WO2017028553A1 - Message security control method, device and system - Google Patents

Message security control method, device and system Download PDF

Info

Publication number
WO2017028553A1
WO2017028553A1 PCT/CN2016/080545 CN2016080545W WO2017028553A1 WO 2017028553 A1 WO2017028553 A1 WO 2017028553A1 CN 2016080545 W CN2016080545 W CN 2016080545W WO 2017028553 A1 WO2017028553 A1 WO 2017028553A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
feature code
unique feature
unique
signature
Prior art date
Application number
PCT/CN2016/080545
Other languages
French (fr)
Chinese (zh)
Inventor
曹俊勇
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017028553A1 publication Critical patent/WO2017028553A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • This paper relates to the field of security verification and management of messages, and more particularly to a method, device and system for verifying and controlling the security of message content.
  • a typical message security control process is that the service system receives the message, forwards the original message to the management and control platform, and the management platform analyzes the data in real time, and feeds the result back to the service system. The service system continues to deliver or terminate the process according to the result.
  • the size of traditional business messages is limited, such as 140 bytes of text messages, 300K bytes of MMS, etc., and there is no problem with the typical security management process.
  • new services such as WeChat and RCS
  • sending the original message to the security management platform, waiting for the real-time processing mode of the management platform has many drawbacks.
  • the transmission of large messages requires very high network transmission speed, and the transmission of repeated messages is extremely great for network bandwidth resources. Waste and duplication, the security check of the message is also a great waste of the processing power of the management platform.
  • the present invention will provide a message security management method, apparatus and system to alleviate the burden placed on a management platform by repeatedly initiating a full content verification request for the same message content.
  • a method for security management of messages comprising:
  • the query result includes: a message content validity or a sending identifier of the complete content of the message corresponding to the unique feature code, where the identifier is used to indicate that the complete content of the message corresponding to the unique feature code is sent to the Legality verification function.
  • the method further includes:
  • the obtained query result includes the sending identifier of the complete content of the message corresponding to the unique feature code, sending the complete content of the message corresponding to the unique feature code to the message legality verification function; receiving the message The legality of the complete content of the message returned by the legality verification function.
  • a security management device for a message comprising: a signature generation module and a data transceiver module, wherein
  • the feature code generating module is configured to: generate a unique feature code according to the message content;
  • the data transceiver module is configured to: send the unique feature code to a message legality verification function; and receive a query result returned by the message legality verification function.
  • the query result includes: a message content validity or a sending identifier of the complete content of the message corresponding to the unique feature code, where the identifier is used to indicate that the complete content of the message corresponding to the unique feature code is sent to the Legality verification function.
  • the data transceiving module is further configured to: when the query result includes a sending identifier of the complete content of the message corresponding to the unique feature code, refer to sending the complete content of the message corresponding to the unique feature code to the The message legality verification function; receiving the legality of the complete content of the message returned by the message legality verification function.
  • a method for security management of messages comprising:
  • the step of returning the query result of the message corresponding to the unique signature includes:
  • the identifier is used to indicate that the unique signature sender sends the unique signature when the unique legality record corresponding to the unique signature is not found.
  • the complete content of the corresponding message is used to indicate that the unique signature sender sends the unique signature when the unique legality record corresponding to the unique signature is not found.
  • the method further includes:
  • generating a unique feature code according to the complete content of the message After analyzing and determining the legitimacy of the complete content of the message, generating a unique feature code according to the complete content of the message; generating a unique feature code according to the complete content of the message and the determined message The legality of the complete content is saved in the signature database;
  • the step of generating a unique feature code according to the complete content of the message includes generating a unique feature code by using the same algorithm as the unique feature code sender.
  • a message security management device includes: a communication module, a signature database, and a signature query module, wherein
  • the communication module is configured to: receive a unique feature code generated according to the message content;
  • the signature database is configured to: store a correspondence between a unique signature of the message and the legitimacy of the message;
  • the feature code querying module is configured to: query, according to the received unique feature code, whether the message corresponding to the unique feature code is legal from the feature code database, and return a query result.
  • the signature query module is configured to return the query result as follows:
  • the unique feature code pair is found from the signature database
  • the validity of the message is returned, the legality of the message is returned to the sender of the unique signature;
  • the complete content transmission identifier of the message corresponding to the unique signature is returned to the unique signature sender, and the unique signature sender is sent to send the The complete content of the message corresponding to the unique signature.
  • the communication module is further configured to: receive the complete content of the message corresponding to the unique signature sent by the sender of the unique signature;
  • the device further includes: a legality verification module, the legality verification module is configured to: analyze and determine the legality of the complete content of the message corresponding to the unique feature code; and return the legality of the complete content of the message to The unique signature sender.
  • a legality verification module is configured to: analyze and determine the legality of the complete content of the message corresponding to the unique feature code; and return the legality of the complete content of the message to The unique signature sender.
  • the device further includes:
  • the feature code generating module is configured to: generate a unique feature code according to the complete content of the message corresponding to the unique feature code; generate a unique feature code and the legality check module according to the complete content of the message corresponding to the unique feature code Determining the legitimacy of the complete content of the message corresponding to the unique feature code in the signature database;
  • the method for generating the unique feature code by the feature code generating module is consistent with the method for generating the unique feature code received by the communication module.
  • a message security management system includes: any of the above-mentioned security management devices that can be executed on the service system side and any of the above-mentioned security management devices that can execute messages on the side of the message legality verification function.
  • a computer program comprising program instructions that, when executed by a business system, cause the business system to perform any of the above-described corresponding security management methods of messages.
  • a computer program comprising program instructions that, when executed by a message validity verification function, cause the message validity verification function to perform a security tube of any of the corresponding messages described above Control method.
  • a message security management system includes: a service module and a security management module, wherein
  • the service module is configured to: generate a unique feature code according to the message content, and send the unique feature code to the security management module;
  • the security management module is configured to: determine validity of the message according to the unique feature code, and return a result.
  • the security management module includes: a feature code storage submodule and a feature code query submodule;
  • the feature code storage sub-module is configured to: store the validity of the unique feature code and the message corresponding to the unique feature code;
  • the feature code query sub-module is configured to: according to the unique feature code, query whether the message corresponding to the unique feature code is legal from the feature code storage sub-module, and return a query result.
  • the query result returned by the signature query sub-module includes:
  • the service module is further configured to send the complete content of the message corresponding to the unique feature code to the security management module;
  • the security management module further includes: a legality verification submodule
  • the validity check sub-module is configured to: receive the complete content of the message corresponding to the unique feature code; analyze and determine the legality of the complete content of the message corresponding to the unique feature code; and return the complete content of the message legality.
  • the security management module further includes a feature code generation submodule configured to: according to Generating a unique feature code for the complete content of the message corresponding to the unique feature code; storing the generated unique feature code and the legality result of the complete content of the message corresponding to the unique feature code determined by the legality verification sub-module in the The feature code storage sub-module;
  • the method for generating the unique feature code by the feature code generation sub-module is consistent with the method for generating the unique feature code sent by the service module.
  • the invention provides a message security management and control method, device and system, which change the manner in which the complete message content is sent to the security management platform for message security verification in the related technical solution, and the existing message content is unchanged, and the message body
  • the new feature of the message type service is that the unique feature code of the message is extracted from the message to be verified, and the unique feature code is sent to the security management platform for verification; the unique feature is not saved only on the security management platform.
  • the complete message is sent to the security management platform when the code and the security verification result of the corresponding message are obtained.
  • the invention provides a message security management and control method, device and system, which avoids the network bandwidth pressure caused by repeatedly initiating a complete content verification request for the same message content, and at the same time, after verifying the validity of the complete message content once,
  • the unique signature and legality verification result corresponding to the message are saved, and the subsequent verification results only perform the query verification result according to the unique signature, which greatly improves the security verification efficiency.
  • FIG. 1 is a flowchart of a method for security management and control of a message according to Embodiment 1 of the present invention
  • FIG. 2 is a structural diagram of a message security management device according to Embodiment 2 of the present invention.
  • FIG. 3 is a flowchart of a method for security management and control of a message according to Embodiment 3 of the present invention.
  • FIG. 4 is a structural diagram of a message security management device according to Embodiment 4 of the present invention.
  • FIG. 5 is a structural diagram of a message security management system according to Embodiment 5 of the present invention.
  • the embodiment provides a security management and control method for a message, which can be executed on the service system side, as shown in FIG. 1 , and includes:
  • Step 101 Generate a unique feature code according to the content of the message
  • Step 102 Send the unique feature code to the message legality verification function, and obtain a query result returned by the message legality verification function.
  • the unique feature code is generated according to the content of the message, and the content of the message may be processed by using the message digest MD5 algorithm; or the content of the message may be processed by using the secure hash SHA1 algorithm; or It can also be generated by using other unique feature code generation algorithms, and the generated unique feature code can uniquely represent the content of the message.
  • the unique feature code generated by the corresponding feature code is also different; those skilled in the art according to the embodiment The specific generation algorithm described above can be modified or replaced reasonably to implement the technical solution of the present invention.
  • the message legality verification function queries the signature database according to the unique signature, and when the validity verification result of the message corresponding to the unique signature can be found from the signature database, the verification result is returned to the unique feature.
  • the sender of the code includes the legality of the content of the message, indicating the legality of the message corresponding to the unique feature code; when the validity of the message legality corresponding to the unique feature code cannot be found from the signature database, the result is returned.
  • the query result includes a sending identifier of the complete content of the unique signature corresponding to the message, and indicates that the unique signature sender sends the complete content of the message corresponding to the unique feature to the message legality verification function.
  • the complete content of the message corresponding to the unique feature code is sent to the message legality verification function;
  • the verification result returned by the legality verification function according to the complete content of the message; at this time, the verification result includes the legality of the message content, indicating the legitimacy of the complete message.
  • the legality verification function performs legality verification on the complete content of the message, and the legality of the message content can be verified by using the solution in the related technology; at the same time, different service platforms define the legitimacy of the message content. Different standards are different, and the corresponding legality verification methods are also different; the specific implementation of the solution of the present invention is not limited to the specific verification scheme of the message content legality;
  • the function of the legality verification function in this embodiment is a software module that has the capability of verifying the validity of the message, and may be a software module that implements the security management method described in the third embodiment; or it may be implemented in the third embodiment.
  • the embodiment provides a message security management device, as shown in FIG. 2, including: a first feature code generating module 201 and a data transceiver module 202, wherein
  • the first feature code generating module 201 is configured to: generate a unique feature code according to the message content;
  • the data transceiver module 202 is configured to: send the unique feature code to the message legality verification function; and receive the query result returned by the message legality verification function.
  • the query result includes: a message content validity or a sending identifier of a complete content of the message corresponding to the unique feature code.
  • the data transceiver module 202 is further configured to: when the query result includes a sending identifier of the complete content of the message corresponding to the unique feature code, indicating that the complete content of the message corresponding to the unique feature code is sent And transmitting the complete content of the message corresponding to the unique feature code to the message legality verification function; and receiving the verification result of the message legality verification function.
  • the embodiment further provides a message security control method, which can be executed on the message legality verification function side, as shown in FIG. 3, including:
  • Step 301 Receive a unique feature code generated according to the content of the message
  • Step 302 Query a feature code database according to the unique feature code; return the unique feature The validity of the message corresponding to the message.
  • step 302 the validity verification result of the message corresponding to the unique feature code is returned, including: when the legality record of the message corresponding to the unique feature code is found in the feature code database, returning The legality of the message corresponding to the unique feature code;
  • the step of generating a unique feature code according to the complete content of the message includes: generating a unique feature code by using the same algorithm as the unique feature code sender; that is, for the same message, the unique feature code sent by the sender
  • the unique signature generated based on the full content of the message is the same.
  • the unique feature code is generated by using the message digest MD5 algorithm to process the content of the message; or the content of the message may be processed by using the secure hash SHA1 algorithm; or other unique feature codes may be generated.
  • the algorithm generates, and the generated unique feature code can uniquely represent the content of the message. When the message content is different, the corresponding unique feature code generated is also different.
  • An algorithm for generating a unique feature code including but not limited to the above algorithm, may be made by a person skilled in the art without any departure from the concept of the present invention. It is considered to be within the scope of protection of the present invention.
  • the signature database is configured to: save a correspondence between the unique signature of the message and the legality of the content of the message, for example:
  • the legality of the content of the message may be verified according to the complete content of the message, and the legality of the message content may be verified by using a solution in the related technology.
  • different service platforms define different standards for the legality of the message content, and corresponding
  • the legality verification method is also different; the specific implementation of the solution of the present invention is not limited to the specific message content legality verification scheme.
  • the embodiment further provides a message security management device, which can be located on the message legality verification function side, as shown in FIG. 4, including: a communication module 401, a signature database 402, and a signature query module 403.
  • a message security management device which can be located on the message legality verification function side, as shown in FIG. 4, including: a communication module 401, a signature database 402, and a signature query module 403.
  • the communication module 401 is configured to: receive a unique feature code generated according to the content of the message;
  • the signature database 402 is configured to: store a correspondence between a unique signature of the message and the legitimacy of the message;
  • the signature query module 403 is configured to query, from the signature database 402, whether the message corresponding to the unique signature is legal according to the received unique signature, and return a query result.
  • the feature code query module 403 returns the query result, including: when the validity of the corresponding message is found from the feature code database according to the unique feature code, the corresponding legality is returned; Corresponding to the validity of the message, the complete content sending identifier of the unique signature corresponding message is returned, and the sender of the unique signature is sent to send the complete content of the message corresponding to the unique signature.
  • the communication module 401 is further configured to: receive the complete content of the message corresponding to the unique feature code;
  • the device further includes: a validity check module 404, configured to: analyze and determine the validity of the complete content of the message corresponding to the unique feature code; and return the legitimacy of the complete content of the message.
  • a validity check module 404 configured to: analyze and determine the validity of the complete content of the message corresponding to the unique feature code; and return the legitimacy of the complete content of the message.
  • the device further includes:
  • the second feature code generating module 405 is configured to: generate a unique feature code according to the complete content of the message corresponding to the unique feature code; generate a unique feature code and the legality according to the complete content of the message corresponding to the unique feature code The validity result of the complete content of the message corresponding to the unique feature code determined by the verification module is saved in the signature database;
  • the method for generating the unique feature code by the second feature code generating module 405 is consistent with the method for generating the unique feature code received by the communication module.
  • the unique feature code is generated by using the message digest MD5 algorithm to process the content of the message; or the content of the message may be processed by using the secure hash SHA1 algorithm; or other unique feature codes may be generated.
  • the algorithm generates, and the generated unique feature code can uniquely represent the content of the message. When the message content is different, the corresponding unique feature code generated is also different.
  • An algorithm for generating a unique feature code including but not limited to the above algorithm, may be made by a person skilled in the art without any departure from the concept of the present invention. It is considered to be within the scope of protection of the present invention.
  • the embodiment further provides a message security management and control system, as shown in FIG. 5, comprising: a service module and a security management module, wherein
  • a service module configured to: generate a unique feature code according to the message content, and send the unique feature code to the security management module;
  • the security management module is configured to: determine the validity of the message according to the unique feature code, and return a result.
  • the security management module includes: a feature code storage submodule and a feature code query submodule;
  • the feature code storage submodule is configured to: store the unique feature code and the only The legitimacy of a message corresponding to a signature;
  • the feature code query sub-module is configured to: according to the unique feature code, query whether the message corresponding to the unique feature code is legal from the feature code storage sub-module, and return a query result.
  • the query result returned by the signature query sub-module includes:
  • the service module is further configured to: send the complete content of the message corresponding to the unique feature code to the security management module;
  • the security management module further includes: a legality verification submodule, configured to: receive the complete content of the message corresponding to the unique signature; analyze and determine the legality of the complete content of the message corresponding to the unique signature; The legitimacy of the complete content of the message.
  • a legality verification submodule configured to: receive the complete content of the message corresponding to the unique signature; analyze and determine the legality of the complete content of the message corresponding to the unique signature; The legitimacy of the complete content of the message.
  • the security management module further includes: a feature code generation sub-module, configured to: generate a unique feature code according to the complete content of the message corresponding to the unique feature code; and generate the unique feature code and the legality The validity result of the complete content of the message corresponding to the unique feature code determined by the test module is saved in the feature code storage submodule;
  • the method for generating the unique feature code by the feature code generation sub-module is consistent with the method for generating the unique feature code sent by the service module, that is, for the same message, the unique feature code sent by the sender is generated according to the complete content of the message.
  • the unique signature is the same.
  • the unique feature code is generated by using the message digest MD5 algorithm to process the content of the message; or the content of the message may be processed by using the secure hash SHA1 algorithm; or other unique feature code generation algorithms may be used. Generated, the generated unique feature code can uniquely represent the content of the message, and when the message content is different, the corresponding unique feature code generated is also different.
  • the algorithm for generating a unique feature code includes, but is not limited to, the above-mentioned algorithm.
  • a number of simple deductions or substitutions may be made without departing from the inventive concept. It is considered to be within the scope of protection of the present invention.
  • the signature database is configured to: store the validity of the message corresponding to the unique signature and the unique signature, and may be stored in a database manner or in a file manner, and is not limited to the implementation.
  • the technical solution of the present invention can be implemented by a person skilled in the art according to the manner of storing the database table exemplified in the embodiment, which can be reasonably modified or replaced.
  • the signature storage sub-module in the security management module of the security management system stores the legality records of the unique signature and the corresponding message in the form of a database table as shown in the following table:
  • the message 1 to be verified is a multimedia message whose content is picture file 1;
  • the service module sends a unique signature corresponding to the picture file 1 - 35b8569127e3c91a87aa52dc494ee3d6 to the security management module;
  • the security management module receives the unique signature, and the signature query sub-module queries the upper table in the signature storage sub-module to obtain the validity of the message corresponding to the unique signature: legal, the security management module returns the legal sexual results to the business module.
  • the service module processes the picture file 1 by using the MD5 algorithm to obtain a unique feature code.
  • the message 2 to be verified is a multimedia message whose content is short video file 2;
  • the service module sends a unique signature corresponding to the video file 2, d5edec82547a3b7b0628472927934d78, to the security management module;
  • the security management module receives the unique signature, and the signature query sub-module queries the upper table in the signature storage sub-module to obtain the validity of the message corresponding to the unique signature: the file is invalid, and the security control module returns the The result of the legality is given to the business module.
  • the service module processes the video file 2 by using the MD5 algorithm to obtain a unique feature code.
  • the message 3 to be verified is a multimedia message whose content is a short video file 3;
  • the service module sends a unique feature code corresponding to the video file 3, 611e33d077b007142a613b1f05ef681a, to the security management module;
  • the service module processes the video file 3 by using the MD5 algorithm to obtain the above unique feature code.
  • the security management module receives the unique signature, and the signature query sub-module queries from the upper table in the signature storage sub-module, and fails to find the message legality result corresponding to the unique signature; then returns the complete content of the message. Sending an identifier, informing the service module to send the complete content of the message corresponding to the unique signature.
  • the service module sends the video file 3 of the message 3 to the security management module;
  • the security management module receives the video file 3, and the legality verification sub-module analyzes and processes the video file 3 to determine that the legality of the video file 3 is legal: the security control module returns the validity result to the service module.
  • the security management module also processes the video file 3 by using the MD5 algorithm, and obtains the unique feature code 611e33d077b007142a613b1f05ef681a, and saves the validity result determined by the unique signature and the validity check submodule into the signature storage submodule, in the table.
  • the new corresponding record in 1 is as follows:
  • the legality verification sub-module analyzes and determines the legality of the message content according to the complete content of the message, and can verify the legality of the message content by using the solution in the related technology; at the same time, different service platforms define the legality of the message content. Different standards are different, and the corresponding legality verification methods are also different; the specific implementation of the solution of the present invention is not limited to the specific message content legality verification scheme.
  • the embodiment of the invention further discloses a message security management system, comprising: any of the above-mentioned security management devices that can be executed on the service system side and any of the above-mentioned security management devices that can execute messages on the message legality verification function side.
  • the embodiment of the invention further discloses a computer program, comprising program instructions, when the program instruction is executed by the service system, so that the service system can execute the security management method of any of the above messages.
  • the embodiment of the invention also discloses a carrier carrying the computer program.
  • the embodiment of the invention further discloses a computer program, comprising program instructions, when the program instruction is executed by the message legality verification function, so that the message legality verification function can execute the security management method of any of the above messages.
  • the embodiment of the invention also discloses a carrier carrying the computer program.
  • the embodiment provided by the present invention changes the related information scheme to send the complete message content each time to The security management platform performs message security verification.
  • the message is extracted from the message to be verified.
  • the unique signature is verified by the security management platform; the complete message is sent to the security management platform only when the security verification platform does not save the security verification result of the unique signature and the corresponding message.
  • the network bandwidth pressure caused by repeatedly initiating the complete content verification request for the same message content is avoided, and at the same time, after verifying the validity of the complete message content, the unique signature corresponding to the message is saved. And the validity verification result, for subsequent verification, only the unique feature code is used to perform the query verification result, which greatly improves the security verification efficiency.
  • all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve. Thus, the invention is not limited to any specific combination of hardware and software.
  • the devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
  • each device/function module/functional unit in the above embodiment When each device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium.
  • the above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
  • the technical solution of the present invention changes the manner in which the message security verification is performed every time the complete message content is sent to the security management platform in the related technical solution, and the new message content is unchanged, and the message volume data is large.
  • the feature is that the unique feature code of the message is extracted from the message to be verified, and the unique feature code is sent to the security management platform for verification; only when the security verification platform does not save the security verification result of the unique feature code and the corresponding message. Only send a complete message to the security management platform.
  • the invention provides a message security management and control method, device and system, which avoids the network bandwidth pressure caused by repeatedly initiating a complete content verification request for the same message content, and at the same time, after verifying the validity of the complete message content once,
  • the unique signature and legality verification result corresponding to the message are saved, and the subsequent verification results only perform the query verification result according to the unique signature, which greatly improves the security verification efficiency. Therefore, the present invention has strong industrial applicability.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

A message security control method, device and system, wherein the message security control method includes: receiving a unique feature code generated according to the content of the message; based on the unique feature code, querying a feature code database; returning a validity verification result of the message corresponding to the unique feature code.

Description

一种消息安全管控方法、装置和系统Message security management method, device and system 技术领域Technical field
本文涉及消息的安全性验证和管控领域,尤其涉及一种针对消息内容的安全性进行验证管控的方法、装置和系统。This paper relates to the field of security verification and management of messages, and more particularly to a method, device and system for verifying and controlling the security of message content.
背景技术Background technique
随着科技的发展,消息类业务越来越多,从传统业务短信和彩信,到新业务微信和融合通信(RCS,Rich Communication Suite)等,消息类产品的增多,对消息内容进行安全管控的必要性随之增加,保证网络环境的安定和谐,禁止反动信息的肆意传播,是业务产品运营部门头等大事。With the development of technology, more and more news services, from traditional business SMS and MMS, to new business WeChat and Rich Communication Suite (RCS, Rich Communication Suite), etc., the increase of message products, security control of message content The necessity is increasing, ensuring the stability and harmony of the network environment, and prohibiting the unintentional dissemination of reactionary information, which is the top priority of the business product operation department.
典型的消息安全管控流程为,业务系统收到消息,将原消息转发给管控平台,管控平台实时分析,并将结果反馈给业务系统,业务系统根据结果,继续下发或者终止流程。A typical message security control process is that the service system receives the message, forwards the original message to the management and control platform, and the management platform analyzes the data in real time, and feeds the result back to the service system. The service system continues to deliver or terminate the process according to the result.
传统业务消息大小有限制,如短信140字节,彩信300K字节等,典型安全管控流程并无问题。随着新业务的流行,如微信和RCS等,用户间发送图片、音频、视频和文件的场景越来越多,这类消息的特点有两个,一是消息体大,从几兆字节到几百兆字节;二是消息体数据内容相同,如图片、音频、视频、电影等,消息内容相同。这种情况下,将原消息发送给安全管控平台,等待管控平台实时处理的模式会有很多弊端,大消息的发送对网络传输速度要求非常高,重复消息的发送是对网络带宽资源的极大浪费和重复,消息的安全检查也是对管控平台处理能力的极大浪费。The size of traditional business messages is limited, such as 140 bytes of text messages, 300K bytes of MMS, etc., and there is no problem with the typical security management process. With the popularity of new services, such as WeChat and RCS, there are more and more scenes for sending pictures, audio, video and files between users. There are two characteristics of such messages. One is that the message is large, from several megabytes. Up to several hundred megabytes; second, the message body data content is the same, such as pictures, audio, video, movies, etc., the message content is the same. In this case, sending the original message to the security management platform, waiting for the real-time processing mode of the management platform has many drawbacks. The transmission of large messages requires very high network transmission speed, and the transmission of repeated messages is extremely great for network bandwidth resources. Waste and duplication, the security check of the message is also a great waste of the processing power of the management platform.
发明内容Summary of the invention
本发明将提供一种消息安全管控方法、装置和系统,以减轻由于针对相同消息内容多次重复发起完整内容校验请求而给管控平台所带来的负担。The present invention will provide a message security management method, apparatus and system to alleviate the burden placed on a management platform by repeatedly initiating a full content verification request for the same message content.
为了解决上述技术问题,采用如下技术方案:In order to solve the above technical problems, the following technical solutions are adopted:
一种消息的安全管控方法,包括: A method for security management of messages, comprising:
根据消息内容生成唯一特征码;Generating a unique signature based on the message content;
发送所述唯一特征码到消息合法性验证功能,获得所述消息合法性验证功能返回的查询结果。Sending the unique feature code to the message legality verification function, and obtaining the query result returned by the message legality verification function.
可选地,所述查询结果包括:消息内容合法性或所述唯一特征码对应的消息的完整内容的发送标识,该标识用于指示发送所述唯一特征码对应的消息的完整内容到所述合法性验证功能。Optionally, the query result includes: a message content validity or a sending identifier of the complete content of the message corresponding to the unique feature code, where the identifier is used to indicate that the complete content of the message corresponding to the unique feature code is sent to the Legality verification function.
可选地,该方法还包括:Optionally, the method further includes:
当获得的所述查询结果包括所述唯一特征码对应的消息的完整内容的发送标识时,则发送所述唯一特征码对应的消息的完整内容到所述消息合法性验证功能;接收所述消息合法性验证功能返回的该消息的完整内容的合法性。And when the obtained query result includes the sending identifier of the complete content of the message corresponding to the unique feature code, sending the complete content of the message corresponding to the unique feature code to the message legality verification function; receiving the message The legality of the complete content of the message returned by the legality verification function.
一种消息的安全管控装置,包括:特征码生成模块和数据收发模块,其中,A security management device for a message, comprising: a signature generation module and a data transceiver module, wherein
所述特征码生成模块设置成:根据消息内容生成唯一特征码;The feature code generating module is configured to: generate a unique feature code according to the message content;
所述数据收发模块设置成:发送所述唯一特征码到消息合法性验证功能;接收所述消息合法性验证功能返回的查询结果。The data transceiver module is configured to: send the unique feature code to a message legality verification function; and receive a query result returned by the message legality verification function.
可选地,所述查询结果包括:消息内容合法性或所述唯一特征码对应的消息的完整内容的发送标识,该标识用于指示发送所述唯一特征码对应的消息的完整内容到所述合法性验证功能。Optionally, the query result includes: a message content validity or a sending identifier of the complete content of the message corresponding to the unique feature code, where the identifier is used to indicate that the complete content of the message corresponding to the unique feature code is sent to the Legality verification function.
可选地,所述数据收发模块还设置成:当所述查询结果包括所述唯一特征码对应的消息的完整内容的发送标识时,指发送所述唯一特征码对应的消息的完整内容到所述消息合法性验证功能;接收所述消息合法性验证功能返回的该消息的完整内容的合法性。Optionally, the data transceiving module is further configured to: when the query result includes a sending identifier of the complete content of the message corresponding to the unique feature code, refer to sending the complete content of the message corresponding to the unique feature code to the The message legality verification function; receiving the legality of the complete content of the message returned by the message legality verification function.
一种消息的安全管控方法,包括:A method for security management of messages, comprising:
接收根据消息内容生成的唯一特征码; Receiving a unique signature generated based on the content of the message;
根据所述唯一特征码,查询特征码数据库;Querying a signature database according to the unique feature code;
返回所述唯一特征码对应的消息的查询结果。Returning the query result of the message corresponding to the unique feature code.
可选地,所述返回所述唯一特征码对应的消息的查询结果的步骤包括:Optionally, the step of returning the query result of the message corresponding to the unique signature includes:
当在所述特征码数据库中查到所述唯一特征码对应的消息的合法性记录时,返回所述唯一特征码对应的消息的合法性;Returning the legality of the message corresponding to the unique feature code when the legality record of the message corresponding to the unique feature code is found in the signature database;
当查不到所述唯一特征码对应的消息合法性记录时,返回所述唯一特征码对应的消息的完整内容发送标识,该标识用于指示所述唯一特征码发送方发送所述唯一特征码对应的消息的完整内容。Returning the complete content transmission identifier of the message corresponding to the unique signature, the identifier is used to indicate that the unique signature sender sends the unique signature when the unique legality record corresponding to the unique signature is not found. The complete content of the corresponding message.
可选地,该方法还包括:Optionally, the method further includes:
接收所述唯一特征码发送方发来的所述唯一特征码对应的消息的完整内容,分析并确定所述消息的完整内容的合法性,返回所述消息的完整内容的合法性。Receiving the complete content of the message corresponding to the unique feature code sent by the sender of the unique signature, analyzing and determining the legitimacy of the complete content of the message, and returning the legitimacy of the complete content of the message.
可选地,分析并确定所述消息的完整内容的合法性后,根据所述消息的完整内容生成唯一特征码;将根据所述消息的完整内容生成的唯一特征码和所确定的所述消息的完整内容的合法性保存到所述特征码数据库中;Optionally, after analyzing and determining the legitimacy of the complete content of the message, generating a unique feature code according to the complete content of the message; generating a unique feature code according to the complete content of the message and the determined message The legality of the complete content is saved in the signature database;
其中,所述根据所述消息的完整内容生成唯一特征码的步骤包括:采用与所述唯一特征码发送方相同的算法生成唯一特征码。The step of generating a unique feature code according to the complete content of the message includes generating a unique feature code by using the same algorithm as the unique feature code sender.
一种消息安全管控装置,包括:通信模块、特征码数据库和特征码查询模块,其中,A message security management device includes: a communication module, a signature database, and a signature query module, wherein
所述通信模块设置成:接收根据消息内容生成的唯一特征码;The communication module is configured to: receive a unique feature code generated according to the message content;
所述特征码数据库设置成:存储消息的唯一特征码和消息合法性的对应关系;The signature database is configured to: store a correspondence between a unique signature of the message and the legitimacy of the message;
所述特征码查询模块设置成:根据接收到的所述唯一特征码,从所述特征码数据库中查询所述唯一特征码所对应的消息是否合法,返回查询结果。The feature code querying module is configured to: query, according to the received unique feature code, whether the message corresponding to the unique feature code is legal from the feature code database, and return a query result.
可选地,所述特征码查询模块设置成按照如下方式返回查询结果:Optionally, the signature query module is configured to return the query result as follows:
当根据所述唯一特征码,从所述特征码数据库中查到与该唯一特征码对 应的消息的合法性时,返回该消息的合法性给唯一特征码发送方;When the unique feature code is found, the unique feature code pair is found from the signature database When the validity of the message is returned, the legality of the message is returned to the sender of the unique signature;
当查不到与该唯一特征码对应的消息的合法性时,返回该唯一特征码对应的消息的完整内容发送标识给所述唯一特征码发送方,指示所述唯一特征码发送方发送所述唯一特征码对应的消息的完整内容。When the validity of the message corresponding to the unique signature is not found, the complete content transmission identifier of the message corresponding to the unique signature is returned to the unique signature sender, and the unique signature sender is sent to send the The complete content of the message corresponding to the unique signature.
可选地,所述通信模块还设置成:接收所述唯一特征码发送方发来的所述唯一特征码对应的消息的完整内容;Optionally, the communication module is further configured to: receive the complete content of the message corresponding to the unique signature sent by the sender of the unique signature;
所述装置还包括:合法性校验模块,该合法性校验模块设置成:分析并确定所述唯一特征码对应的消息的完整内容的合法性;返回所述消息的完整内容的合法性给所述唯一特征码发送方。The device further includes: a legality verification module, the legality verification module is configured to: analyze and determine the legality of the complete content of the message corresponding to the unique feature code; and return the legality of the complete content of the message to The unique signature sender.
可选地,该装置还包括:Optionally, the device further includes:
特征码生成模块,设置成:根据所述唯一特征码对应的消息的完整内容生成唯一特征码;将根据所述唯一特征码对应的消息的完整内容生成唯一特征码和所述合法性校验模块确定的所述唯一特征码对应的消息的完整内容的合法性保存在所述特征码数据库中;The feature code generating module is configured to: generate a unique feature code according to the complete content of the message corresponding to the unique feature code; generate a unique feature code and the legality check module according to the complete content of the message corresponding to the unique feature code Determining the legitimacy of the complete content of the message corresponding to the unique feature code in the signature database;
其中,所述特征码生成模块生成唯一特征码的方法和所述通信模块接收到的唯一特征码的生成方法一致。The method for generating the unique feature code by the feature code generating module is consistent with the method for generating the unique feature code received by the communication module.
一种消息安全管控系统,包括:上述任意的可在业务系统侧执行的安全管控装置和上述任意的可在消息合法性验证功能侧执行的消息的安全管控装置。A message security management system includes: any of the above-mentioned security management devices that can be executed on the service system side and any of the above-mentioned security management devices that can execute messages on the side of the message legality verification function.
一种计算机程序,包括程序指令,当该程序指令被业务系统执行时,使得该业务系统可执行上述任意的相应的消息的安全管控方法。A computer program comprising program instructions that, when executed by a business system, cause the business system to perform any of the above-described corresponding security management methods of messages.
一种载有所述的计算机程序的载体。A carrier carrying the computer program as described.
一种计算机程序,包括程序指令,当该程序指令被消息合法性验证功能执行时,使得该消息合法性验证功能可执行上述任意的相应的消息的安全管 控方法。A computer program comprising program instructions that, when executed by a message validity verification function, cause the message validity verification function to perform a security tube of any of the corresponding messages described above Control method.
一种载有所述的计算机程序的载体。A carrier carrying the computer program as described.
一种消息安全管控系统,包括:业务模块和安全管控模块,其中,A message security management system includes: a service module and a security management module, wherein
所述业务模块设置成:根据消息内容生成唯一特征码,发送所述唯一特征码到所述安全管控模块;The service module is configured to: generate a unique feature code according to the message content, and send the unique feature code to the security management module;
所述安全管控模块设置成:根据所述唯一特征码确定消息的合法性,并返回结果。The security management module is configured to: determine validity of the message according to the unique feature code, and return a result.
可选地,所述安全管控模块,包括:特征码存储子模块和特征码查询子模块;Optionally, the security management module includes: a feature code storage submodule and a feature code query submodule;
其中,所述特征码存储子模块设置成:存储所述唯一特征码和所述唯一特征码对应的消息的合法性;The feature code storage sub-module is configured to: store the validity of the unique feature code and the message corresponding to the unique feature code;
所述特征码查询子模块设置成:根据所述唯一特征码,从所述特征码存储子模块中查询所述唯一特征码所对应的消息是否合法,返回查询结果。The feature code query sub-module is configured to: according to the unique feature code, query whether the message corresponding to the unique feature code is legal from the feature code storage sub-module, and return a query result.
其中,所述特征码查询子模块返回的查询结果,包括:The query result returned by the signature query sub-module includes:
当根据所述唯一特征码,从所述特征码存储子模块中查到所述唯一特征码所对应的消息的合法性记录时,返回对应的合法性;When the legality record of the message corresponding to the unique feature code is found from the feature code storage sub-module according to the unique feature code, the corresponding legality is returned;
当根据所述唯一特征码,从所述特征码存储子模块中查不到所述唯一特征码所对应的消息的合法性记录时,返回消息完整内容发送标识,通知所述业务模块发送所述唯一特征码对应的消息的完整内容。When the legality record of the message corresponding to the unique feature code is not found from the feature code storage submodule according to the unique feature code, returning a message complete content sending identifier, and notifying the service module to send the The complete content of the message corresponding to the unique signature.
可选地,所述业务模块,还用于将所述唯一特征码对应的消息的完整内容发送到所述安全管控模块;Optionally, the service module is further configured to send the complete content of the message corresponding to the unique feature code to the security management module;
所述安全管控模块,还包括:合法性校验子模块;The security management module further includes: a legality verification submodule;
所述合法性校验子模块设置成:接收所述唯一特征码对应的消息的完整内容;分析并确定所述唯一特征码对应的消息的完整内容的合法性;返回所述消息的完整内容的合法性。The validity check sub-module is configured to: receive the complete content of the message corresponding to the unique feature code; analyze and determine the legality of the complete content of the message corresponding to the unique feature code; and return the complete content of the message legality.
可选地,所述安全管控模块,还包括特征码生成子模块设置成:根据所 述唯一特征码对应的消息的完整内容生成唯一特征码;将生成的唯一特征码和所述合法性校验子模块确定的所述唯一特征码对应的消息的完整内容的合法性结果保存在所述特征码存储子模块中;Optionally, the security management module further includes a feature code generation submodule configured to: according to Generating a unique feature code for the complete content of the message corresponding to the unique feature code; storing the generated unique feature code and the legality result of the complete content of the message corresponding to the unique feature code determined by the legality verification sub-module in the The feature code storage sub-module;
其中,所述特征码生成子模块生成唯一特征码的方法和所述业务模块发送的唯一特征码的生成方法一致。The method for generating the unique feature code by the feature code generation sub-module is consistent with the method for generating the unique feature code sent by the service module.
本发明提供的一种消息安全管控方法、装置和系统,改变了相关技术方案中每次发送完整消息内容到安全管控平台进行消息安全性验证的方式,针对现存大量消息内容不变,且消息体数据量大这一消息类业务的新特点,提出了先对要验证的消息提取消息唯一特征码,发送该唯一特征码到安全性管控平台进行验证;只在安全性管控平台未保存该唯一特征码和对应消息的安全性验证结果时,才发送完整消息到安全性管控平台。本发明提供的一种消息安全管控方法、装置和系统,避免了针对相同消息内容多次重复发起完整内容校验请求所带来的网络带宽压力,同时,针对完整消息内容验证一次合法性后,保存该消息对应的唯一特征码和合法性验证结果,供后续验证时,只根据唯一特征码进行查询验证结果,大大提升了安全性验证效率。The invention provides a message security management and control method, device and system, which change the manner in which the complete message content is sent to the security management platform for message security verification in the related technical solution, and the existing message content is unchanged, and the message body The new feature of the message type service is that the unique feature code of the message is extracted from the message to be verified, and the unique feature code is sent to the security management platform for verification; the unique feature is not saved only on the security management platform. The complete message is sent to the security management platform when the code and the security verification result of the corresponding message are obtained. The invention provides a message security management and control method, device and system, which avoids the network bandwidth pressure caused by repeatedly initiating a complete content verification request for the same message content, and at the same time, after verifying the validity of the complete message content once, The unique signature and legality verification result corresponding to the message are saved, and the subsequent verification results only perform the query verification result according to the unique signature, which greatly improves the security verification efficiency.
附图概述BRIEF abstract
图1为本发明实施例一提供的一种消息的安全管控方法流程图;FIG. 1 is a flowchart of a method for security management and control of a message according to Embodiment 1 of the present invention;
图2为本发明实施例二提供的一种消息的安全管控装置的结构图;2 is a structural diagram of a message security management device according to Embodiment 2 of the present invention;
图3为本发明实施例三提供的一种消息的安全管控方法流程图;3 is a flowchart of a method for security management and control of a message according to Embodiment 3 of the present invention;
图4为本发明实施例四提供的一种消息的安全管控装置的结构图;4 is a structural diagram of a message security management device according to Embodiment 4 of the present invention;
图5为本发明实施例五提供的一种消息的安全管控系统的结构图。FIG. 5 is a structural diagram of a message security management system according to Embodiment 5 of the present invention.
本发明的较佳实施方式Preferred embodiment of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
下面将结合附图及具体实施例对本发明作进一步的详细描述。需要说 明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。The invention will be further described in detail below with reference to the drawings and specific embodiments. Need to say It is to be understood that the embodiments of the present application and the features of the embodiments can be arbitrarily combined with each other without conflict.
实施例一Embodiment 1
本实施例提供一种消息的安全管控方法,可以在业务系统侧执行,如图1所示,包括:The embodiment provides a security management and control method for a message, which can be executed on the service system side, as shown in FIG. 1 , and includes:
步骤101,根据消息内容生成唯一特征码;Step 101: Generate a unique feature code according to the content of the message;
步骤102,发送所述唯一特征码到消息合法性验证功能,获得消息合法性验证功能返回的查询结果。Step 102: Send the unique feature code to the message legality verification function, and obtain a query result returned by the message legality verification function.
其中,步骤101中,根据消息内容生成唯一特征码,具体可以,采用消息摘要MD5算法对消息的内容进行处理得到;或者,还可以采用安全哈希SHA1算法对消息的内容进行处理得到;或者,还可以采用其他唯一特征码生成算法生成,所生成的唯一特征码能够唯一代表消息的内容,当消息内容不同时,其对应生成的唯一特征码也不相同;本领域技术人员根据本实施例所例举的上述具体生成算法,可以合理的进行变形或替换,而实现本发明所述技术方案。In the step 101, the unique feature code is generated according to the content of the message, and the content of the message may be processed by using the message digest MD5 algorithm; or the content of the message may be processed by using the secure hash SHA1 algorithm; or It can also be generated by using other unique feature code generation algorithms, and the generated unique feature code can uniquely represent the content of the message. When the message content is different, the unique feature code generated by the corresponding feature code is also different; those skilled in the art according to the embodiment The specific generation algorithm described above can be modified or replaced reasonably to implement the technical solution of the present invention.
步骤102中,消息合法性验证功能根据唯一特征码查询其特征码数据库,当能够从特征码数据库中查到该唯一特征码对应的消息的合法性验证结果时,将该验证结果返回给唯一特征码发送方,该验证结果包括消息内容合法性,指示该唯一特征码对应的消息的合法性;当不能从特征码数据库中查到该唯一特征码对应的消息合法性验证结果时,则在返回的查询结果中包括所述唯一特征码对应消息的完整内容的发送标识,指示唯一特征码发送方将该唯一特征所对应消息的完整内容发送到消息合法性验证功能。In step 102, the message legality verification function queries the signature database according to the unique signature, and when the validity verification result of the message corresponding to the unique signature can be found from the signature database, the verification result is returned to the unique feature. The sender of the code includes the legality of the content of the message, indicating the legality of the message corresponding to the unique feature code; when the validity of the message legality corresponding to the unique feature code cannot be found from the signature database, the result is returned. The query result includes a sending identifier of the complete content of the unique signature corresponding to the message, and indicates that the unique signature sender sends the complete content of the message corresponding to the unique feature to the message legality verification function.
可选地,当步骤102获得的消息安全性查询结果指示发送所述唯一特征码对应的消息的完整内容时,则发送该唯一特征码对应的消息的完整内容到消息合法性验证功能;获得消息合法性验证功能根据消息的完整内容返回的验证结果;此时,该验证结果包括消息内容合法性,指示该完整消息的合法性。 Optionally, when the message security query result obtained in step 102 indicates that the complete content of the message corresponding to the unique feature code is sent, the complete content of the message corresponding to the unique feature code is sent to the message legality verification function; The verification result returned by the legality verification function according to the complete content of the message; at this time, the verification result includes the legality of the message content, indicating the legitimacy of the complete message.
其中,依据消息内容,合法性验证功能针对所述消息的完整内容进行合法性验证,可以采用相关技术中的方案对消息内容的合法性进行验证;同时,不同的业务平台对消息内容合法性定义的标准不同,对应的合法性验证方法也不同;本发明方案的具体实施不限于具体采用何种消息内容合法性验证方案;According to the content of the message, the legality verification function performs legality verification on the complete content of the message, and the legality of the message content can be verified by using the solution in the related technology; at the same time, different service platforms define the legitimacy of the message content. Different standards are different, and the corresponding legality verification methods are also different; the specific implementation of the solution of the present invention is not limited to the specific verification scheme of the message content legality;
本实施例中合法性验证功能,是指具备消息合法性验证能力的功能模块,可以是实现实施例三中所述的安全管控方法的软件模块;或者,也可以是实现实施例三中所述的安全管控方法的硬件模块;或者,也可以是本发明实施例四所述的安全管控装置;或者,也可以是实施例五中安全管控系统中的安全管控模块。The function of the legality verification function in this embodiment is a software module that has the capability of verifying the validity of the message, and may be a software module that implements the security management method described in the third embodiment; or it may be implemented in the third embodiment. The hardware management module of the security management system of the fourth embodiment of the present invention; or the security management and control module of the security management system of the fifth embodiment.
实施例二Embodiment 2
本实施例提供一种消息的安全管控装置,如图2所示,包括:第一特征码生成模块201和数据收发模块202,其中,The embodiment provides a message security management device, as shown in FIG. 2, including: a first feature code generating module 201 and a data transceiver module 202, wherein
所述第一特征码生成模块201,设置成:根据消息内容生成唯一特征码;The first feature code generating module 201 is configured to: generate a unique feature code according to the message content;
所述数据收发模块202,设置成:发送所述唯一特征码到消息合法性验证功能;接收所述消息合法性验证功能返回的查询结果。The data transceiver module 202 is configured to: send the unique feature code to the message legality verification function; and receive the query result returned by the message legality verification function.
其中,所述查询结果,包括:消息内容合法性或所述唯一特征码对应的消息的完整内容的发送标识。The query result includes: a message content validity or a sending identifier of a complete content of the message corresponding to the unique feature code.
可选地,所述数据收发模块202,还设置成:当所述查询结果包括所述唯一特征码对应的消息的完整内容的发送标识,指示发送所述唯一特征码对应的消息的完整内容时,发送所述唯一特征码对应的消息的完整内容到消息合法性验证功能;接收所述消息合法性验证功能的验证结果。Optionally, the data transceiver module 202 is further configured to: when the query result includes a sending identifier of the complete content of the message corresponding to the unique feature code, indicating that the complete content of the message corresponding to the unique feature code is sent And transmitting the complete content of the message corresponding to the unique feature code to the message legality verification function; and receiving the verification result of the message legality verification function.
实施例三Embodiment 3
本实施例还提供一种消息的安全管控方法,可以在消息合法性验证功能侧执行,如图3所示,包括:The embodiment further provides a message security control method, which can be executed on the message legality verification function side, as shown in FIG. 3, including:
步骤301,接收根据消息内容生成的唯一特征码;Step 301: Receive a unique feature code generated according to the content of the message;
步骤302,根据所述唯一特征码,查询特征码数据库;返回所述唯一特 征码对应的消息的合法性查询结果。Step 302: Query a feature code database according to the unique feature code; return the unique feature The validity of the message corresponding to the message.
可选地,步骤302中,返回所述唯一特征码对应的消息的合法性验证结果,包括:当在所述特征码数据库中查到所述唯一特征码对应的消息的合法性记录时,返回所述唯一特征码对应的消息的合法性;Optionally, in step 302, the validity verification result of the message corresponding to the unique feature code is returned, including: when the legality record of the message corresponding to the unique feature code is found in the feature code database, returning The legality of the message corresponding to the unique feature code;
当查不到所述唯一特征码对应的消息合法性记录时,返回所述唯一特征码对应消息的完整内容发送标识,指示所述唯一特征码发送方发送所述唯一特征码对应的消息的完整内容。When the message validity record corresponding to the unique feature code is not found, returning a complete content transmission identifier of the unique signature corresponding message, indicating that the unique signature sender sends the complete message corresponding to the unique signature content.
接收到唯一特征码对应的消息的完整内容后,分析并确定所述消息的完整内容的合法性,返回所述消息的完整内容的合法性。After receiving the complete content of the message corresponding to the unique signature, analyzing and determining the legitimacy of the complete content of the message, and returning the legitimacy of the complete content of the message.
可选地,确定所述消息的完整内容的合法性后,根据所述消息的完整内容生成唯一特征码;将根据所述消息的完整内容生成的唯一特征码和确定的所述消息的完整内容的合法性结果保存到所述特征码数据库中;Optionally, after determining the legitimacy of the complete content of the message, generating a unique feature code according to the complete content of the message; generating a unique feature code according to the complete content of the message and determining the complete content of the message The legality result is saved in the signature database;
其中,所述根据所述消息的完整内容生成唯一特征码的步骤包括:采用与所述唯一特征码发送方相同的算法生成唯一特征码;即对于同一个消息,发送方发送的唯一特征码与根据消息的完整内容生成的唯一特征码相同。The step of generating a unique feature code according to the complete content of the message includes: generating a unique feature code by using the same algorithm as the unique feature code sender; that is, for the same message, the unique feature code sent by the sender The unique signature generated based on the full content of the message is the same.
上述生成唯一特征码,具体可以,采用消息摘要MD5算法对消息的内容进行处理得到;或者,还可以采用安全哈希SHA1算法对消息的内容进行处理得到;或者,还可以采用其他唯一特征码生成算法生成,所生成的唯一特征码能够唯一代表消息的内容,当消息内容不同时,其对应生成的唯一特征码也不相同。The unique feature code is generated by using the message digest MD5 algorithm to process the content of the message; or the content of the message may be processed by using the secure hash SHA1 algorithm; or other unique feature codes may be generated. The algorithm generates, and the generated unique feature code can uniquely represent the content of the message. When the message content is different, the corresponding unique feature code generated is also different.
具体生成唯一特征码的算法,包括但不仅限于上述算法,对于本发明所属技术领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本发明的保护范围。An algorithm for generating a unique feature code, including but not limited to the above algorithm, may be made by a person skilled in the art without any departure from the concept of the present invention. It is considered to be within the scope of protection of the present invention.
其中,特征码数据库,设置成:保存代表消息的唯一特征码和该消息内容合法性的对应关系,例如: The signature database is configured to: save a correspondence between the unique signature of the message and the legality of the content of the message, for example:
唯一特征码Unique signature 合法性legality
35b8569127e3c91a87aa52dc494ee4d635b8569127e3c91a87aa52dc494ee4d6 合法legitimate
271b551d60307f4233a8509aff67a2d6271b551d60307f4233a8509aff67a2d6 合法legitimate
d5edec82547a3b7b0628472927936d78D5edec82547a3b7b0628472927936d78 不合法illegal
a85120db0def4e0c930194ea09210475A85120db0def4e0c930194ea09210475 合法legitimate
其中,依据消息的完整内容分析并确定消息内容的合法性,可以采用相关技术中的方案对消息内容的合法性进行验证;同时,不同的业务平台对消息内容合法性定义的标准不同,对应的合法性验证方法也不同;本发明方案的具体实施不限于具体采用何种消息内容合法性验证方案。The legality of the content of the message may be verified according to the complete content of the message, and the legality of the message content may be verified by using a solution in the related technology. Meanwhile, different service platforms define different standards for the legality of the message content, and corresponding The legality verification method is also different; the specific implementation of the solution of the present invention is not limited to the specific message content legality verification scheme.
实施例四Embodiment 4
本实施例还提供一种消息的安全管控装置,可以位于消息合法性验证功能侧,如图4所示,包括:通信模块401、特征码数据库402和特征码查询模块403,其中,The embodiment further provides a message security management device, which can be located on the message legality verification function side, as shown in FIG. 4, including: a communication module 401, a signature database 402, and a signature query module 403.
所述通信模块401,设置成:接收根据消息内容生成的唯一特征码;The communication module 401 is configured to: receive a unique feature code generated according to the content of the message;
所述特征码数据库402,设置成:存储消息唯一特征码和消息合法性的对应关系;The signature database 402 is configured to: store a correspondence between a unique signature of the message and the legitimacy of the message;
所述特征码查询模块403,设置成:根据接收到的唯一特征码,从所述特征码数据库402中查询所述唯一特征码所对应的消息是否合法,返回查询结果。The signature query module 403 is configured to query, from the signature database 402, whether the message corresponding to the unique signature is legal according to the received unique signature, and return a query result.
其中,所述特征码查询模块403返回查询结果,包括:当根据所述唯一特征码,从所述特征码数据库中查到对应的消息的合法性时,返回对应的合法性;当查不到对应消息的合法性时,返回所述唯一特征码对应消息的完整内容发送标识,指示所述唯一特征码发送方发送所述唯一特征码对应的消息的完整内容。The feature code query module 403 returns the query result, including: when the validity of the corresponding message is found from the feature code database according to the unique feature code, the corresponding legality is returned; Corresponding to the validity of the message, the complete content sending identifier of the unique signature corresponding message is returned, and the sender of the unique signature is sent to send the complete content of the message corresponding to the unique signature.
可选地,所述通信模块401,还设置成:接收所述唯一特征码对应的消息的完整内容; Optionally, the communication module 401 is further configured to: receive the complete content of the message corresponding to the unique feature code;
所述装置,还包括:合法性校验模块404,设置成:分析并确定所述唯一特征码对应的消息的完整内容的合法性;返回所述消息的完整内容的合法性。The device further includes: a validity check module 404, configured to: analyze and determine the validity of the complete content of the message corresponding to the unique feature code; and return the legitimacy of the complete content of the message.
可选地,该装置还包括:Optionally, the device further includes:
第二特征码生成模块405,设置成:根据所述唯一特征码对应的消息的完整内容生成唯一特征码;将根据所述唯一特征码对应的消息的完整内容生成唯一特征码和所述合法性校验模块确定的所述唯一特征码对应的消息的完整内容的合法性结果保存在所述特征码数据库中;The second feature code generating module 405 is configured to: generate a unique feature code according to the complete content of the message corresponding to the unique feature code; generate a unique feature code and the legality according to the complete content of the message corresponding to the unique feature code The validity result of the complete content of the message corresponding to the unique feature code determined by the verification module is saved in the signature database;
其中,所述第二特征码生成模块405生成唯一特征码的方法和所述通信模块接收到的唯一特征码的生成方法一致。The method for generating the unique feature code by the second feature code generating module 405 is consistent with the method for generating the unique feature code received by the communication module.
上述生成唯一特征码,具体可以,采用消息摘要MD5算法对消息的内容进行处理得到;或者,还可以采用安全哈希SHA1算法对消息的内容进行处理得到;或者,还可以采用其他唯一特征码生成算法生成,所生成的唯一特征码能够唯一代表消息的内容,当消息内容不同时,其对应生成的唯一特征码也不相同。The unique feature code is generated by using the message digest MD5 algorithm to process the content of the message; or the content of the message may be processed by using the secure hash SHA1 algorithm; or other unique feature codes may be generated. The algorithm generates, and the generated unique feature code can uniquely represent the content of the message. When the message content is different, the corresponding unique feature code generated is also different.
具体生成唯一特征码的算法,包括但不仅限于上述算法,对于本发明所属技术领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本发明的保护范围。An algorithm for generating a unique feature code, including but not limited to the above algorithm, may be made by a person skilled in the art without any departure from the concept of the present invention. It is considered to be within the scope of protection of the present invention.
实施例五Embodiment 5
本实施例还提供一种消息安全管控系统,如图5所示,包括:业务模块和安全管控模块,其中,The embodiment further provides a message security management and control system, as shown in FIG. 5, comprising: a service module and a security management module, wherein
业务模块,设置成:根据消息内容生成唯一特征码,发送所述唯一特征码到所述安全管控模块;a service module, configured to: generate a unique feature code according to the message content, and send the unique feature code to the security management module;
安全管控模块,设置成:根据所述唯一特征码确定消息的合法性,并返回结果。The security management module is configured to: determine the validity of the message according to the unique feature code, and return a result.
可选地,安全管控模块,包括:特征码存储子模块和特征码查询子模块;Optionally, the security management module includes: a feature code storage submodule and a feature code query submodule;
其中,所述特征码存储子模块,设置成:存储所述唯一特征码和所述唯 一特征码对应的消息的合法性;The feature code storage submodule is configured to: store the unique feature code and the only The legitimacy of a message corresponding to a signature;
所述特征码查询子模块,设置成:根据所述唯一特征码,从所述特征码存储子模块中查询所述唯一特征码所对应的消息是否合法,返回查询结果。The feature code query sub-module is configured to: according to the unique feature code, query whether the message corresponding to the unique feature code is legal from the feature code storage sub-module, and return a query result.
具体的,特征码查询子模块返回的查询结果,包括:Specifically, the query result returned by the signature query sub-module includes:
当根据所述唯一特征码,从所述特征码存储子模块中查到所述唯一特征码所对应的消息的合法性记录时,返回对应的合法性;When the legality record of the message corresponding to the unique feature code is found from the feature code storage sub-module according to the unique feature code, the corresponding legality is returned;
当根据所述唯一特征码,从所述特征码存储子模块中查不到所述唯一特征码所对应的消息的合法性记录时,返回消息完整内容发送标识,通知所述业务模块发送所述唯一特征码对应的消息的完整内容。When the legality record of the message corresponding to the unique feature code is not found from the feature code storage submodule according to the unique feature code, returning a message complete content sending identifier, and notifying the service module to send the The complete content of the message corresponding to the unique signature.
可选地,业务模块,还设置成:将所述唯一特征码对应的消息的完整内容发送到所述安全管控模块;Optionally, the service module is further configured to: send the complete content of the message corresponding to the unique feature code to the security management module;
安全管控模块,还包括:合法性校验子模块,设置成:接收所述唯一特征码对应的消息的完整内容;分析并确定所述唯一特征码对应的消息的完整内容的合法性;返回所述消息的完整内容的合法性。The security management module further includes: a legality verification submodule, configured to: receive the complete content of the message corresponding to the unique signature; analyze and determine the legality of the complete content of the message corresponding to the unique signature; The legitimacy of the complete content of the message.
可选地,所述安全管控模块,还包括特征码生成子模块,设置成:根据所述唯一特征码对应的消息的完整内容生成唯一特征码;将生成的唯一特征码和所述合法性校验子模块确定的所述唯一特征码对应的消息的完整内容的合法性结果保存在所述特征码存储子模块中;Optionally, the security management module further includes: a feature code generation sub-module, configured to: generate a unique feature code according to the complete content of the message corresponding to the unique feature code; and generate the unique feature code and the legality The validity result of the complete content of the message corresponding to the unique feature code determined by the test module is saved in the feature code storage submodule;
其中,所述特征码生成子模块生成唯一特征码的方法和所述业务模块发送的唯一特征码的生成方法一致,即对于同一个消息,发送方发送的唯一特征码与根据消息的完整内容生成的唯一特征码相同。The method for generating the unique feature code by the feature code generation sub-module is consistent with the method for generating the unique feature code sent by the service module, that is, for the same message, the unique feature code sent by the sender is generated according to the complete content of the message. The unique signature is the same.
上述生成唯一特征码,具体可以采用消息摘要MD5算法对消息的内容进行处理得到;或者,还可以采用安全哈希SHA1算法对消息的内容进行处理得到;或者,还可以采用其他唯一特征码生成算法生成,所生成的唯一特征码能够唯一代表消息的内容,当消息内容不同时,其对应生成的唯一特征码也不相同。 The unique feature code is generated by using the message digest MD5 algorithm to process the content of the message; or the content of the message may be processed by using the secure hash SHA1 algorithm; or other unique feature code generation algorithms may be used. Generated, the generated unique feature code can uniquely represent the content of the message, and when the message content is different, the corresponding unique feature code generated is also different.
体生成唯一特征码的算法,包括但不仅限于上述算法,对于本发明所属技术领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本发明的保护范围。The algorithm for generating a unique feature code includes, but is not limited to, the above-mentioned algorithm. For those skilled in the art to which the present invention pertains, a number of simple deductions or substitutions may be made without departing from the inventive concept. It is considered to be within the scope of protection of the present invention.
本发明的实施例中,特征码数据库,设置成:存储所述唯一特征码和所述唯一特征码对应的消息的合法性,可以采用数据库方式存储,也可以采用文件方式存储,不限于本实施例举的具体方式,本领域内技术人员根据本实施例所例举的数据库表存储的方式,可以合理的进行变形或替换形成其他方式,而实现本发明所述技术方案。In the embodiment of the present invention, the signature database is configured to: store the validity of the message corresponding to the unique signature and the unique signature, and may be stored in a database manner or in a file manner, and is not limited to the implementation. In the specific manner, the technical solution of the present invention can be implemented by a person skilled in the art according to the manner of storing the database table exemplified in the embodiment, which can be reasonably modified or replaced.
进一步举例如下,安全管控系统中安全管控模块中的特征码存储子模块,采用数据库表的形式存储唯一特征码与对应消息的合法性记录如下表所示:Further examples are as follows: The signature storage sub-module in the security management module of the security management system stores the legality records of the unique signature and the corresponding message in the form of a database table as shown in the following table:
表1:特征码合法性表Table 1: Signature Legality Table
Figure PCTCN2016080545-appb-000001
Figure PCTCN2016080545-appb-000001
应用示例一:Application example one:
待验证的消息1,是一个内容为图片文件1的多媒体消息;The message 1 to be verified is a multimedia message whose content is picture file 1;
业务模块,发送图片文件1对应的唯一特征码——35b8569127e3c91a87aa52dc494ee3d6,到安全管控模块;The service module sends a unique signature corresponding to the picture file 1 - 35b8569127e3c91a87aa52dc494ee3d6 to the security management module;
安全管控模块,接收该唯一特征码,其特征码查询子模块从其特征码存储子模块中的上表中查询得到该唯一特征码对应的消息合法性结果为:合法,安全管控模块返回该合法性结果给业务模块。The security management module receives the unique signature, and the signature query sub-module queries the upper table in the signature storage sub-module to obtain the validity of the message corresponding to the unique signature: legal, the security management module returns the legal Sexual results to the business module.
其中,业务模块采用MD5算法处理图片文件1,得到唯一特征码。 The service module processes the picture file 1 by using the MD5 algorithm to obtain a unique feature code.
应用示例二:Application example two:
待验证的消息2,是一个内容为短视频文件2的多媒体消息;The message 2 to be verified is a multimedia message whose content is short video file 2;
业务模块,发送视频文件2对应的唯一特征码——d5edec82547a3b7b0628472927934d78,到安全管控模块;The service module sends a unique signature corresponding to the video file 2, d5edec82547a3b7b0628472927934d78, to the security management module;
安全管控模块,接收该唯一特征码,其特征码查询子模块从其特征码存储子模块中的上表中查询得到该唯一特征码对应的消息合法性结果为:不合法,安全管控模块返回该合法性结果给业务模块。The security management module receives the unique signature, and the signature query sub-module queries the upper table in the signature storage sub-module to obtain the validity of the message corresponding to the unique signature: the file is invalid, and the security control module returns the The result of the legality is given to the business module.
其中,业务模块采用MD5算法处理视频文件2,得到唯一特征码。The service module processes the video file 2 by using the MD5 algorithm to obtain a unique feature code.
应用示例三:Application example three:
待验证的消息3,是一个内容为短视频文件3的多媒体消息;The message 3 to be verified is a multimedia message whose content is a short video file 3;
业务模块,发送视频文件3对应的唯一特征码——611e33d077b007142a613b1f05ef681a,到安全管控模块;The service module sends a unique feature code corresponding to the video file 3, 611e33d077b007142a613b1f05ef681a, to the security management module;
其中,业务模块采用MD5算法处理视频文件3,得到上述唯一特征码。The service module processes the video file 3 by using the MD5 algorithm to obtain the above unique feature code.
安全管控模块,接收该唯一特征码,其特征码查询子模块从其特征码存储子模块中的上表中查询,未能查到该唯一特征码对应的消息合法性结果;则返回消息完整内容发送标识,通知所述业务模块发送所述唯一特征码对应的消息的完整内容。The security management module receives the unique signature, and the signature query sub-module queries from the upper table in the signature storage sub-module, and fails to find the message legality result corresponding to the unique signature; then returns the complete content of the message. Sending an identifier, informing the service module to send the complete content of the message corresponding to the unique signature.
业务模块,发送消息3的视频文件3到安全管控模块;The service module sends the video file 3 of the message 3 to the security management module;
安全管控模块,接收视频文件3,其合法性校验子模块对视频文件3进行分析处理,确定该视频文件3的合法性为:合法,则安全管控模块返回该合法性结果给业务模块。The security management module receives the video file 3, and the legality verification sub-module analyzes and processes the video file 3 to determine that the legality of the video file 3 is legal: the security control module returns the validity result to the service module.
可选地,安全管控模块也采用MD5算法处理视频文件3,得到唯一特征码611e33d077b007142a613b1f05ef681a,将该唯一特征码和合法性校验子模块确定的合法性结果保存到特征码存储子模块中,在表1中新增对应记录后如下所示: Optionally, the security management module also processes the video file 3 by using the MD5 algorithm, and obtains the unique feature code 611e33d077b007142a613b1f05ef681a, and saves the validity result determined by the unique signature and the validity check submodule into the signature storage submodule, in the table. The new corresponding record in 1 is as follows:
Figure PCTCN2016080545-appb-000002
Figure PCTCN2016080545-appb-000002
其中,合法性校验子模块依据消息的完整内容分析并确定消息内容的合法性,可以采用相关技术中的方案对消息内容的合法性进行验证;同时,不同的业务平台对消息内容合法性定义的标准不同,对应的合法性验证方法也不同;本发明方案的具体实施不限于具体采用何种消息内容合法性验证方案。The legality verification sub-module analyzes and determines the legality of the message content according to the complete content of the message, and can verify the legality of the message content by using the solution in the related technology; at the same time, different service platforms define the legality of the message content. Different standards are different, and the corresponding legality verification methods are also different; the specific implementation of the solution of the present invention is not limited to the specific message content legality verification scheme.
本发明实施例还公开了一种消息安全管控系统,包括:上述任意的可在业务系统侧执行的安全管控装置和上述任意的可在消息合法性验证功能侧执行的消息的安全管控装置。The embodiment of the invention further discloses a message security management system, comprising: any of the above-mentioned security management devices that can be executed on the service system side and any of the above-mentioned security management devices that can execute messages on the message legality verification function side.
本发明实施例还公开了一种计算机程序,包括程序指令,当该程序指令被业务系统执行时,使得该业务系统可执行上述任意的消息的安全管控方法。The embodiment of the invention further discloses a computer program, comprising program instructions, when the program instruction is executed by the service system, so that the service system can execute the security management method of any of the above messages.
本发明实施例还公开了一种载有所述的计算机程序的载体。The embodiment of the invention also discloses a carrier carrying the computer program.
本发明实施例还公开了一种计算机程序,包括程序指令,当该程序指令被消息合法性验证功能执行时,使得该消息合法性验证功能可执行上述任意的消息的安全管控方法。The embodiment of the invention further discloses a computer program, comprising program instructions, when the program instruction is executed by the message legality verification function, so that the message legality verification function can execute the security management method of any of the above messages.
本发明实施例还公开了一种载有所述的计算机程序的载体。The embodiment of the invention also discloses a carrier carrying the computer program.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
本发明提供的实施例,改变了相关技术方案中每次发送完整消息内容到 安全管控平台进行消息安全性验证的方式,针对现存大量消息内容不变,且消息体数据量大这一消息类业务的新特点,提出了先对要验证的消息提取消息唯一特征码,发送该唯一特征码到安全性管控平台进行验证;只在安全性管控平台未保存该唯一特征码和对应消息的安全性验证结果时,才发送完整消息到安全性管控平台。相比于相关技术方案,避免了针对相同消息内容多次重复发起完整内容校验请求所带来的网络带宽压力,同时,针对完整消息内容验证一次合法性后,保存该消息对应的唯一特征码和合法性验证结果,供后续验证时,只根据唯一特征码进行查询验证结果,大大提升了安全性验证效率。The embodiment provided by the present invention changes the related information scheme to send the complete message content each time to The security management platform performs message security verification. In view of the new characteristics of the existing message content service and the large amount of message volume, the message is extracted from the message to be verified. The unique signature is verified by the security management platform; the complete message is sent to the security management platform only when the security verification platform does not save the security verification result of the unique signature and the corresponding message. Compared with the related technical solution, the network bandwidth pressure caused by repeatedly initiating the complete content verification request for the same message content is avoided, and at the same time, after verifying the validity of the complete message content, the unique signature corresponding to the message is saved. And the validity verification result, for subsequent verification, only the unique feature code is used to perform the query verification result, which greatly improves the security verification efficiency.
本领域普通技术人员可以理解上述实施例的全部或部分步骤可以使用计算机程序流程来实现,所述计算机程序可以存储于一计算机可读存储介质中,所述计算机程序在相应的硬件平台上(如系统、设备、装置、器件等)执行,在执行时,包括方法实施例的步骤之一或其组合。One of ordinary skill in the art will appreciate that all or a portion of the steps of the above-described embodiments can be implemented using a computer program flow, which can be stored in a computer readable storage medium, such as on a corresponding hardware platform (eg, The system, device, device, device, etc. are executed, and when executed, include one or a combination of the steps of the method embodiments.
可选地,上述实施例的全部或部分步骤也可以使用集成电路来实现,这些步骤可以被分别制作成一个个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。Alternatively, all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve. Thus, the invention is not limited to any specific combination of hardware and software.
上述实施例中的各装置/功能模块/功能单元可以采用通用的计算装置来实现,它们可以集中在单个的计算装置上,也可以分布在多个计算装置所组成的网络上。The devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
上述实施例中的各装置/功能模块/功能单元以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。上述提到的计算机可读取存储介质可以是只读存储器,磁盘或光盘等。When each device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. The above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以权利要求所述的保护范围为准。 The above is only a specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention. It should be covered by the scope of the present invention. Therefore, the scope of the invention should be determined by the scope of the claims.
工业实用性Industrial applicability
本发明技术方案,改变了相关技术方案中每次发送完整消息内容到安全管控平台进行消息安全性验证的方式,针对现存大量消息内容不变,且消息体数据量大这一消息类业务的新特点,提出了先对要验证的消息提取消息唯一特征码,发送该唯一特征码到安全性管控平台进行验证;只在安全性管控平台未保存该唯一特征码和对应消息的安全性验证结果时,才发送完整消息到安全性管控平台。本发明提供的一种消息安全管控方法、装置和系统,避免了针对相同消息内容多次重复发起完整内容校验请求所带来的网络带宽压力,同时,针对完整消息内容验证一次合法性后,保存该消息对应的唯一特征码和合法性验证结果,供后续验证时,只根据唯一特征码进行查询验证结果,大大提升了安全性验证效率。因此本发明具有很强的工业实用性。 The technical solution of the present invention changes the manner in which the message security verification is performed every time the complete message content is sent to the security management platform in the related technical solution, and the new message content is unchanged, and the message volume data is large. The feature is that the unique feature code of the message is extracted from the message to be verified, and the unique feature code is sent to the security management platform for verification; only when the security verification platform does not save the security verification result of the unique feature code and the corresponding message. Only send a complete message to the security management platform. The invention provides a message security management and control method, device and system, which avoids the network bandwidth pressure caused by repeatedly initiating a complete content verification request for the same message content, and at the same time, after verifying the validity of the complete message content once, The unique signature and legality verification result corresponding to the message are saved, and the subsequent verification results only perform the query verification result according to the unique signature, which greatly improves the security verification efficiency. Therefore, the present invention has strong industrial applicability.

Claims (15)

  1. 一种消息的安全管控方法,包括:A method for security management of messages, comprising:
    根据消息内容生成唯一特征码;Generating a unique signature based on the message content;
    发送所述唯一特征码到消息合法性验证功能,获得所述消息合法性验证功能返回的查询结果。Sending the unique feature code to the message legality verification function, and obtaining the query result returned by the message legality verification function.
  2. 根据权利要求1所述的消息的安全管控方法,其中A security management method for a message according to claim 1, wherein
    所述查询结果包括:消息内容合法性或所述唯一特征码对应的消息的完整内容的发送标识,该标识用于指示发送所述唯一特征码对应的消息的完整内容到所述合法性验证功能。The query result includes: a message content validity or a sending identifier of the complete content of the message corresponding to the unique feature code, where the identifier is used to indicate that the complete content of the message corresponding to the unique feature code is sent to the legality verification function. .
  3. 根据权利要求2所述的消息的安全管控方法,该方法还包括:The method for security management of a message according to claim 2, the method further comprising:
    当获得的所述查询结果包括所述唯一特征码对应的消息的完整内容的发送标识时,则发送所述唯一特征码对应的消息的完整内容到所述消息合法性验证功能;接收所述消息合法性验证功能返回的该消息的完整内容的合法性。And when the obtained query result includes the sending identifier of the complete content of the message corresponding to the unique feature code, sending the complete content of the message corresponding to the unique feature code to the message legality verification function; receiving the message The legality of the complete content of the message returned by the legality verification function.
  4. 一种消息的安全管控装置,包括:特征码生成模块和数据收发模块,其中,A security management device for a message, comprising: a signature generation module and a data transceiver module, wherein
    所述特征码生成模块设置成:根据消息内容生成唯一特征码;The feature code generating module is configured to: generate a unique feature code according to the message content;
    所述数据收发模块设置成:发送所述唯一特征码到消息合法性验证功能;接收所述消息合法性验证功能返回的查询结果。The data transceiver module is configured to: send the unique feature code to a message legality verification function; and receive a query result returned by the message legality verification function.
  5. 根据权利要求4所述的消息的安全管控装置,其中A security management device for a message according to claim 4, wherein
    所述查询结果包括:消息内容合法性或所述唯一特征码对应的消息的完整内容的发送标识,该标识用于指示发送所述唯一特征码对应的消息的完整内容到所述合法性验证功能。The query result includes: a message content validity or a sending identifier of the complete content of the message corresponding to the unique feature code, where the identifier is used to indicate that the complete content of the message corresponding to the unique feature code is sent to the legality verification function. .
  6. 根据权利要求5所述的消息的安全管控装置,其中A security management device for a message according to claim 5, wherein
    所述数据收发模块还设置成:当所述查询结果包括所述唯一特征码对应 的消息的完整内容的发送标识时,指发送所述唯一特征码对应的消息的完整内容到所述消息合法性验证功能;接收所述消息合法性验证功能返回的该消息的完整内容的合法性。The data transceiver module is further configured to: when the query result includes the unique feature code corresponding When the identity of the complete content of the message is sent, the complete content of the message corresponding to the unique feature code is sent to the message legality verification function; and the validity of the complete content of the message returned by the message legality verification function is received. .
  7. 一种消息的安全管控方法,包括:A method for security management of messages, comprising:
    接收根据消息内容生成的唯一特征码;Receiving a unique signature generated based on the content of the message;
    根据所述唯一特征码,查询特征码数据库;Querying a signature database according to the unique feature code;
    返回所述唯一特征码对应的消息的查询结果。Returning the query result of the message corresponding to the unique feature code.
  8. 根据权利要求7所述的消息的安全管控方法,其中A security management method for a message according to claim 7, wherein
    所述返回所述唯一特征码对应的消息的查询结果的步骤包括:The step of returning the query result of the message corresponding to the unique feature code includes:
    当在所述特征码数据库中查到所述唯一特征码对应的消息的合法性记录时,返回所述唯一特征码对应的消息的合法性;Returning the legality of the message corresponding to the unique feature code when the legality record of the message corresponding to the unique feature code is found in the signature database;
    当查不到所述唯一特征码对应的消息合法性记录时,返回所述唯一特征码对应的消息的完整内容发送标识,该标识用于指示所述唯一特征码发送方发送所述唯一特征码对应的消息的完整内容。Returning the complete content transmission identifier of the message corresponding to the unique signature, the identifier is used to indicate that the unique signature sender sends the unique signature when the unique legality record corresponding to the unique signature is not found. The complete content of the corresponding message.
  9. 根据权利要求8所述的消息的安全管控方法,该方法还包括:The method for security management of a message according to claim 8, further comprising:
    接收所述唯一特征码发送方发来的所述唯一特征码对应的消息的完整内容,分析并确定所述消息的完整内容的合法性,返回所述消息的完整内容的合法性。Receiving the complete content of the message corresponding to the unique feature code sent by the sender of the unique signature, analyzing and determining the legitimacy of the complete content of the message, and returning the legitimacy of the complete content of the message.
  10. 根据权利要求9所述的消息的安全管控方法,其中A security management method for a message according to claim 9, wherein
    分析并确定所述消息的完整内容的合法性后,根据所述消息的完整内容生成唯一特征码;将根据所述消息的完整内容生成的唯一特征码和所确定的所述消息的完整内容的合法性保存到所述特征码数据库中;After analyzing and determining the legitimacy of the complete content of the message, generating a unique feature code according to the complete content of the message; a unique feature code generated according to the complete content of the message and the determined complete content of the message Legality is saved in the signature database;
    其中,所述根据所述消息的完整内容生成唯一特征码的步骤包括:采用与所述唯一特征码发送方相同的算法生成唯一特征码。The step of generating a unique feature code according to the complete content of the message includes generating a unique feature code by using the same algorithm as the unique feature code sender.
  11. 一种消息安全管控装置,包括:通信模块、特征码数据库和特征码查询模块,其中, A message security management device includes: a communication module, a signature database, and a signature query module, wherein
    所述通信模块设置成:接收根据消息内容生成的唯一特征码;The communication module is configured to: receive a unique feature code generated according to the message content;
    所述特征码数据库设置成:存储消息的唯一特征码和消息合法性的对应关系;The signature database is configured to: store a correspondence between a unique signature of the message and the legitimacy of the message;
    所述特征码查询模块设置成:根据接收到的所述唯一特征码,从所述特征码数据库中查询所述唯一特征码所对应的消息是否合法,返回查询结果。The feature code querying module is configured to: query, according to the received unique feature code, whether the message corresponding to the unique feature code is legal from the feature code database, and return a query result.
  12. 根据权利要求11所述的消息的安全管控装置,其中,所述特征码查询模块设置成按照如下方式返回查询结果:The security management device for a message according to claim 11, wherein said signature query module is arranged to return a query result as follows:
    当根据所述唯一特征码,从所述特征码数据库中查到与该唯一特征码对应的消息的合法性时,返回该消息的合法性给唯一特征码发送方;When the validity of the message corresponding to the unique feature code is found from the feature code database according to the unique feature code, the legality of the message is returned to the unique feature code sender;
    当查不到与该唯一特征码对应的消息的合法性时,返回该唯一特征码对应的消息的完整内容发送标识给所述唯一特征码发送方,指示所述唯一特征码发送方发送所述唯一特征码对应的消息的完整内容。When the validity of the message corresponding to the unique signature is not found, the complete content transmission identifier of the message corresponding to the unique signature is returned to the unique signature sender, and the unique signature sender is sent to send the The complete content of the message corresponding to the unique signature.
  13. 根据权利要求12所述的消息的安全管控装置,其中A security management device for a message according to claim 12, wherein
    所述通信模块还设置成:接收所述唯一特征码发送方发来的所述唯一特征码对应的消息的完整内容;The communication module is further configured to: receive the complete content of the message corresponding to the unique feature code sent by the sender of the unique signature code;
    所述装置还包括:合法性校验模块,该合法性校验模块设置成:分析并确定所述唯一特征码对应的消息的完整内容的合法性;返回所述消息的完整内容的合法性给所述唯一特征码发送方。The device further includes: a legality verification module, the legality verification module is configured to: analyze and determine the legality of the complete content of the message corresponding to the unique feature code; and return the legality of the complete content of the message to The unique signature sender.
  14. 根据权利要求13所述的消息的安全管控装置,该装置还包括:The security management device for a message according to claim 13, further comprising:
    特征码生成模块,设置成:根据所述唯一特征码对应的消息的完整内容生成唯一特征码;将根据所述唯一特征码对应的消息的完整内容生成唯一特征码和所述合法性校验模块确定的所述唯一特征码对应的消息的完整内容的合法性保存在所述特征码数据库中;The feature code generating module is configured to: generate a unique feature code according to the complete content of the message corresponding to the unique feature code; generate a unique feature code and the legality check module according to the complete content of the message corresponding to the unique feature code Determining the legitimacy of the complete content of the message corresponding to the unique feature code in the signature database;
    其中,所述特征码生成模块生成唯一特征码的方法和所述通信模块接收到的唯一特征码的生成方法一致。The method for generating the unique feature code by the feature code generating module is consistent with the method for generating the unique feature code received by the communication module.
  15. 一种消息安全管控系统,包括:4-6中任一项所述的消息的安全管 控装置和如权利要求11-14中任一项所述的消息的安全管控装置。 A message security management system, comprising: the security tube of the message according to any one of 4-6 A control device and a security management device for a message according to any one of claims 11-14.
PCT/CN2016/080545 2015-08-19 2016-04-28 Message security control method, device and system WO2017028553A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510512432.5 2015-08-19
CN201510512432.5A CN106470107A (en) 2015-08-19 2015-08-19 A kind of message security control method, device and system

Publications (1)

Publication Number Publication Date
WO2017028553A1 true WO2017028553A1 (en) 2017-02-23

Family

ID=58050666

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/080545 WO2017028553A1 (en) 2015-08-19 2016-04-28 Message security control method, device and system

Country Status (2)

Country Link
CN (1) CN106470107A (en)
WO (1) WO2017028553A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107277794A (en) * 2017-06-09 2017-10-20 中国联合网络通信集团有限公司 Set up the method, device and mobile terminal of communication connection

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051963A (en) * 2007-05-24 2007-10-10 中国联合通信有限公司 Content monitor method and device
CN101072380A (en) * 2007-06-08 2007-11-14 华为技术有限公司 Content delivery method and system, network device, mobile data service management platform
CN101656927A (en) * 2009-09-22 2010-02-24 中兴通讯股份有限公司 System and method for monitoring multimedia message content based on content recognition technology

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7328349B2 (en) * 2001-12-14 2008-02-05 Bbn Technologies Corp. Hash-based systems and methods for detecting, preventing, and tracing network worms and viruses
CN1969524B (en) * 2003-12-24 2012-08-15 赛门铁克公司 Method and system for identifying the content of files in a network
CN100454909C (en) * 2006-07-04 2009-01-21 华为技术有限公司 Information filtering and secret-keeping method and apparatus in instantaneous communication
CN101340396B (en) * 2008-08-07 2012-02-08 腾讯科技(深圳)有限公司 Image information filtering method and instant communication customer terminal
CN102945349B (en) * 2012-10-19 2016-06-22 北京奇虎科技有限公司 unknown file processing method and device
CN103309937A (en) * 2013-04-19 2013-09-18 无锡成电科大科技发展有限公司 Method of supervising content of cloud platform

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051963A (en) * 2007-05-24 2007-10-10 中国联合通信有限公司 Content monitor method and device
CN101072380A (en) * 2007-06-08 2007-11-14 华为技术有限公司 Content delivery method and system, network device, mobile data service management platform
CN101656927A (en) * 2009-09-22 2010-02-24 中兴通讯股份有限公司 System and method for monitoring multimedia message content based on content recognition technology

Also Published As

Publication number Publication date
CN106470107A (en) 2017-03-01

Similar Documents

Publication Publication Date Title
US20200286041A1 (en) Service flow system and service data processing method and apparatus
CN101251881B (en) Device, system and method for recognizing content
CN108734028B (en) Data management method based on block chain, block chain link point and storage medium
US20200336907A1 (en) Authenticating digital evidence
US11563560B2 (en) Blockchain-based data evidence storage method and apparatus
KR101145789B1 (en) Method and system for content categorization
CN108805571B (en) Data protection method, platform, block chain node, system and storage medium
CN106664308B (en) Device authentication prior to enrollment
EP3659311B1 (en) Data stream integrity
CN110572422B (en) Data downloading method, device, equipment and medium
CN108764902B (en) Method, node and blockchain system for storing data
CN114245323B (en) Message processing method and device, computer equipment and storage medium
WO2016107306A1 (en) Message subscription method, processing node device and message bus
CN112163412A (en) Data verification method and device, electronic equipment and storage medium
CN112988470B (en) Consensus method, consensus node and system in alliance chain
CN114116637A (en) Data sharing method, device, equipment and storage medium
WO2017028553A1 (en) Message security control method, device and system
WO2017096886A1 (en) Content pushing method, apparatus and system
JP2011510572A (en) Method, apparatus and system for realizing fingerprint technology
WO2020130864A1 (en) System for automatic management and depositing of documents (images) hash in block-chain technology
CN104573518A (en) Method, device, server and system for scanning files
US11501295B2 (en) Object distribution processing
CN113032820B (en) File storage method, access method, device, equipment and storage medium
CN112995098B (en) Authentication method, electronic device and storage medium
CN113836331A (en) Image query method, device and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16836418

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16836418

Country of ref document: EP

Kind code of ref document: A1