CN105871778A - Security access authentication method for electricity bill payment system for interactive television system - Google Patents

Abstract

The invention discloses a security access authentication method for an electricity fee payment system of an interactive television system, which includes step 1, the first firewall reads the request information of the set-top box, and the request information includes account code, verification code, access protocol, and equipment code; the steps 2. After the first firewall verifies the request information, it extracts the access protocol, device code and request content in the request information, generates task information, and sends it to the interface server; step 3, the interface server receives the task information, and according to the device code and request content of the task information The request content reads the corresponding external information from the outside and feeds it back to the first firewall; step 4, the first firewall sends the external information to the corresponding set-top box according to the device code. The security access authentication method of the electric bill payment system of the interactive TV system of the present invention is carrying out targeted network structure design for the interactive TV bill payment system, and achieves better security performance by setting targeted data structures and contents.

Description

Security access authentication method of electric bill payment system of interactive television system

technical field

The present invention relates to the security authentication of network access, more specifically, to the security access authentication method of the electricity fee payment system of the interactive television system.

Background technique

At present, the development of domestic digital TV has entered a climax period, and the traditional analog cable TV in various places is being transformed into digital TV. Digital TV adopts two-way data transmission technology, which changes the traditional TV mode of "I broadcast and you watch", adds interactive capabilities to TV, and enables people to carry out many new services through TV, such as video on demand, online shopping, distance learning, etc. , making the TV a veritable information appliance.

The business systems connected by the interactive TV self-service electricity bill payment system are all key systems related to key industries, so the security mechanism is the top priority in the system construction process, especially when it comes to network security.

Network security means that the hardware and software of the network system and the data in the system are protected from being damaged, changed, or leaked due to accidental or malicious reasons, the system runs continuously and reliably, and the network service is not interrupted. Network security includes network equipment security, network information security, and network software security. In a broad sense, all related technologies and theories related to the confidentiality, integrity, availability, authenticity and controllability of information on the network are the research fields of network security. Network security is a comprehensive subject involving computer science, network technology, communication technology, cryptography technology, information security technology, applied mathematics, number theory, information theory and other disciplines.

Based on the Open Systems Interconnection Reference Model (OSI/RM), the International Organization for Standardization (ISO) formulated the rules for addressing network security in the OSI environment in 1989: Security Architecture. It extends the basic reference model to include various aspects of security issues, providing a conceptual, functional and consistent approach to secure communication in open systems. The OSI security system consists of seven layers: physical layer, data link layer, network layer, transport layer, session layer, presentation layer and application layer. The security mechanisms carried out between the various levels are:

1. Encryption mechanism: Measuring the reliability of an encryption technology mainly depends on the difficulty of the decryption process, which depends on the length and algorithm of the key.

2. Security authentication mechanism: Security authentication is the guarantee for maintaining the normal operation of e-commerce activities, and it involves important issues such as security management, encryption processing, PKI and authentication management. There is already a complete set of technical solutions that can be applied. Adopting international common PKI technology, X.509 certificate standard and X.500 information release standard and other technical standards can safely issue certificates and carry out security certification.

3. Access control strategy: Access control is the main strategy for network security prevention and protection, and its main task is to ensure that network resources are not illegally used or accessed abnormally. It is also an important means to maintain network system security and protect network resources. Various security policies must cooperate with each other to truly play a protective role.

However, for the innovative business model of interactive TV paying electricity bills independently, there is currently no corresponding network security technology to carry out targeted security design for this model, so there are certain security risks.

Contents of the invention

In view of the fact that there is no targeted security design in the interactive TV autonomous electricity payment mode existing in the prior art, the purpose of the present invention is to provide a secure access authentication method for the electricity fee payment system of the interactive TV system.

To achieve the above object, the present invention adopts the following technical solutions:

A security access authentication method for an electricity bill payment system of an interactive television system, comprising step 1, the first firewall reads the request information of the set-top box, and the request information includes account code, verification code, access protocol, and device code; step 2, the first After the firewall verifies the request information, it extracts the access protocol, device code, and request content in the request information, generates task information, and sends it to the interface server; step 3, the interface server receives the task information, and receives the task information from the outside according to the device code and request content of the task information. Read the corresponding external information and feed it back to the first firewall; step 4, the first firewall sends the external information to the corresponding set-top box according to the equipment code.

According to an embodiment of the present invention, the external information includes electric power information of a private electric power network.

According to an embodiment of the present invention, a second firewall is provided between the private power network and the interface server, and the second firewall sends corresponding power information to the interface server according to the equipment code and request content.

According to an embodiment of the present invention, the external information includes payment information of UnionPay private network.

According to an embodiment of the present invention, a third firewall is installed between the UnionPay private network and the interface server, and the third firewall sends corresponding payment information to the interface server according to the equipment code and request content.

According to an embodiment of the present invention, the first firewall package further includes a scheduling protocol, which groups all set-top boxes and restricts access parameters of the set-top boxes in the group through the grouping.

According to an embodiment of the present invention, the access parameters include access time, access frequency, and request information.

In the above technical solution, the secure access authentication method of the electricity bill payment system of the interactive TV system of the present invention is carrying out a targeted network structure design for the interactive TV bill payment system, and realizes it by setting targeted data structures and contents Better safety performance.

Description of drawings

Fig. 1 is the network architecture of the secure access authentication of the electricity bill payment system of the interactive television system of the present invention;

Fig. 2 is a flow chart of the security access authentication method of the electricity fee payment system of the interactive television system of the present invention.

detailed description

The technical solutions of the present invention will be further described below in conjunction with the accompanying drawings and embodiments.

With reference to Fig. 1, in order to realize the security for specific-purpose system, method of the present invention is first applicable to in the system of specific structure, and it mainly comprises a plurality of set-top boxes of parallel connection, and all set-top boxes all connect direct first firewall, and the first firewall connects to the interface server. The interface server is respectively connected to the second firewall and the third-party firewall, the second firewall is connected to the electric power private network, and the third firewall is connected to the UnionPay private network. For the interface server, the second firewall, the third-party firewall, and the external power private network and UnionPay private network are all external information.

With reference to Fig. 2, the secure access authentication method of the electricity bill payment system of the interactive television system of the present invention mainly comprises the following 4 steps:

Step S1: The first firewall reads the request information of the set-top box, and the request information includes account code, verification code, access protocol, and device code.

Step S2: After verifying the request information, the first firewall extracts the access protocol, device code and request content in the request information, generates task information, and sends it to the interface server.

Step S3: The interface server receives the task information, reads the corresponding external information from the outside according to the device code and request content of the task information, and feeds it back to the first firewall. In the present invention, the external information includes the electric power information of the electric power private network and the payment information of the UnionPay private network.

In addition, a second firewall is set between the private power network and the interface server, and the second firewall sends corresponding power information to the interface server according to the equipment code and request content. A third firewall is set between the UnionPay private network and the interface server, and the third firewall sends the corresponding payment information to the interface server according to the equipment code and request content.

Step S4: The first firewall sends the external information to the corresponding set-top box according to the device code.

On the other hand, the first firewall package also includes a scheduling protocol. The scheduling protocol groups all the set-top boxes and restricts the access parameters of the set-top boxes in the group through the grouping. The access parameters include access time, access frequency, and request information.

The above four main steps shown in Figure 2 have the following characteristics:

1. Fiber-optic dedicated lines are used for data transmission between the power private network and the cable radio and television network, and between the UnionPay network and the cable broadcast and TV network, ensuring the independence of data access.

2. A hardware firewall is installed at the network interface of each unit, and security policy settings are made on the firewall: limited IP: only the IP of the specified device can access the internal network through the firewall.

3. Restricted ports: According to the port access requirements of the business system, open designated ports on the firewall and restrict access protocols.

4. Track and analyze the hardware firewall logs to check whether the network access is normal.

5. The communication content related to banking business is encrypted and transmitted, and any valid information cannot be intercepted and analyzed through illegal means.

6. The internal network of the interactive platform is divided into separate subnets, not interconnected with other networks, and only accepts the uplink data of the set-top box terminal; departments that need to connect to the internal network of the interactive platform must undergo security certification.

On the operating system level, the present invention adopts a more secure and reliable Linux operating system from the perspective of system security. Generally speaking, a secure operating system should support multiple security mechanisms such as identification and authentication, autonomous access control, mandatory access control, least privilege management, trusted channels, covert channel analysis and processing, and security auditing. On the application server of the Jincheng interactive TV self-service electricity bill payment system, the following methods are adopted to ensure system security:

1. When installing the Linux operating system, only install the required software packages, instead of adopting the default configuration and installing a large number of useless software packages.

2. Open the Linux firewall, close any unnecessary ports, and close the system SSH remote access.

3. Strictly manage system accounts, delete redundant operating system accounts, assign different users to different applications, and strictly control access rights.

4. At the application system level, the application software has been tested against SQL injection to ensure the security of database access.

To sum up, the present invention improves the security of the system through various measures in network security and system security, Jincheng interactive TV self-service electricity bill payment system, guarantees the security of user information, and also guarantees the security of electric power, cable, and UnionPay systems.

Those of ordinary skill in the art should recognize that the above embodiments are only used to illustrate the present invention, rather than as a limitation to the present invention, as long as within the scope of the spirit of the present invention, the above-described embodiments Changes and modifications will fall within the scope of the claims of the present invention.

Claims (7)

1. a secure access authentication method for the electricity charge system of paying of interactive television system, its feature exists In, including:

Step one, the solicited message of the first fire wall reading machine top box, described solicited message includes account Code, check code, access protocal, device coding；

Step 2, after described solicited message verified by the first fire wall, extracts in described solicited message Access protocal, device coding and request content, generate mission bit stream, and send to interface server；

Step 3, described interface server receives described mission bit stream, according to setting of described mission bit stream Standby coding from outside external information corresponding to reading and feeds back to described first fire wall with request content；

Step 4, described external information is sent to right by described first fire wall according to described device coding The Set Top Box answered.

2. the secure access certification of the electricity charge system of paying of interactive television system as claimed in claim 1 Method, it is characterised in that described external information includes the power information of power private network.

3. the secure access certification of the electricity charge system of paying of interactive television system as claimed in claim 2 Method, it is characterised in that be provided with the second fire wall between described power private network and described interface server, Corresponding power information is sent to institute by described second fire wall according to described device coding and request content State interface server.

4. the secure access certification of the electricity charge system of paying of interactive television system as claimed in claim 3 Method, it is characterised in that described external information includes the payment information of Unionpay's private network.

5. the secure access certification of the electricity charge system of paying of interactive television system as claimed in claim 4 Method, it is characterised in that be provided with the 3rd fire wall between described Unionpay private network and described interface server, Corresponding payment information is sent to institute by described 3rd fire wall according to described device coding and request content State interface server.

6. the secure access certification of the electricity charge system of paying of interactive television system as claimed in claim 5 Method, it is characterised in that described first fire wall bag also includes scheduling protocol, described scheduling protocol will All of Set Top Box is grouped, and by the access parameter of Set Top Box in packet restriction group.

7. the secure access certification of the electricity charge system of paying of interactive television system as claimed in claim 6 Method, it is characterised in that described access parameter includes access time, access frequency, solicited message.