
CN108989263A (en) * 2017-05-31 2018-12-11 中国移动通信集团公司 Short message verification code attack guarding method, server and computer readable storage medium
CN109413656A (en) * 2018-12-21 2019-03-01 成都路行通信息技术有限公司 A kind of short message interface guard method based on application firewall

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104768139A (en) * 2015-02-28 2015-07-08 北京奇艺世纪科技有限公司 Method and device for sending short messages
CN108989263A (en) * 2017-05-31 2018-12-11 中国移动通信集团公司 Short message verification code attack guarding method, server and computer readable storage medium
CN107786573A (en) * 2017-11-09 2018-03-09 张昭 A kind of data verification system
CN108900479A (en) * 2018-06-12 2018-11-27 泰康保险集团股份有限公司 Short message verification code acquisition methods and device
CN109413656A (en) * 2018-12-21 2019-03-01 成都路行通信息技术有限公司 A kind of short message interface guard method based on application firewall

Also Published As

Publication number Publication date
CN110944300A (en) 2020-03-31

Similar Documents

Publication Publication Date Title
EP2950506B1 (en) Method and system for establishing a secure communication channel
KR101047641B1 (en) Enhance security and privacy for security devices
US8819432B2 (en) Method for authentication and signature of a user in an application service, using a mobile telephone as a second factor in addition to and independently of a first factor
US8839397B2 (en) End point context and trust level determination
CN102378170B (en) Method, device and system of authentication and service calling
US9674219B2 (en) Authenticating public land mobile networks to mobile stations
US5799084A (en) System and method for authenticating cellular telephonic communication
EP3677005B1 (en) Authentication protocol based on trusted execution environment
CN102299930B (en) Method for ensuring security of client software
JP5592881B2 (en) Detect anomalies in traffic sent by mobile terminals in a wireless communication network
US11159674B2 (en) Multi-factor authentication of caller identification (ID) identifiers
EP3709598A1 (en) Anti'sim swapping fraud
CN106656992B (en) Information verification method
CN112929339B (en) Message transmitting method for protecting privacy
EP3525503A1 (en) Registering or authenticating user equipment to a visited public land mobile network
WO2017166419A1 (en) Method of identifying false base station, device identifying false base station, and terminal
EP1680940B1 (en) Method of user authentication
CN110944300B (en) Short message service system, forwarding interface device and defense server
US20210256102A1 (en) Remote biometric identification
CN112448930A (en) Account registration method, device, server and computer readable storage medium
KR101243101B1 (en) Voice one-time password based user authentication method and system on smart phone
JP6101088B2 (en) Status change notification method, subscriber authentication device, status change detection device, and mobile communication system
Mallik et al. Understanding Man-in-the-middle-attack through Survey of Literature
US20230023665A1 (en) Privacy information transmission method, apparatus, computer device and computer-readable medium
CN116070225A (en) API authentication method, system, operation control device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant