CN106936806A - A kind of recognition methods of account abnormal login and device - Google Patents

A kind of recognition methods of account abnormal login and device Download PDF

Info

Publication number
CN106936806A
CN106936806A CN201511032652.4A CN201511032652A CN106936806A CN 106936806 A CN106936806 A CN 106936806A CN 201511032652 A CN201511032652 A CN 201511032652A CN 106936806 A CN106936806 A CN 106936806A
Authority
CN
China
Prior art keywords
information
address information
scope
activities
historical
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201511032652.4A
Other languages
Chinese (zh)
Inventor
吴攀
张焱凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201511032652.4A priority Critical patent/CN106936806A/en
Publication of CN106936806A publication Critical patent/CN106936806A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Telephone Function (AREA)

Abstract

The embodiment of the present application provides a kind of recognition methods of account abnormal login.Methods described includes:The historical address information of user is gathered, and the scope of activities information of the user is generated according to the historical address information;Recognize whether current account sign-on access is abnormal Account Logon according to the scope of activities information.According to the embodiment of the present application, can exactly identify whether current login is abnormal Account Logon, improves the accuracy to the identification of abnormal Account Logon.

Description

A kind of recognition methods of account abnormal login and device
Technical field
The application is related to Internet technical field, more particularly to a kind of recognition methods of account abnormal login With a kind of identifying device of account abnormal login.
Background technology
When User logs in account, it will usually carry out relatively more current login geographical position and a historical log The checking in geographical position, if currently login geographical position and historical log geographical position are inconsistent, then it is assumed that It is the abnormal login of simultaneously non-user operation.But in practical application, many hackers can be using software certainly Geographical position when definition is logged in so that above-mentioned geographical position RM failure, it is impossible to which identification is entered an item of expenditure in the accounts The abnormal login at family.And, when user needs often to go on business, travel, the geographical position of user changes After change, above-mentioned RM may judge current login exception and refuse User logs in, and user is made Into puzzlement.
Therefore, the current RM to abnormal login has that accuracy is relatively low.And The normal different-place login of None- identified user, have impact on Consumer's Experience.
The content of the invention
In view of the above problems, it is proposed that the embodiment of the present application overcomes above mentioned problem or extremely to provide one kind A kind of recognition methods of the account abnormal login for partially solving the above problems and a kind of corresponding account The identifying device of abnormal login.
It is described this application discloses a kind of recognition methods of account abnormal login in order to solve the above problems Method includes:
The historical address information of user is gathered, and the work of the user is generated according to the historical address information Dynamic range information;
Recognize whether current account sign-on access is abnormal Account Logon according to the scope of activities information.
Alternatively, whether the current sign-on access according to scope of activities information identification terminal submission For abnormal login includes:
Obtain the current address information residing for the current sign-on access;
Judge whether the current address information meets the scope of activities information, if it is not, then marking described Current sign-on access is abnormal login.
Alternatively, the historical address information includes registered address information, the history ground of the collection user Location information includes:
The registered address information of user input is extracted from the relative position of the first application program for being logged in;
And/or, by accessing the second application program of terminal, with from the association of second application program The registered address information of user input described in position acquisition.
Alternatively, the historical address information includes geographic address information, the history ground of the collection user Location information includes:
By accessing the 3rd application program of terminal, obtained with from the relative position of the 3rd application program The geographic address information of the 3rd application program positioning.
Alternatively, the historical address information includes network address information, the history ground of the collection user Location information includes:
Obtain terminal network address information in internet.
Alternatively, the historical address information of the collection user includes:
The change of the historical address information is monitored, and gathers the historical address information after change.
Alternatively, the scope of activities packet that the user is generated according to the historical address information Include:
Cluster the historical address information and obtain multiple activity focuses, by area described in the multiple movable focus Domain as the user scope of activities information;
It is described to judge whether the current address information meets the scope of activities information and be:
Judge in the region that the scope of activities information is covered with the presence or absence of being matched with the current address The target histories address information of information.
Alternatively, multiple activity focuses are obtained in the cluster historical address information, is connected described many Before individual movable focus obtains the scope of activities information of the user, methods described also includes:
It is destination address form by the historical address information analysis.
Alternatively, the historical address information include it is various, methods described also includes:
According to the precision grade of the historical address information, add corresponding for the scope of activities information Precision grade;
It is described to judge whether the current address information meets the scope of activities information and include:
Judge whether the current address information meets the scope of activities information of each precision grade successively.
Alternatively, methods described also includes:
According to the scope of activities information that last time meets, to current address information mark confidence level level Not;
If current sign-on access is identified for abnormal login, and correspondence confidence levels are higher than pre-set level threshold Value, then send the first indicating risk information to the terminal.
Alternatively, methods described also includes:
When identifying that current sign-on access is abnormal login, then refuse current sign-on access.
Alternatively, methods described also includes:
The scope of activities information is monitored, when the amplitude of variation that the scope of activities information changes is more than Predetermined threshold value, sends the second indicating risk information to the terminal.
In order to solve the above problems, disclosed herein as well is a kind of identifying device of account abnormal login, institute Stating device includes:
Scope of activities information generating module, for gathering the historical address information of user, and goes through according to described History address information generates the scope of activities information of the user;
Abnormal Account Logon identification module, for recognizing that current account is logged according to the scope of activities information Whether access is abnormal Account Logon.
Alternatively, the abnormal Account Logon identification module includes:
Current address information acquisition submodule, for obtaining the current address residing for the current sign-on access Information;
Current address information judging submodule, for judging whether the current address information meets the work Dynamic range information, if it is not, it is abnormal login then to mark the current sign-on access.
Alternatively, the historical address information includes registered address information, the scope of activities information generation Module includes:
First application program extracting sub-module, for being carried from the relative position of the first application program for being logged in Take the registered address information of user input;
Second application program accesses submodule, for the second application program by accessing terminal, with from institute The relative position for stating the second application program obtains the registered address information of the user input.
Alternatively, the historical address information includes geographic address information, the scope of activities information generation Module includes:
3rd application program accesses submodule, for the 3rd application program by accessing terminal, with from institute The relative position for stating the 3rd application program obtains the geographic address information of the 3rd application program positioning.
Alternatively, the historical address information includes network address information, the scope of activities information generation Module includes:
Believe network address information acquisition submodule, the address for obtaining terminal network in internet Breath.
Alternatively, the scope of activities information generating module includes:
Historical address information monitors submodule, for monitoring the change of the historical address information, and gathers Historical address information after change.
Alternatively, the scope of activities information generating module includes:
Historical address information cluster submodule, multiple activity heat are obtained for clustering the historical address information Point, using scope of activities information of the region as the user described in the multiple movable focus;
The current address information judging submodule specifically for:
Judge in the region that the scope of activities information is covered with the presence or absence of being matched with the current address The target histories address information of information.
Alternatively, described device also includes:
Historical address information analysis module, for being destination address lattice by the historical address information analysis Formula.
Alternatively, the historical address information include it is various, described device also includes:
Precision grade add module, for the precision grade according to the historical address information, for described Scope of activities information adds corresponding precision grade;
The current address information judging submodule includes:
Judgment sub-unit successively, for judging whether the current address information meets each levels of precision successively Other scope of activities information.
Alternatively, described device also includes:
Confidence levels mark module, for the scope of activities information met according to last time, to described Current address information marks confidence levels;
First indicating risk information sending module, if for identifying current sign-on access for abnormal login, And correspondence confidence levels are higher than pre-set level threshold value, then send the first indicating risk information to the end End.
Alternatively, described device also includes:
Sign-on access refuses module, for when current sign-on access is identified for abnormal login, then refusal to be worked as Preceding sign-on access.
Alternatively, described device also includes:
Scope of activities information monitors module, for monitoring the scope of activities information, when the scope of activities The amplitude of variation that information changes is more than predetermined threshold value, sends the second indicating risk information to the end End.
The embodiment of the present application includes advantages below:
According to the embodiment of the present application, the scope of activities for generating user by the historical address information of user is believed Breath, abnormal Account Logon is recognized according to scope of activities information, and current simple historical log is compared compared to rising Geographical position and the current abnormal login RM for logging in geographical position, can identify current exactly Whether login is abnormal Account Logon, improves the accuracy to the identification of abnormal Account Logon.And, this The historical address information that application embodiment is based on user is identified, and can effectively identify that user is normal Different-place login, it is to avoid normal different-place login is identified as abnormal login and refuses the feelings of User logs in Condition, improves Consumer's Experience.
Brief description of the drawings
The step of Fig. 1 is a kind of recognition methods embodiment one of account abnormal login of the application flow chart;
The step of Fig. 2 is a kind of recognition methods embodiment two of account abnormal login of the application flow chart;
Fig. 3 is a kind of structured flowchart of the identifying device embodiment one of account abnormal login of the application;
Fig. 4 is a kind of structured flowchart of the identifying device embodiment two of account abnormal login of the application;
Fig. 5 is a kind of identification process schematic diagram of account abnormal login of the application;
Fig. 6 is a kind of schematic flow sheet of positional information acquisition process of the application;
Fig. 7 is a kind of schematic flow sheet that cleaning treatment is carried out to positional information of the application;
Fig. 8 is a kind of schematic diagram for the classification of positional information precision of the application;
Fig. 9 is the schematic diagram that a kind of utilization positional information of the application is modeled treatment;
Figure 10 is a kind of schematic diagram that scope of activities is generated according to the precision grade of positional information of the application.
Specific embodiment
To enable above-mentioned purpose, the feature and advantage of the application more obvious understandable, below in conjunction with the accompanying drawings The application is described in further detail with specific embodiment.
Reference picture 1, shows a kind of step of the recognition methods embodiment one of account abnormal login of the application Rapid flow chart, specifically may include steps of:
Step 101, gathers the historical address information of user, and generate institute according to the historical address information State the scope of activities information of user.
The historical address information of user can include registered address information, geographic address information and the network address At least one in information, can also include the address information of its type.
Wherein, registered address information refers to the address information that user fills in, and the software according to user's registration is not Together, the precision of correspondence positioning is also different, for example can be specific to certain region in certain city, to some Transaction software can be specific to certain street;Geographic address information refers to residing relative position on map Information, can be longitude and latitude or other representations;Network address information refers to the end that user is used Hold the address information in internet, such as IP address, MAC Address etc..
In concrete implementation, the historical address information that can be directed to user is acquired treatment.The side of collection Depending on formula can be according to the type of historical address information, for example, be directed to registered address information, can from The registered place that user preserves is extracted in electronic trade platform class website that family is logged in or electronic transaction software Location information, or from user when electronic transaction is carried out in the order of submission extract user input for receiving The address information of goods;Again for example, being directed to network address information, the network address that can be preserved from terminal Network address information is read in information record daily record.In practical application, those skilled in the art can use Various modes are from the database of the historical address information with user, website, application program and/or terminal In accordingly obtain.
The scope of activities information of user can be generated according to the multiple historical address information for collecting.Generation is lived The mode of dynamic range information can have various, such as many using a historical address information as movable focus Individual movable focus can emerge a movable focus cloud, and the movable focus cloud covers the daily activity of user Scope;The pre-set radius that each historical address information can be for example based on again form multiple scopes of activities, will The scope of activities of mutually covering aggregates into the scope of activities information of user.Those skilled in the art can basis Actual conditions can reflect that user potentially carries out the position of Account Logon using the generation of historical address information The scope of activities information put.
Step 102, recognizes whether current account sign-on access is abnormal account according to the scope of activities information Family logs in.
The location of user's history can be reflected based on scope of activities information, carried out in the range of this Account Logon, even if different from the position of historical log, it is the normal strange land of user also to have larger possibility Log in.Specifically, can from the Account Logon access request of user or User logs in account when use The current address information of user is obtained in terminal, if current address information is in scope of activities, or It is consistent with certain the historical address information in scope of activities information, then can identify current Account Logon It is normal strange land Account Logon;If not in scope of activities, or with scope of activities information in Certain historical address information is inconsistent, then show that the strange land account for being probably and non-user is carried out is stepped on Record, can identify that current account sign-on access is abnormal Account Logon.
According to the embodiment of the present application, the historical address information generation based on various dimensions can reflect that user is potential Account Logon position scope of activities information, abnormal Account Logon, phase are recognized according to scope of activities information Know compared with the current simple abnormal login for comparing historical log geographical position and current login geographical position Other mode, can more accurately recognize whether current login is abnormal Account Logon, is improved to abnormal account Family logs in the accuracy of identification.And, the embodiment of the present application is avoided and is identified as normal different-place login Abnormal login and refuse the situation of User logs in, improve Consumer's Experience.
Reference picture 2, shows a kind of step of the recognition methods embodiment two of account abnormal login of the application Rapid flow chart, specifically may include steps of:
Step 201, gathers the historical address information of user.
Used as the preferred exemplary one of the embodiment of the present application, the historical address information is believed including registered address Breath, the step 201 can include:
Step S1, the registered address of user input is extracted from the relative position of the first application program for being logged in Information.And/or, step S2, by accessing the second application program of terminal, is applied with from described second The relative position of program obtains the registered address information of the user input.
Registered address information can include the receipts being input into when user's registration electronic transaction account or forum's account The information of the expression user of goods address, home address, work address or contact address etc. once present position. First application program can include electronic transaction software and/or other need user input registered address information Application program.Specifically, for registered address information, can in the first application program of User logs in, In the relative position for user input address information, the registered address information that user is input into is extracted.For example, User is extracted in the electronic trade platform class website that can be logged in from user or electronic transaction software to preserve Registered address information, or extract user input in the order of submission when electronic transaction is carried out from user For the address information received.
Second application program can include electronic transaction software and/or other various user inputs of preserving The application program of registered address information.Second application program can be identical with the first application program, it is also possible to It is the other application programs different from the first application program.Specifically, can be by accessing in terminal Two application programs, the registered address letter of user input is obtained from the relative position for preserving registered address information Breath.
Used as the preferred exemplary two of the embodiment of the present application, the historical address information is believed including geographical address Breath, the step 201 can include:
Step S3, by accessing the 3rd application program of terminal, with from the association of the 3rd application program The geographic address information of the 3rd application program positioning described in position acquisition.
Geographic address information can include positioning the geographical position for obtaining by the gps system of terminal.The Three application programs be able to can be positioned including map application, Geographic mapping application program etc. are various And record the application program of geographic address information residing for user's history.Specifically, can be by accessing eventually The 3rd application program on end, positioning is obtained or history is obtained with from the relative position of the 3rd application program The geographic address information of record.
Used as the preferred exemplary three of the embodiment of the present application, the historical address information is believed including the network address Breath, the step 201 can include:
Step S4, obtains terminal network address information in internet.
Network address information represents the information of terminal unique identification address in a network, the usual network address There is certain corresponding relation with geographical position, residing for the network address information according to terminal can determine terminal Geographical position.Specifically, network address letter is read in the position that can be associated with network connection from terminal Breath.
Used as the preferred exemplary four of the embodiment of the present application, the step 201 can also include:
Step S5, monitors the change of the historical address information, and gathers the historical address information after change.
In practical application, historical address information is it may happen that change, such as user is in electronic transaction software In have modified ship-to.Therefore, it can monitor the change of historical address information, will after changing Its collection is used as historical address information.
It should be noted that the acquisition mode of historical address information that is provided of above-mentioned preferred exemplary can be with It is used separately or in combination, to obtain polytype historical address information.Additionally, in practical application, this Art personnel can adopt database, net in various manners from the historical address information with user Stand, accordingly obtain in application program and/or terminal, the mode of acquisition can be according to historical address information Depending on type.
Step 202, clusters the historical address information and obtains multiple activity focuses, by the multiple activity Region described in focus as the user scope of activities information.
Can the multiple historical address information that collected be carried out clustering processing to obtain multiple activity focuses. Specifically, it is possible to use partitioning, stratification, density algorithm, graph theory clustering method or trellis algorithm etc. Clustering algorithm builds historical address information model, and the historical address information model can be believed based on historical address Similarity between breath obtains several movable focuses.The region that multiple activity focuses are covered is used as retouching State the scope of activities information of User Activity focus profile.
Step 203, obtains the current address information residing for the current sign-on access.
Step 204, judges whether the current address information meets the scope of activities information, if it is not, It is abnormal login then to mark the current sign-on access.
The current address information of user can be obtained from the Account Logon access request or terminal of user, Judge whether current address information meets scope of activities information, if not meeting scope of activities information, table The abnormal login that bright current sign-on access may be carried out not by user, it is possible to accordingly enter rower Note.
It is described to judge whether the current address information meets institute as the preferred exemplary of the embodiment of the present application Stating scope of activities information can be specially:Judge whether deposited in the region that the scope of activities information is covered It is being matched with the target histories address information of the current address information.If scope of activities information is covered Region in there are the target histories address information for being matched with current address information, then show current login Access is to log in together;May be that abnormal different-place login is accessed if not existing.
Used as the preferred exemplary of the embodiment of the present application, before the step 202, methods described can be also Including:It is destination address form by the historical address information analysis.
Destination address form can appoint for registered address information, geographic address information or network address information etc. A regional extent or a specific coordinate points in meaning form, specifically geographical position.Collect The information format of original historical address information, precision grade may be different with information dimension, therefore can be with Dissection process is carried out for historical address information, is destination address form with analytic uniform.For example, network Address information can resolve to urban area scope, and registered address information can resolve to street region model Enclose, geographic address information can resolve to gps coordinate point.It is of course also possible to be gone through different types of History address information resolves to unified destination address form, for example, by registered address information, the network address Information, reason address information analytic uniform are urban area scope.
It is destination address form by historical address information analysis, historical address information after dissection process can be with The different precision grade of Attribute transposition according to destination address form, such that it is able to be based on different accuracy rank Historical address information, clustering processing is carried out respectively.Specifically, for the history ground of certain precision grade Location information, can be clustered and obtain several movable focuses, and the precision can be generated based on these movable focuses The scope of activities information of rank.Additionally, after the historical address information of different accuracy rank carries out clustering processing, The scope of activities distribution map of each precision grade can be obtained.
As the preferred exemplary of the embodiment of the present application, the historical address information include it is various, for example, on State various in registered address information, geographic address information and network address information, methods described can be also Including:According to the precision grade of the historical address information, correspondence is added for the scope of activities information Precision grade.
Precision grade can be the vertical division level for representing positional information precision of precision stack etc., Can be other division levels for representing positional precision.Different types of historical address information has Different precision grades.For example, the precision grade of the geographic address information of GPS information etc. belongs to longitude and latitude Rank;The precision grade of the registered address information of ship-to, home address etc. is street rank;IP ground The precision grade of the network address information of location etc. is city rank.Precision grade higher represents history ground The regional extent that location information is covered is smaller, based on the scope of activities information that the historical address information is generated Scope it is also relatively small.
Specifically, can be according to the precision grade of historical address information, for going through by different accuracy rank The scope of activities information of history address information cluster adds corresponding precision grade, in order to follow-up judgement Whether current address information meets the scope of activities information of different accuracy rank.
It is described to judge whether the current address information meets the scope of activities information and include:Successively Judge whether the current address information meets the scope of activities information of each precision grade.
Can be according to default level order, in the scope of activities that each precision grade is formed, respectively Judge whether current address information meets the corresponding scope of activities information of the precision grade.For example, can be first Judged from the other scope of activities information of City-level.Correspondingly, the confidence level of precision and judged result Positive correlation, if current address information meets precision grade scope of activities information higher, shows to judge knot The confidence levels of fruit are higher, and the possibility of abnormal login is smaller.If current address information does not meet appointed What scope of activities information for precision grade, this sign-on access for abnormal login possibility just compared with Greatly.
Step 205, when identifying that current sign-on access is abnormal login, then refuses current sign-on access.
For the abnormal login for identifying, its sign-on access can be refused, in order to avoid logged in by disabled user.
According to the embodiment of the present application, generated by clustering the historical address information of different accuracy rank corresponding The scope of activities information of precision grade, and judge whether current address information meets each precision grade successively Scope of activities information, using the relation of precision grade and the confidence level of judged result, improve to exception Log in the accuracy and address coverage rate of identification.
Used as the preferred exemplary of the embodiment of the present application, methods described can also include:
According to the scope of activities information that last time meets, to current address information mark confidence level level Not;If current sign-on access is identified for abnormal login, and correspondence confidence levels are higher than pre-set level threshold Value, then send the first indicating risk information to the terminal.
The confidence level positive correlation of precision and judged result, therefore precision grade can have corresponding confidence level Rank, for example, longitude and latitude rank corresponds to confidence levels higher, city rank corresponds to relatively low Confidence levels.
In practical application, whenever user carries out Account Logon access by terminal, can be according to current address Information carries out a Real time identification.Real time identification can be carried out according to certain precision grade order, according to The precision grade of the scope of activities information that last time is met when recognizing, respective markers precision grade correspondence Confidence levels.For example, being primarily based on the scope of activities information identification current address letter of longitude and latitude rank Breath, if not meeting, continues to be identified based on street region rank or the other scope of activities information of City-level. When until in the other scope of activities information of City-level, just identifying that current address information meets the precision grade Scope of activities information, relatively low confidence levels correspondingly can be marked to current address information.
For current sign-on access has been identified for abnormal login, when the scope of activities of its last time identification The precision grade of information be higher than pre-set level threshold value, show current sign-on access be abnormal login risk compared with Height, can send the first indicating risk information to terminal to alert user.
Used as the preferred exemplary of the embodiment of the present application, methods described can also include:Monitor the movable model Information is enclosed, when the amplitude of variation that the scope of activities information changes is more than predetermined threshold value, second is sent Indicating risk information is to the terminal.The scope of activities of usual user is relatively fixed, if listening to certain There is change by a relatively large margin in historical address information, cause scope of activities to change therewith, then show to deposit Account is stolen, address information by the risk of malicious modification etc., the second indicating risk information can be sent To terminal alerting user.
Additionally, the recognition methods that is provided of the embodiment of the present application can be based on by Java service ends, database, The identifying system that browser client and mobile phone applications client are disposed is implemented.
For the ease of skilled artisan understands that the embodiment of the present application, below in conjunction with Fig. 5 to Figure 10 pairs The scheme of the application is illustrated.
Fig. 5 shows a kind of identification process schematic diagram of account abnormal login.It can be seen that identification Main flow can include collection, cleaning, modeling and differentiate Four processes.Gatherer process mainly will be various Source, the positional information recording synchronism of various dimensions are in system;Cleaning process is mainly to different dimensions Positional information carries out unified representation conversion process, and opsition dependent precision is classified;Modeling process is not to Cluster analysis is carried out with the positional information of precision level, the movable focus of user is depicted;In discrimination process Judge whether current address information meets the scope of activities information of each precision grade successively, and according to last Precision grade corresponding to the scope of activities information for once meeting assesses the confidence level of judged result, according to can Reliability can make assessment to the current security risk for logging in.
Fig. 6 shows a kind of schematic flow sheet of positional information acquisition process.It can be seen that position is believed Breath has various sources, and system can monitor the change of various source location informations, and these change notifications Or collector the step of be updated to Real-time Collection user's history address information.Such as, received when buyer changes During goods address, new ship-to can be updated in a timely manner in collector.
Fig. 7 shows a kind of schematic flow sheet that cleaning treatment is carried out to positional information.It can be seen that , because source is different, dimension may be also different for the original position-information for collecting, and are unfavorable for that modeling is processed, So needs are changed, with unified representation position.After conversion, different positional informations have difference Precision classification, different precision grades can reflect the degree of accuracy of recognition result, such that it is able to basis The degree of accuracy carries out the assessment of risk size to recognition result.
Fig. 8 shows a kind of schematic diagram for the classification of positional information precision.It can be seen that can be by The precision stack of positional information is divided into Three Estate, is respectively city rank (1 grade), street rank (2 Level) and longitude and latitude rank (3 grades), from low to high, coverage is descending for precision grade.
Fig. 9 shows that a kind of utilization positional information is modeled the schematic diagram for the treatment of.It can be seen that can Network address information is converted into by IP address unification, ship-to unification is converted into registered address letter Breath, the GPS information unification that the GPS information of electronic transaction software records and map software positioning are obtained Geographic address information is converted into, using the geographic address information of longitude and latitude rank, the other registered place of street-level The other network address information of location information, City-level represents unified positional information, to generate positional information mould Type.
Figure 10 shows a kind of schematic diagram that scope of activities is generated according to the precision grade of positional information.From Visible in figure, the other scope of activities of City-level is larger, and region class other scope of activities in street is relatively small, And the scope of activities of longitude and latitude rank is several GPS points.Three positional informations of different accuracy rank The set description movable focus profile of user, user logs in the precision band of position higher, abnormal The possibility of login is lower.And if user currently logs in all focuses of the place beyond all ranks Scope, then the possibility of user's abnormal login is just very high.
It should be noted that for embodiment of the method, in order to be briefly described, therefore it is all expressed as one it is The combination of actions of row, but those skilled in the art should know, and the embodiment of the present application is not by described Sequence of movement limitation because according to the embodiment of the present application, some steps can using other orders or Person is carried out simultaneously.Secondly, those skilled in the art should also know, embodiment described in this description Preferred embodiment is belonged to, necessary to involved action not necessarily the embodiment of the present application.
Reference picture 3, shows a kind of knot of the identifying device embodiment one of account abnormal login of the application Structure block diagram, can specifically include such as lower module:
Scope of activities information generating module 301, the historical address information for gathering user, and according to institute State the scope of activities information that historical address information generates the user.
Abnormal Account Logon identification module 302, for recognizing current account according to the scope of activities information Whether sign-on access is abnormal Account Logon.
According to the embodiment of the present application, the historical address information generation based on various dimensions can reflect that user is potential Account Logon position scope of activities information, abnormal Account Logon, phase are recognized according to scope of activities information Know compared with the current simple abnormal login for comparing historical log geographical position and current login geographical position Other mode, can more accurately recognize whether current login is abnormal Account Logon, is improved to abnormal account Family logs in the accuracy of identification.And, the embodiment of the present application is avoided and is identified as normal different-place login Abnormal login and refuse the situation of User logs in, improve Consumer's Experience.
Reference picture 4, shows a kind of knot of the identifying device embodiment two of account abnormal login of the application Structure block diagram, can specifically include such as lower module:
Scope of activities information generating module 401, the historical address information for gathering user, and according to institute State the scope of activities information that historical address information generates the user.
Abnormal Account Logon identification module 402, for recognizing current account according to the scope of activities information Whether sign-on access is abnormal Account Logon.
Sign-on access refuses module 403, for when identifying that current sign-on access is abnormal login, then refusing Sign-on access current absolutely.
Used as the preferred exemplary of the embodiment of the present application, the abnormal Account Logon identification module 402 can be wrapped Include:
Current address information acquisition submodule, for obtaining the current address residing for the current sign-on access Information;
Current address information judging submodule, for judging whether the current address information meets the work Dynamic range information, if it is not, it is abnormal login then to mark the current sign-on access.
Used as the preferred exemplary one of the embodiment of the present application, the historical address information is believed including registered address Breath, the scope of activities information generating module 401 can include:
First application program extracting sub-module, for being carried from the relative position of the first application program for being logged in Take the registered address information of user input.
Second application program accesses submodule, for the second application program by accessing terminal, with from institute The relative position for stating the second application program obtains the registered address information of the user input.
Used as the preferred exemplary two of the embodiment of the present application, the historical address information is believed including geographical address Breath, the scope of activities information generating module 401 can include:
3rd application program accesses submodule, for the 3rd application program by accessing terminal, with from institute The relative position for stating the 3rd application program obtains the geographic address information of the 3rd application program positioning.
Used as the preferred exemplary three of the embodiment of the present application, the historical address information is believed including the network address Breath, the scope of activities information generating module 401 can include:
Believe network address information acquisition submodule, the address for obtaining terminal network in internet Breath.
Used as the preferred exemplary four of the embodiment of the present application, the scope of activities information generating module 401 can be with Including:
Historical address information monitors submodule, for monitoring the change of the historical address information, and gathers Historical address information after change.
Used as the preferred exemplary five of the embodiment of the present application, the scope of activities information generating module 401 can be with Including:
Historical address information cluster submodule, multiple activity heat are obtained for clustering the historical address information Point, using scope of activities information of the region as the user described in the multiple movable focus;
The current address information judging submodule specifically for:
Judge in the region that the scope of activities information is covered with the presence or absence of being matched with the current address The target histories address information of information.
Used as the preferred exemplary of the embodiment of the present application, described device can also include:
Historical address information analysis module, for being destination address lattice by the historical address information analysis Formula.
Used as the preferred exemplary of the embodiment of the present application, described device can also include:
Precision grade add module, for the precision grade according to the historical address information, for described Scope of activities information adds corresponding precision grade;
The current address information judging submodule includes:
Judgment sub-unit successively, for judging whether the current address information meets each levels of precision successively Other scope of activities information.
Used as the preferred exemplary of the embodiment of the present application, described device can also include:
Confidence levels mark module, for the scope of activities information met according to last time, to described Current address information marks confidence levels.
First indicating risk information sending module, if for identifying current sign-on access for abnormal login, And correspondence confidence levels are higher than pre-set level threshold value, then send the first indicating risk information to the end End.
Used as the preferred exemplary of the embodiment of the present application, described device can also include:
Scope of activities information monitors module, for monitoring the scope of activities information, when the scope of activities The amplitude of variation that information changes is more than predetermined threshold value, sends the second indicating risk information to the end End.
According to the embodiment of the present application, generated by clustering the historical address information of different accuracy rank corresponding The scope of activities information of precision grade, and judge whether current address information meets each precision grade successively Scope of activities information, using the relation of precision grade and the confidence level of judged result, improve to exception Log in the accuracy and address coverage rate of identification.
For device embodiment, because it is substantially similar to embodiment of the method, so the comparing of description Simply, the relevent part can refer to the partial explaination of embodiments of method.
Each embodiment in this specification is described by the way of progressive, and each embodiment is stressed Be all difference with other embodiment, between each embodiment identical similar part mutually referring to .
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present application can be provided as method, dress Put or computer program product.Therefore, the embodiment of the present application can using complete hardware embodiment, completely The form of the embodiment in terms of software implementation or combination software and hardware.And, the embodiment of the present application Can use can be situated between in one or more computers for wherein including computer usable program code with storage The computer journey implemented in matter (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of sequence product.
In a typical configuration, the computer equipment includes one or more processors (CPU), input/output interface, network interface and internal memory.Internal memory potentially includes computer-readable Jie Volatile memory in matter, the shape such as random access memory (RAM) and/or Nonvolatile memory Formula, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is showing for computer-readable medium Example.Computer-readable medium includes that permanent and non-permanent, removable and non-removable media can To realize information Store by any method or technique.Information can be computer-readable instruction, number According to structure, the module of program or other data.The example of the storage medium of computer includes, but not It is limited to phase transition internal memory (PRAM), static RAM (SRAM), dynamic randon access to deposit Reservoir (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), Electrically Erasable Read Only Memory (EEPROM), fast flash memory bank or other memory techniques, Read-only optical disc read-only storage (CD-ROM), digital versatile disc (DVD) or other optical storages, Magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus or any other non-transmitting are situated between Matter, can be used to store the information that can be accessed by a computing device.Defined according to herein, calculated Machine computer-readable recording medium does not include the computer readable media (transitory media) of non-standing, such as number of modulation It is believed that number and carrier wave.
The embodiment of the present application is with reference to the method according to the embodiment of the present application, terminal device (system) and meter The flow chart and/or block diagram of calculation machine program product is described.It should be understood that can be by computer program instructions Realize each flow and/or square frame and flow chart and/or the square frame in flow chart and/or block diagram The combination of flow and/or square frame in figure.Can provide these computer program instructions to all-purpose computer, The processor of special-purpose computer, Embedded Processor or other programmable data processing terminal equipments is producing One machine so that by the computing device of computer or other programmable data processing terminal equipments Instruction produce for realizing in one flow of flow chart or multiple one square frame of flow and/or block diagram or The device of the function of being specified in multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable datas to process In the computer-readable memory that terminal device works in a specific way so that storage is in the computer-readable Instruction in memory is produced and includes the manufacture of command device, and command device realization is in flow chart one The function of being specified in flow or multiple one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions can also be loaded into computer or other programmable data processing terminals set It is standby upper so that execution series of operation steps is in terms of producing on computer or other programmable terminal equipments The treatment that calculation machine is realized, so as to the instruction performed on computer or other programmable terminal equipments provides use In realization in one flow of flow chart or multiple one square frame of flow and/or block diagram or multiple square frames The step of function of specifying.
Although having been described for the preferred embodiment of the embodiment of the present application, those skilled in the art are once Basic creative concept is known, then other change and modification can be made to these embodiments.So, Appended claims are intended to be construed to include preferred embodiment and fall into the institute of the embodiment of the present application scope Have altered and change.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms It is used merely to make a distinction an entity or operation with another entity or operation, and not necessarily requires Or imply between these entities or operation there is any this actual relation or order.And, art Language " including ", "comprising" or any other variant thereof is intended to cover non-exclusive inclusion so that So that process, method, article or terminal device including a series of key elements not only include those key elements, But also other key elements including being not expressly set out, or also include being this process, method, thing Product or the intrinsic key element of terminal device.In the absence of more restrictions, by sentence " including It is individual ... " limit key element, it is not excluded that at the process including the key element, method, article or end Also there is other identical element in end equipment.
Recognition methods to a kind of account abnormal login provided herein and a kind of account exception above The identifying device of login, is described in detail, principle of the specific case to the application used herein And implementation method is set forth, the explanation of above example is only intended to help and understands the present processes And its core concept;Simultaneously for those of ordinary skill in the art, according to the thought of the application, Be will change in specific embodiment and range of application, in sum, this specification content should not It is interpreted as the limitation to the application.

Claims (20)

1. a kind of recognition methods of account abnormal login, it is characterised in that including:
The historical address information of user is gathered, and the work of the user is generated according to the historical address information Dynamic range information;
Recognize whether current account sign-on access is abnormal Account Logon according to the scope of activities information.
2. method according to claim 1, it is characterised in that described according to the scope of activities Whether the current sign-on access that information identification terminal is submitted to is that abnormal login includes:
Obtain the current address information residing for the current sign-on access;
Judge whether the current address information meets the scope of activities information, if it is not, then marking described Current sign-on access is abnormal login.
3. method according to claim 1, it is characterised in that the historical address information includes Registered address information, the historical address information of the collection user includes:
The registered address information of user input is extracted from the relative position of the first application program for being logged in;
And/or, by accessing the second application program of terminal, with from the association of second application program The registered address information of user input described in position acquisition.
4. method according to claim 1, it is characterised in that the historical address information includes Geographic address information, the historical address information of the collection user includes:
By accessing the 3rd application program of terminal, obtained with from the relative position of the 3rd application program The geographic address information of the 3rd application program positioning.
5. method according to claim 1, it is characterised in that the historical address information includes Network address information, the historical address information of the collection user includes:
Obtain terminal network address information in internet.
6. method according to claim 1, it is characterised in that the history ground of the collection user Location information includes:
The change of the historical address information is monitored, and gathers the historical address information after change.
7. method according to claim 2, it is characterised in that described according to the historical address The scope of activities information that information generates the user includes:
Cluster the historical address information and obtain multiple activity focuses, by area described in the multiple movable focus Domain as the user scope of activities information;
It is described to judge whether the current address information meets the scope of activities information and be:
Judge in the region that the scope of activities information is covered with the presence or absence of being matched with the current address The target histories address information of information.
8. method according to claim 7, it is characterised in that on the cluster history ground Location information obtains multiple activity focuses, connects the scope of activities that the multiple movable focus obtains the user Before information, methods described also includes:
It is destination address form by the historical address information analysis.
9. method according to claim 2, it is characterised in that the historical address information includes Various, methods described also includes:
According to the precision grade of the historical address information, add corresponding for the scope of activities information Precision grade;
It is described to judge whether the current address information meets the scope of activities information and include:
Judge whether the current address information meets the scope of activities information of each precision grade successively.
10. method according to claim 9, it is characterised in that methods described also includes:
According to the scope of activities information that last time meets, to current address information mark confidence level level Not;
If current sign-on access is identified for abnormal login, and correspondence confidence levels are higher than pre-set level threshold Value, then send the first indicating risk information to the terminal.
11. methods according to claim 1, it is characterised in that methods described also includes:
When identifying that current sign-on access is abnormal login, then refuse current sign-on access.
12. methods according to claim 1, it is characterised in that methods described also includes:
The scope of activities information is monitored, when the amplitude of variation that the scope of activities information changes is more than Predetermined threshold value, sends the second indicating risk information to the terminal.
A kind of 13. identifying devices of account abnormal login, it is characterised in that including:
Scope of activities information generating module, for gathering the historical address information of user, and goes through according to described History address information generates the scope of activities information of the user;
Abnormal Account Logon identification module, for recognizing that current account is logged according to the scope of activities information Whether access is abnormal Account Logon.
14. devices according to claim 13, it is characterised in that the abnormal Account Logon is known Other module includes:
Current address information acquisition submodule, for obtaining the current address residing for the current sign-on access Information;
Current address information judging submodule, for judging whether the current address information meets the work Dynamic range information, if it is not, it is abnormal login then to mark the current sign-on access.
15. devices according to claim 13, it is characterised in that the historical address packet Registered address information is included, the scope of activities information generating module includes:
First application program extracting sub-module, for being carried from the relative position of the first application program for being logged in Take the registered address information of user input;
Second application program accesses submodule, for the second application program by accessing terminal, with from institute The relative position for stating the second application program obtains the registered address information of the user input.
16. devices according to claim 13, it is characterised in that the historical address packet Geographic address information is included, the scope of activities information generating module includes:
3rd application program accesses submodule, for the 3rd application program by accessing terminal, with from institute The relative position for stating the 3rd application program obtains the geographic address information of the 3rd application program positioning.
17. devices according to claim 13, it is characterised in that the historical address packet Network address information is included, the scope of activities information generating module includes:
Believe network address information acquisition submodule, the address for obtaining terminal network in internet Breath.
18. devices according to claim 13, it is characterised in that the scope of activities information life Include into module:
Historical address information monitors submodule, for monitoring the change of the historical address information, and gathers Historical address information after change.
19. devices according to claim 14, it is characterised in that the scope of activities information life Include into module:
Historical address information cluster submodule, multiple activity heat are obtained for clustering the historical address information Point, using scope of activities information of the region as the user described in the multiple movable focus;
The current address information judging submodule specifically for:
Judge in the region that the scope of activities information is covered with the presence or absence of being matched with the current address The target histories address information of information.
20. devices according to claim 19, it is characterised in that described device also includes:
Historical address information analysis module, for being destination address lattice by the historical address information analysis Formula.
CN201511032652.4A 2015-12-31 2015-12-31 A kind of recognition methods of account abnormal login and device Pending CN106936806A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511032652.4A CN106936806A (en) 2015-12-31 2015-12-31 A kind of recognition methods of account abnormal login and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511032652.4A CN106936806A (en) 2015-12-31 2015-12-31 A kind of recognition methods of account abnormal login and device

Publications (1)

Publication Number Publication Date
CN106936806A true CN106936806A (en) 2017-07-07

Family

ID=59444738

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511032652.4A Pending CN106936806A (en) 2015-12-31 2015-12-31 A kind of recognition methods of account abnormal login and device

Country Status (1)

Country Link
CN (1) CN106936806A (en)

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107330126A (en) * 2017-07-20 2017-11-07 北京小度信息科技有限公司 Method and apparatus for output information
CN107395585A (en) * 2017-07-17 2017-11-24 顺丰科技有限公司 A kind of acquisition methods, system and the equipment of the abnormal index based on timing node
CN107682336A (en) * 2017-09-30 2018-02-09 北京梆梆安全科技有限公司 A kind of auth method and device based on geographical position
CN107911395A (en) * 2017-12-30 2018-04-13 世纪龙信息网络有限责任公司 Login validation method and system, computer-readable storage medium and equipment
CN108282490A (en) * 2018-02-09 2018-07-13 深圳壹账通智能科技有限公司 Processing method, device, computer equipment and the storage medium of abnormal registration user
CN108694547A (en) * 2018-06-15 2018-10-23 顺丰科技有限公司 Account abnormality recognition method, device, equipment and storage medium
CN108875327A (en) * 2018-05-28 2018-11-23 阿里巴巴集团控股有限公司 One seed nucleus body method and apparatus
CN109741067A (en) * 2018-12-19 2019-05-10 广州羊城通有限公司 A kind of data processing method and device based on IC card unlocking
CN110245611A (en) * 2019-06-14 2019-09-17 腾讯科技(深圳)有限公司 Image-recognizing method, device, computer equipment and storage medium
CN110322028A (en) * 2018-03-29 2019-10-11 北京红马传媒文化发展有限公司 Method for managing resource, device and electronic equipment
CN110322573A (en) * 2018-03-30 2019-10-11 北京红马传媒文化发展有限公司 User authentication method, user authentication device and electronic equipment
WO2019227337A1 (en) * 2018-05-30 2019-12-05 重庆小雨点小额贷款有限公司 Security management method based on block chain, related device, and storage medium
CN110544132A (en) * 2019-09-06 2019-12-06 上海喜马拉雅科技有限公司 Method, device, equipment and storage medium for determining user frequent activity position
CN111212019A (en) * 2018-11-22 2020-05-29 阿里巴巴集团控股有限公司 User account access control method, device and equipment
CN111327572A (en) * 2018-12-14 2020-06-23 阿里巴巴集团控股有限公司 Account behavior identification method, device and storage medium
CN111815327A (en) * 2019-04-11 2020-10-23 中国移动通信集团福建有限公司 Data true checking method and device and electronic equipment
CN111836070A (en) * 2020-07-28 2020-10-27 中国联合网络通信集团有限公司 User statistical method and system
CN111865885A (en) * 2019-04-30 2020-10-30 中移(苏州)软件技术有限公司 Access control method, device, equipment and storage medium
CN112165379A (en) * 2020-09-28 2021-01-01 武汉虹信技术服务有限责任公司 User secure login method and device and terminal equipment
CN112422570A (en) * 2020-11-19 2021-02-26 上海哔哩哔哩科技有限公司 Game login method and device
CN113556395A (en) * 2021-07-21 2021-10-26 黑龙江祥辉通信工程有限公司 Safe type network information dynamic management platform
CN113570199A (en) * 2021-06-30 2021-10-29 北京达佳互联信息技术有限公司 Information processing method, electronic resource distribution method, device, electronic equipment and storage medium
CN115022014A (en) * 2022-05-30 2022-09-06 平安银行股份有限公司 Login risk identification method, device, equipment and storage medium
CN115296855A (en) * 2022-07-11 2022-11-04 绿盟科技集团股份有限公司 User behavior baseline generation method and related device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103001826A (en) * 2012-11-29 2013-03-27 北京奇虎科技有限公司 Device and method for monitoring user login
CN103338188A (en) * 2013-06-08 2013-10-02 北京大学 Dynamic authentication method of client side suitable for mobile cloud
US20130326607A1 (en) * 2012-06-05 2013-12-05 Alibaba Group Holding Limited Method, Apparatus and System of Controlling Remote Login
CN103532797A (en) * 2013-11-06 2014-01-22 网之易信息技术(北京)有限公司 Abnormity monitoring method and device for user registration
CN104601547A (en) * 2014-12-22 2015-05-06 新浪网技术(中国)有限公司 Illegal operation identification method and device
US20150157943A1 (en) * 2013-05-07 2015-06-11 Tencent Technology (Shenzhen) Company Limited Method, system and computer storage medium for handling of account theft in online games

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130326607A1 (en) * 2012-06-05 2013-12-05 Alibaba Group Holding Limited Method, Apparatus and System of Controlling Remote Login
CN103001826A (en) * 2012-11-29 2013-03-27 北京奇虎科技有限公司 Device and method for monitoring user login
US20150157943A1 (en) * 2013-05-07 2015-06-11 Tencent Technology (Shenzhen) Company Limited Method, system and computer storage medium for handling of account theft in online games
CN103338188A (en) * 2013-06-08 2013-10-02 北京大学 Dynamic authentication method of client side suitable for mobile cloud
CN103532797A (en) * 2013-11-06 2014-01-22 网之易信息技术(北京)有限公司 Abnormity monitoring method and device for user registration
CN104601547A (en) * 2014-12-22 2015-05-06 新浪网技术(中国)有限公司 Illegal operation identification method and device

Cited By (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107395585B (en) * 2017-07-17 2019-12-27 顺丰科技有限公司 Method, system and equipment for acquiring anomaly index based on time node
CN107395585A (en) * 2017-07-17 2017-11-24 顺丰科技有限公司 A kind of acquisition methods, system and the equipment of the abnormal index based on timing node
CN107330126A (en) * 2017-07-20 2017-11-07 北京小度信息科技有限公司 Method and apparatus for output information
CN107330126B (en) * 2017-07-20 2020-07-28 北京星选科技有限公司 Method and apparatus for outputting information
CN107682336A (en) * 2017-09-30 2018-02-09 北京梆梆安全科技有限公司 A kind of auth method and device based on geographical position
CN107682336B (en) * 2017-09-30 2020-12-15 北京梆梆安全科技有限公司 Geographic position-based identity authentication method and device
CN107911395A (en) * 2017-12-30 2018-04-13 世纪龙信息网络有限责任公司 Login validation method and system, computer-readable storage medium and equipment
CN107911395B (en) * 2017-12-30 2020-06-16 世纪龙信息网络有限责任公司 Login verification method and system, computer storage medium and device
CN108282490A (en) * 2018-02-09 2018-07-13 深圳壹账通智能科技有限公司 Processing method, device, computer equipment and the storage medium of abnormal registration user
CN108282490B (en) * 2018-02-09 2021-07-09 深圳壹账通智能科技有限公司 Processing method and device for abnormal registered user, computer equipment and storage medium
CN110322028A (en) * 2018-03-29 2019-10-11 北京红马传媒文化发展有限公司 Method for managing resource, device and electronic equipment
CN110322573A (en) * 2018-03-30 2019-10-11 北京红马传媒文化发展有限公司 User authentication method, user authentication device and electronic equipment
CN108875327A (en) * 2018-05-28 2018-11-23 阿里巴巴集团控股有限公司 One seed nucleus body method and apparatus
TWI703465B (en) * 2018-05-28 2020-09-01 香港商阿里巴巴集團服務有限公司 Core body method and device
US11153311B2 (en) 2018-05-28 2021-10-19 Advanced New Technologies Co., Ltd. Identity verification method and apparatus
US10938812B2 (en) 2018-05-28 2021-03-02 Advanced New Technologies Co., Ltd. Identity verification method and apparatus
CN111149122A (en) * 2018-05-30 2020-05-12 重庆小雨点小额贷款有限公司 Block chain-based security management method, related device and storage medium
WO2019227337A1 (en) * 2018-05-30 2019-12-05 重庆小雨点小额贷款有限公司 Security management method based on block chain, related device, and storage medium
CN111149122B (en) * 2018-05-30 2023-10-10 重庆小雨点小额贷款有限公司 Block chain-based security management method, related device and storage medium
CN108694547A (en) * 2018-06-15 2018-10-23 顺丰科技有限公司 Account abnormality recognition method, device, equipment and storage medium
CN111212019B (en) * 2018-11-22 2022-09-02 阿里巴巴集团控股有限公司 User account access control method, device and equipment
CN111212019A (en) * 2018-11-22 2020-05-29 阿里巴巴集团控股有限公司 User account access control method, device and equipment
CN111327572A (en) * 2018-12-14 2020-06-23 阿里巴巴集团控股有限公司 Account behavior identification method, device and storage medium
CN111327572B (en) * 2018-12-14 2022-08-09 阿里巴巴集团控股有限公司 Account behavior identification method, device and storage medium
CN109741067A (en) * 2018-12-19 2019-05-10 广州羊城通有限公司 A kind of data processing method and device based on IC card unlocking
CN111815327A (en) * 2019-04-11 2020-10-23 中国移动通信集团福建有限公司 Data true checking method and device and electronic equipment
CN111865885A (en) * 2019-04-30 2020-10-30 中移(苏州)软件技术有限公司 Access control method, device, equipment and storage medium
CN111865885B (en) * 2019-04-30 2022-07-01 中移(苏州)软件技术有限公司 Access control method, device, equipment and storage medium
CN110245611B (en) * 2019-06-14 2021-06-15 腾讯科技(深圳)有限公司 Image recognition method and device, computer equipment and storage medium
CN110245611A (en) * 2019-06-14 2019-09-17 腾讯科技(深圳)有限公司 Image-recognizing method, device, computer equipment and storage medium
CN110544132B (en) * 2019-09-06 2023-04-07 上海喜马拉雅科技有限公司 Method, device, equipment and storage medium for determining user frequent activity position
CN110544132A (en) * 2019-09-06 2019-12-06 上海喜马拉雅科技有限公司 Method, device, equipment and storage medium for determining user frequent activity position
CN111836070B (en) * 2020-07-28 2022-04-12 中国联合网络通信集团有限公司 User statistical method and system
CN111836070A (en) * 2020-07-28 2020-10-27 中国联合网络通信集团有限公司 User statistical method and system
CN112165379A (en) * 2020-09-28 2021-01-01 武汉虹信技术服务有限责任公司 User secure login method and device and terminal equipment
CN112165379B (en) * 2020-09-28 2022-08-05 武汉虹信技术服务有限责任公司 User secure login method and device and terminal equipment
CN112422570A (en) * 2020-11-19 2021-02-26 上海哔哩哔哩科技有限公司 Game login method and device
CN113570199A (en) * 2021-06-30 2021-10-29 北京达佳互联信息技术有限公司 Information processing method, electronic resource distribution method, device, electronic equipment and storage medium
CN113556395A (en) * 2021-07-21 2021-10-26 黑龙江祥辉通信工程有限公司 Safe type network information dynamic management platform
CN115022014A (en) * 2022-05-30 2022-09-06 平安银行股份有限公司 Login risk identification method, device, equipment and storage medium
CN115296855A (en) * 2022-07-11 2022-11-04 绿盟科技集团股份有限公司 User behavior baseline generation method and related device
CN115296855B (en) * 2022-07-11 2023-11-07 绿盟科技集团股份有限公司 User behavior baseline generation method and related device

Similar Documents

Publication Publication Date Title
CN106936806A (en) A kind of recognition methods of account abnormal login and device
Resch et al. Combining machine-learning topic models and spatiotemporal analysis of social media data for disaster footprint and damage assessment
CN109816397B (en) Fraud discrimination method, device and storage medium
CN105701123B (en) The recognition methods of man-vehicle interface and device
CN106897334B (en) Question pushing method and equipment
CN107908606A (en) Method and system based on different aforementioned sources automatic report generation
US20180337935A1 (en) Anomalous entity determinations
Wei et al. On the spatial distribution of buildings for map generalization
US20210263979A1 (en) Method, system and device for identifying crawler data
CN111667015B (en) Method and device for detecting state of equipment of Internet of things and detection equipment
KR20170086497A (en) Method and apparatus for identity information verification
CN112861972A (en) Site selection method and device for exhibition area, computer equipment and medium
US20130263257A1 (en) System and method for providing services
WO2021169239A1 (en) Crawler data recognition method, system and device
CN114978877B (en) Abnormality processing method, abnormality processing device, electronic equipment and computer readable medium
Yin et al. A deep learning approach for rooftop geocoding
Murray Evolving location analytics for service coverage modeling
CN106708871A (en) Method and device for identifying social service characteristics user
CN115563477A (en) Harmonic data identification method and device, computer equipment and storage medium
CN111259167A (en) User request risk identification method and device
Cai et al. Tropical cyclone risk assessment for China at the provincial level based on clustering analysis
US20170214715A1 (en) Violation information intelligence analysis system
KR101959213B1 (en) Method for predicting cyber incident and Apparatus thereof
CN111861733B (en) Fraud prevention and control system and method based on address fuzzy matching
CN109583210A (en) A kind of recognition methods, device and its equipment of horizontal permission loophole

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170707

RJ01 Rejection of invention patent application after publication