CN115063146A - Risk assessment method, system and device for protecting data privacy - Google Patents
Risk assessment method, system and device for protecting data privacy Download PDFInfo
- Publication number
- CN115063146A CN115063146A CN202210753265.3A CN202210753265A CN115063146A CN 115063146 A CN115063146 A CN 115063146A CN 202210753265 A CN202210753265 A CN 202210753265A CN 115063146 A CN115063146 A CN 115063146A
- Authority
- CN
- China
- Prior art keywords
- wind control
- mirror image
- user
- service
- execution container
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012502 risk assessment Methods 0.000 title claims abstract description 132
- 238000000034 method Methods 0.000 title claims abstract description 86
- 238000011156 evaluation Methods 0.000 claims abstract description 117
- 238000002474 experimental method Methods 0.000 claims description 50
- 238000004088 simulation Methods 0.000 claims description 26
- 238000012545 processing Methods 0.000 claims description 16
- 238000012360 testing method Methods 0.000 claims description 15
- 238000012854 evaluation process Methods 0.000 claims description 6
- 238000003860 storage Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 3
- 238000010276 construction Methods 0.000 claims description 3
- 230000002265 prevention Effects 0.000 description 16
- 230000006399 behavior Effects 0.000 description 13
- 230000000694 effects Effects 0.000 description 10
- 230000008569 process Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 238000005457 optimization Methods 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 5
- 238000011217 control strategy Methods 0.000 description 4
- 238000009826 distribution Methods 0.000 description 4
- 238000004140 cleaning Methods 0.000 description 3
- 230000006835 compression Effects 0.000 description 3
- 238000007906 compression Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000013515 script Methods 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/363—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the specification provides a risk assessment method, a system and a device for protecting data privacy. And the server side constructs an evaluation template for risk evaluation based on the business characteristics of the user side, wherein the evaluation template comprises operation logic for risk evaluation, and the operation logic comprises a characteristic template, a strategy template and the like. Then, the server generates a wind control mirror image based on the evaluation template and provides the wind control mirror image to the user. And the user acquires the wind control mirror image from the server and loads the wind control mirror image in a local wind control execution container. When risk assessment is needed to be carried out on the service, a user does not need to send service data containing privacy data to a server side, and only needs to call a wind control execution container based on local service data and run a wind control mirror image in the local wind control execution container, so that risk assessment is carried out based on the service data, and an assessment result is obtained.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of computer technology, and in particular, to a risk assessment method, system, and apparatus for protecting data privacy.
Background
With the continuous development of services such as electronic payment, the service platform can be connected with electronic purses of multiple countries and global cross-border merchants to form a global payment network. Electronic payment services require risk assessment and risk prevention and control to be performed while a user is operating an electronic wallet, which involves the processing of private data of the user, such as historical transactions, historical behaviors, and the like. The service platform serves as a service provider and is used for providing risk assessment and risk prevention and control services for users of the electronic wallets. However, the service data of the user belongs to the privacy data, and has a high privacy protection requirement when risk assessment is performed, and cannot be sent to the outside.
Accordingly, improved approaches are desired that provide a simple, easy-to-use method for risk assessment while protecting the private data of the user.
Disclosure of Invention
One or more embodiments of the present specification describe a risk assessment method, system, and apparatus to protect data privacy. The specific technical scheme is as follows.
In a first aspect, an embodiment provides a risk assessment method for protecting data privacy, which relates to a service party and a user party, and includes:
the server side constructs an evaluation template for risk evaluation based on the service characteristics of the user side, generates a wind control mirror image based on the evaluation template, and provides the wind control mirror image for the user side; wherein the assessment template contains operational logic for performing a risk assessment;
the user side acquires the wind control mirror image from the server side and loads the wind control mirror image in a local wind control execution container; and when the risk assessment is needed to be carried out on the service, calling the wind control execution container based on the service data so as to run the wind control mirror image in the wind control execution container, thereby carrying out the risk assessment based on the service data.
In one embodiment, the evaluation template comprises: a feature template and a policy template; the feature template includes feature processing logic and the policy template includes policy logic for risk assessment based on the features and conditions.
In one embodiment, the method further comprises:
the server side sends an instruction to the user side after the wind control mirror image is generated, wherein the instruction is used for informing the user side to obtain the wind control mirror image from the server side;
and the user acquires the wind control mirror image from the server after receiving the instruction.
In one embodiment, the step of providing the wind-controlled image to the user comprises:
carrying out simulation test on the wind control mirror image by using the local data of the server;
and when the result of the simulation test meets the preset requirement, providing the wind control mirror image for the user.
In one embodiment, the step of loading the wind control image in the local wind control execution container includes:
and analyzing the wind control mirror image in a local wind control execution container, and loading the file obtained by analysis into a memory of the wind control execution container.
In one embodiment, the wind-controlled image includes execution logic; the step of calling the wind control execution container based on the service data comprises the following steps:
and inputting the business data as an input parameter into the wind control execution container so that an execution engine in the wind control execution container carries out risk assessment on the business data according to the execution logic.
In one embodiment, the step of invoking the wind control execution container based on the service data includes:
and inputting the identification of the service data as an input parameter into the wind control execution container, so that the wind control execution container reads the service data from the local data of the user based on the identification through a customized plug-in.
In one embodiment, the method further comprises:
the server side upgrades the evaluation template, generates an upgrade image based on the upgraded evaluation template, and provides the upgrade image to the user side;
and the user loads the upgrade image in the wind control execution container after acquiring the upgrade image from the service side, and replaces the wind control image with the upgrade image when a preset condition is met.
In one embodiment, the step of replacing the wind control image with the upgrade image when a preset condition is met includes:
the user calls the wind control execution container based on the service data so as to try to run the upgrade mirror image in the wind control execution container;
and the user acquires a trial operation report of the wind control execution container aiming at the upgrade mirror image, and replaces the wind control mirror image with the upgrade mirror image when the trial operation report reaches a preset operation result.
In one embodiment, the method further comprises:
and the user sets an index threshold value used in the wind control execution container for risk assessment, so that the wind control execution container carries out risk assessment based on the index threshold value.
In one embodiment, the method further comprises:
the server side constructs an experiment template for carrying out a risk assessment experiment, generates an experiment mirror image based on the experiment template, and provides the experiment mirror image for the user side;
and the user acquires the experiment mirror image from the server, loads the experiment mirror image in a local wind control execution container, performs simulation evaluation on the experiment mirror image by using local service data, and feeds back an evaluation result to the server.
In one embodiment, the wind control mirror image further comprises a monitoring center, and the monitoring center is used for recording intermediate data and/or evaluation results when a risk evaluation process is performed in the wind control execution container.
In a second aspect, an embodiment provides a risk assessment method for protecting data privacy, which relates to a service party and a user party; the method is performed by the server and comprises the following steps:
constructing an evaluation template for risk evaluation based on the service characteristics of the user;
generating a wind control mirror image based on the evaluation template, providing the wind control mirror image for the user, so that the user loads the wind control mirror image in a local wind control execution container, and calling the wind control execution container based on service data of the user to run the wind control mirror image in the wind control execution container when the risk evaluation of the service is needed, so as to perform the risk evaluation based on the service data; wherein the assessment template contains operational logic for performing a risk assessment.
In a third aspect, an embodiment provides a risk assessment method for protecting data privacy, which relates to a service party and a user party; the method is performed by the user and comprises the following steps:
acquiring the wind control mirror image from the server side, and loading the wind control mirror image in a local wind control execution container; the wind control mirror image is generated by the server based on an evaluation template, the evaluation template is constructed by the server based on the service characteristics of the user, and the evaluation template comprises operation logic for risk evaluation;
and when the risk assessment is needed to be carried out on the service, calling the wind control execution container based on the service data so as to run the wind control mirror image in the wind control execution container, thereby carrying out the risk assessment based on the service data.
In a fourth aspect, an embodiment provides a risk assessment system for protecting data privacy, which relates to a service party and a user party;
the server is used for constructing an evaluation template for risk evaluation based on the service characteristics of the user, generating a wind control mirror image based on the evaluation template, and providing the wind control mirror image for the user; wherein the assessment template contains operational logic for performing a risk assessment;
the user side is used for acquiring the wind control mirror image from the server side and loading the wind control mirror image in a local wind control execution container; and when the risk assessment is required to be carried out on the service, calling the wind control execution container based on the service data so as to operate the wind control mirror image in the wind control execution container, thereby carrying out the risk assessment based on the service data.
In a fifth aspect, an embodiment provides a risk assessment apparatus for protecting data privacy, deployed in a service side, where the service side is configured to provide a service for a user; the device comprises:
the construction module is configured to construct an assessment template for risk assessment based on the service characteristics of the user;
the generating module is configured to generate a wind control mirror image based on the evaluation template, provide the wind control mirror image for the user, enable the user to load the wind control mirror image in a local wind control execution container, and call the wind control execution container based on service data of the user to run the wind control mirror image in the wind control execution container when risk evaluation needs to be performed on a service, so that risk evaluation is performed based on the service data; wherein the assessment template contains operational logic for conducting a risk assessment.
In a sixth aspect, embodiments provide a risk assessment apparatus for protecting data privacy, the apparatus being deployed in a user using a service provided by a service provider; the device comprises:
the acquisition module is configured to acquire the wind control mirror image from the server and load the wind control mirror image in a local wind control execution container; the wind control mirror image is generated by the server based on an evaluation template, the evaluation template is constructed by the server based on the service characteristics of the user, and the evaluation template comprises operation logic for risk evaluation;
and the calling module is configured to call the wind control execution container based on service data when the risk assessment is required to be performed on the service, so as to run the wind control mirror image in the wind control execution container, and perform the risk assessment based on the service data.
In a seventh aspect, embodiments provide a computer-readable storage medium, on which a computer program is stored, which, when executed in a computer, causes the computer to perform the method of any one of the first to third aspects.
In an eighth aspect, an embodiment provides a computing device, including a memory and a processor, where the memory stores executable code, and the processor executes the executable code to implement the method of any one of the first to third aspects.
In the method and the device provided by the embodiment of the specification, the server side constructs the evaluation template and generates the wind control mirror image, and the wind control mirror image is provided for the user side. And the user loads the wind control mirror image in the local wind control execution container and calls the wind control execution container based on the service data of the user, so that the wind control mirror image can be operated in the wind control execution container, and risk assessment is performed in the wind control execution container based on the service data. For a user, the wind control execution container belongs to a black box and can be used after simple processing, and the user does not need to locally deploy a wind control system with high complexity and strong specialization; the user does not need to send the local privacy data out to the service side for risk assessment. Therefore, the risk assessment method provided by the embodiment of the specification is simple and easy to use, and can protect the private data of a user.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly introduced below. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
FIG. 1 is a schematic diagram illustrating an implementation scenario of an embodiment disclosed herein;
fig. 2 is a schematic flowchart of a risk assessment method for protecting data privacy according to an embodiment;
FIG. 3 is a schematic diagram of an architecture of a risk assessment system according to an embodiment;
FIG. 4 is a schematic block diagram of a risk assessment system for protecting data privacy provided by an embodiment;
FIG. 5 is a schematic block diagram of a risk assessment device for protecting data privacy provided by an embodiment;
fig. 6 is another schematic block diagram of a risk assessment apparatus for protecting data privacy according to an embodiment.
Detailed Description
The scheme provided by the specification is described below with reference to the accompanying drawings.
Fig. 1 is a schematic view of an implementation scenario of an embodiment disclosed in this specification. The server, the user 1, the user 2 … …, the user n, and so on. The service side is used as a service provider for risk evaluation and risk prevention and control, and can develop an evaluation template for wind control evaluation based on the service characteristics of the user and by combining the wind control expert experience of the service side to perform deployment, operation and maintenance, policy configuration, policy optimization and the like on the risk prevention and control, pack the evaluation template into a wind control mirror image and provide the wind control mirror image for the user. And after the user acquires the wind control mirror image from the service party, the user operates the wind control mirror image in a local container, and risk assessment is carried out based on the service data containing the privacy data. The container can be regarded as a black box relative to a user, the user does not need to know the operation logic in the container and train a professional to take charge of deployment, operation and maintenance, strategy configuration, strategy optimization and the like of risk prevention and control, only the container is simply used for risk assessment, and meanwhile, private data are not sent outwards.
The operations performed by the server and the user may be understood as being performed by the server device and the user device corresponding thereto, respectively. The server side device and the user side device may be implemented by any means, device, platform, cluster of devices, etc. having computing, processing capabilities. The multiple users mentioned above may be different countries or different organizations in the same country.
When risk assessment is performed, the risk of a user behavior event can be generally assessed based on a preset strategy for risk assessment, and a risk score is obtained. The user behavior event can occur in a service such as an electronic wallet provided by the service party for the user. For example, when a user makes a user behavior event such as payment, login, password modification, transfer, cash withdrawal, etc., a risk assessment for the user behavior event may be triggered. User behavior events may also be referred to as traffic data. In the evaluation, the evaluation may also be performed in conjunction with user characteristics. The user characteristics may include basic characteristics of the user or historical transaction data, historical behavior data, and the like.
A policy may also be referred to as a rule. Any one of the policies may include a determination condition and a determination result, and may be represented as IF < determination condition > THEN < determination result >, where the determination condition includes a feature and a condition, and for example, a policy is: IF < the login address of the user is different from the common login address > and < the login address of the user in the last three months has not changed > THEN < the user increases the login risk value by 20% >.
Professional wind control products are needed for risk assessment of user behavior events on the user side. If the server directly delivers the wind control product to the organization for use, and the user is responsible for installation, deployment, integration, operation and maintenance and strategy optimization of the wind control product, the user needs to have a professional technical team and a wind control strategy team locally, and the user needs to perform characteristic cleaning, deployment of prevention and control strategies and the like according to local service scenes and service data. This is costly and difficult for small and medium sized users.
If the server side deploys the standard wind control cloud service, the small and medium-sized users who enter the network call the unified cloud service of the server side to perform risk assessment according to requirements, and the server side performs wind control deployment, operation and maintenance, policy configuration and policy optimization, so that the cost for the user side is low, and the use is convenient. However, in this scheme, the user needs to send the business data to the wind control cloud service for risk assessment, and the business data of the user is not allowed to be sent to the outside, so that the business data cannot be transmitted to the wind control cloud service for risk prevention and control.
In order to provide a simple and easy-to-use risk assessment method and protect private data of a user from being leaked, the embodiment of the specification provides a risk assessment method for protecting data privacy. The method comprises the following steps: step S210, the server side constructs an assessment template for risk assessment based on the service characteristics of the user side, wherein the assessment template comprises operation logic for risk assessment; step S220, the server generates a wind control mirror image based on the evaluation template and provides the wind control mirror image for the user; step S230, the user side obtains the wind control mirror image from the server side and loads the wind control mirror image in a local wind control execution container; step S240, when the risk assessment needs to be performed on the service, the user calls the wind control execution container based on the service data, so as to run the wind control mirror image in the wind control execution container, thereby performing the risk assessment based on the service data. In this embodiment, the wind control execution container belongs to the black box for the user, and the user can use the wind control execution container by simple processing, without deploying a wind control product locally or sending the private data to the outside.
The present embodiment will be described in detail below with reference to the accompanying drawings.
Fig. 2 is a schematic flowchart of a risk assessment method for protecting data privacy according to an embodiment. The method relates to a server and a user, wherein the server is a provider of risk assessment service and provides service for the user. The user is a user of the risk assessment service and uses the service provided by the service provider. In actual execution, the server and the user perform data processing operations in the following steps by the server apparatus and the user apparatus, respectively. The method specifically comprises the following steps.
In step S210, the service party a constructs an assessment template for risk assessment based on the business characteristics of the user party B. In this embodiment, the user B is any one of a plurality of users. The following describes the implementation of the method using only one user B as an example. For a plurality of users, the server a may construct corresponding evaluation templates one by one for the service features of the user. The same evaluation template may also be used if the traffic characteristics of different users are identical. A service feature is here understood to be a service feature.
Wherein the assessment template contains operational logic for performing a risk assessment. The evaluation template includes a feature template and a policy template. The feature template contains feature processing logic, i.e., the feature template contains run logic that processes the features. The original features are processed based on the feature template, so that the processed features can be obtained and can be used for risk assessment. For example, the original feature includes a city where the user is located, and the processed feature such as the province where the user is located can be obtained after the feature is processed. By processing the original features, the features can be cleaned, so that risk features with different dimensions are cleaned, and the risk features are required for risk assessment.
The policy template contains policy logic for risk assessment based on features and conditions, that is, the policy template contains a policy and corresponding operating logic. The policy is used to perform risk assessment. The features in the policy template may use the processed features described above. In a specific implementation, the policy template may provide the routing capability of the policy tree, and routes to different child nodes according to different services of the user B. That is, different service scenarios may correspond to different policy trees, that is, connection relationships between nodes in the policy trees are different, and policies of the nodes may also be different. After routing to the final child node, the total risk score may be calculated from the nodes traversed by the route.
The evaluation template may also comprise a model template. The model template is used for evaluating risks based on the characteristics to obtain a risk score. The feature here may be a feature processed by a feature template. The risk score obtained from the model template can be used in the routing process of the strategy template, and can also be directly superposed in the total risk score. The model templates may also provide training and optimization capabilities for the model.
The server A can utilize wind control expert experience to construct an evaluation template for risk evaluation based on business characteristics of the user B.
In step S220, the server a generates a wind control image based on the evaluation template and provides the wind control image to the user B.
The server A can assemble the feature template, the strategy template and the model template and package the assembled templates into a standardized wind control mirror image. The server A can also set corresponding mirror version numbers for the wind control mirrors, and each wind control mirror corresponds to a unique mirror version number. The server side can export the wind control mirror image into a file compression package, encrypts the file compression package, and uploads the encrypted file compression package to a mirror image warehouse. The exported compressed package of files may be zip formatted files.
The wind control mirror standardizes the wind control risk analysis process, and describes analysis entry parameters (namely local data standardized by a user), risk characteristics, execution logic of an internal engine, score normalization processing of risk results and the like. The wind control image also comprises an operating system for running execution logic. A wind control image can be considered as an independent unit, and logic in the wind control image can be executed.
Before the packaged wind control mirror image is provided for the user B, the server A can also utilize the local data of the server A to perform simulation test on the wind control mirror image. And when the result of the simulation test meets the preset requirement, providing the wind control mirror image to a user B. If the result of the simulation test does not meet the preset requirement, the execution logic in the wind control mirror image can be adjusted until the result of the simulation test meets the preset requirement.
When the result of the simulation test meets the preset requirement, the server A can send an instruction to the user B, and the instruction is used for informing the user to obtain the wind control mirror image from the server.
In step S230, the user B obtains the wind control image from the server, and loads the wind control image in the local wind control execution container.
And the user B can obtain the wind control mirror image from the server A after receiving the instruction of the server A. The server A can send the download link of the wind control mirror image to the user B, and the user B can directly download the wind control mirror image through the download link.
The user B may install a pneumatic control executive container. The wind control execution container is a resident running program, and the user B can access the wind control execution container through a product page of the wind control execution container. And the wind control execution container is communicated with the service party A through an API (application programming interface). The service party A can send an instruction to the user party B through the API, and the user party B calls the wind control execution container after receiving the instruction, so that the wind control execution container loads the wind control mirror image from the service party A through the API.
When the user B loads the wind control mirror image in the local wind control execution container, the user B may analyze the wind control mirror image in the local wind control execution container, and load the file obtained through analysis into the memory of the wind control execution container. The loading process of the wind control mirror image can further include decryption, health check and other processes after analysis, and then the obtained feature template, strategy template and model template are loaded into the memory, and the arrangement logic in the execution of the wind control is provided.
In step S240, when the risk assessment needs to be performed on the service, the user B calls the wind control execution container based on the service data to run the wind control mirror in the wind control execution container, so as to perform the risk assessment based on the service data.
The wind control mirror image comprises execution logic. And the user B can input the business data as an input parameter into the wind control execution container, so that an execution engine in the wind control execution container carries out risk assessment on the business data according to the execution logic. For example, the execution logic may include logic to: and processing the service data by using the characteristic template to obtain processed characteristics, and determining a risk score corresponding to the service data based on the processed characteristics and the decision template. The enforcement engine may asynchronously record the call policy list, decision path, feature snapshot, risk score, etc. during risk assessment.
The wind control mirror image comprises an evaluation template and all the dependencies required by the operation of the evaluation template, and the wind control execution container does not depend on an external library file any more when operating. Therefore, the container is decoupled from equipment bottom layer facilities and an operating system, and can adapt to computer software and hardware environments of different users.
The user B may trigger a call to the wind control execution container upon the occurrence of a particular user behavior event. For example, when the user performs a user behavior event such as payment, login, password modification, transfer, cash withdrawal, etc., the calling of the wind-control execution container by the user B may be triggered, so that the wind-control execution container performs risk assessment on the user behavior event.
When the wind control execution container is called, the user B can input the service data into the wind control execution container as an input parameter; the identifier of the service data can also be input into the wind control execution container as an entry parameter, so that the wind control execution container reads the service data from the local data of the user B based on the identifier through the customized plug-in. The wind-controlled image may provide the ability to configure customized plug-ins.
The user B can also set an index threshold value used in the wind control execution container for risk assessment, so that the wind control execution container carries out risk assessment based on the index threshold value. The index threshold is a threshold used for controlling the number of risk users in risk assessment, and the index threshold is different, and the corresponding risk prevention and control strategies are different. The user B can select to enhance the effect of risk prevention and control or maintain the effect of current risk prevention and control unchanged by adjusting the index threshold.
The wind control mirror image also comprises a monitoring center, and the monitoring center is used for recording intermediate data and/or an evaluation result when a risk evaluation process is carried out in the wind control execution container. The evaluation result may be the number of risk users or the number of risk behaviors in a period of time, or the score distribution interval of the decision result, the trend of risk change, and the like. The intermediate data can comprise the calling times, calling time and the like of the wind control execution container in different scenes. The monitoring center can also display the data to the user B without configuring the corresponding monitoring by the user B.
After the user B uses the wind control image for a period of time, the server A can also provide the user B with the upgrade service of the wind control image. The service party A can upgrade the evaluation template based on the service characteristics of the user party B, generate an upgrade image based on the upgraded evaluation template, and provide the upgrade image to the user party B.
And the user B loads the upgrade mirror image in the wind control execution container after acquiring the upgrade mirror image from the server A, and replaces the wind control mirror image with the upgrade mirror image when the preset condition is met.
After the upgrade image is loaded in the wind control execution container, the user B may call the wind control execution container based on the service data, so that the original wind control image and the upgrade image are simultaneously run in the wind control execution container. The wind control execution container can control the wind control call flow of the service, and the upgrade mirror image is subjected to trial operation by using part of the service flow.
And the user B acquires a trial operation report of the wind control execution container aiming at the upgrade mirror image, and replaces the wind control mirror image with the upgrade mirror image when the trial operation report reaches a preset operation result. For example, the trial run report may be compared with the original wind control mirror image operation report, and when the trial run report has a better result than the original wind control mirror image operation report, the wind control mirror image may be replaced with the upgraded mirror image. The user B may select to enable the upgrade image in a product page provided by the wind control execution container.
In order to further improve the service quality, the service party a may simulate the wind-controlled mirror image of the experimental version by using the local data of the user B, so that the user B produces an experimental result report through the wind-controlled execution container, and the experimental result report may be displayed to the user B. The user B can return the final report to the server A, and the auxiliary server A further optimizes the wind control mirror image without sending the private data of the user B to the outside.
Specifically, the server A constructs an experiment template for performing a risk assessment experiment, generates an experiment mirror image based on the experiment template, and provides the experiment mirror image to the user B. And the user B acquires the experiment mirror image from the server A, loads the experiment mirror image in a local wind control execution container, performs simulation evaluation on the experiment mirror image by using local service data, and feeds back an evaluation result to the server A. The experiment template is an evaluation template for performing an experiment, and is an evaluation template for informal release. The experimental templates may include feature templates, strategy templates, and model templates. The experimental template contains the operating logic for performing risk assessment.
Fig. 3 is a schematic diagram of a risk assessment system according to an embodiment. The right side is the system architecture of the service side, and the left side is the system architecture of the user side. And the server side builds a wind control mirror image factory and packs the wind control capacity (namely all files required for risk assessment) into a wind control mirror image. The user side has then installed the wind control and has executed the container, and the electronic wallet of user side can call this wind control and execute the container, under the condition that private data can not go out of territory, has realized the high in the clouds of lightweight and has prevented and control in coordination.
And the server packs the wind control capability into a standard wind control mirror image based on the wind control expert experience and in combination with the service characteristics of the user. And the server side uses the internal data to perform simulation test on the wind control mirror image, so that the prevention and control effect is optimized. Therefore, a user can directly use the black-boxed wind control mirror image without understanding a complex wind control expert concept, and the operation cost of the user is reduced.
The server side constructs a characteristic template, a strategy template and a model template. Wherein the feature template provides the capabilities of feature definition, feature cleaning and the like. The policy template provides capabilities such as policy definition and policy routing. The model templates provide model definition and model training capabilities.
And the mirror image packaging center in the server performs operations such as mirror image assembly, mirror image packaging, mirror image encryption, mirror image uploading and the like on the characteristic template, the strategy template and the model template of the bottom layer, and uploads the wind control mirror image to a mirror image warehouse.
For the packaged wind control mirror image, before the wind control mirror image is issued to a user, the service side can use the internal data to perform simulation test on the wind control mirror image in a mirror image simulation laboratory. The mirror image simulation laboratory provides a data cleaning module, a mirror image experiment definition module and a simulation report module.
The wind control evaluation analysis process is carried out in a wind control execution container, and local data used in the process does not need to be shared to a server. The wind control execution container provides a uniform API interface for a user side, so that the use cost of the user side can be reduced. The wind control execution container comprises a wind control mirror image center, an access center, a monitoring center and an optimization center.
The wind control mirror image center provides modules such as a mirror image execution engine, mirror image loading, mirror image commissioning, mirror image publishing, mirror image upgrading and the like. Wherein the mirror execution engine is configured to calculate a risk score.
The access center provides a uniform access API interface, and a user only needs to sense one API interface and provides a set of standard interface access parameters. The user can select a scene supported by the wind control mirror image on an interface of the access center, and a specific access list under the scene is also displayed on the interface. And after the user standardizes the local data, accessing according to the standard API of the access center. The access center also provides configured customized plug-in, feature script and self-service joint debugging modules, and users can compile customized scripts by using the access center to perform special processing on features in local data. At the beginning, the access center can also provide an interface calling tool and automatically check each attribute of the user behavior event according to the check rule of each characteristic.
The monitoring center provides modules for calling magnitude, risk distribution and the like. And the calling magnitude module is used for asynchronously recording and storing a calling strategy list, a decision path, a characteristic snapshot and a risk score in the analysis process. And the risk distribution module is used for displaying the calling times of the sub-scenes, the calling time, the score distribution interval of the decision result and the trend of risk change to the user.
The optimization center provides a threshold value adjusting module, a threshold value recommending module and a simulation experiment module. And according to the trend statistical information of local risk analysis of the user, marking the risk event by the user is combined, and the prevention and control effect is evaluated by using the wind control model contained in the wind control mirror image. The optimization center can open the setting of the index threshold value for identifying the risk prevention and control water level to the user, and the user can adjust the index threshold value and select whether to further enhance the effect of risk prevention and control or maintain the current effect unchanged. Meanwhile, the server can send the experiment mirror image to the wind control execution engine of the user, the experiment mirror image is simulated in a prevention and control effect mode by combining local data of the user, an experiment result report is generated, and the prevention and control effect is displayed to the user. The user can return the final report to the server, and the auxiliary server further optimizes the wind control mirror image.
The above is a description of a method in which the service side and the usage side are made as joint execution subjects. The following describes a method executed by different execution agents, with the service party and the user party as the execution agents.
In an embodiment of the present specification, there is provided a risk assessment method for protecting data privacy, the method being performed by a service provider, and the method specifically includes the following steps:
constructing an evaluation template for risk evaluation based on the service characteristics of a user;
and when the risk assessment needs to be carried out on the service, the wind control execution container is called based on the service data of the user, so that the wind control mirror image is operated in the wind control execution container, and the risk assessment is carried out based on the service data. Wherein the assessment template contains operational logic for performing a risk assessment.
In an embodiment of the present specification, there is provided a risk assessment method for protecting data privacy, the method being performed by a user, the method specifically including the steps of:
and acquiring the wind control mirror image from the server, and loading the wind control mirror image in a local wind control execution container. The wind control mirror image is generated by a server based on an evaluation template, the evaluation template is constructed by the server based on the service characteristics of a user, and the evaluation template comprises operation logic for risk evaluation;
and when the risk assessment is needed to be carried out on the business, calling a wind control execution container based on the business data so as to run a wind control mirror image in the wind control execution container, thereby carrying out the risk assessment based on the business data.
In the above embodiment, the implementation process of the method is described from the perspective of the service party and the user party, and for the specific description of the steps, reference may be made to the embodiment shown in fig. 2, which is not described in detail in this embodiment.
In the embodiment, the templated abstraction and management of the complex capacity of the wind control bottom layer are realized through the standardized wind control mirror image factory of the server side. The complex wind control logic is packaged into a wind control mirror image, so that the wind control mirror image is used as an independent analysis unit of black box, and internal execution logic closed loop is realized. The standardized wind control mirror image deposits years of accumulated expert experience of the wind control of the server, so that the operation cost of the wind control strategy of the user is greatly reduced.
By deploying the light-weight wind control execution container on the user side, the internal logic of the wind control is stripped, the management capability of the application level is only reserved, and the technical deployment cost and the operation and maintenance cost of the user side are reduced. The wind control execution container provides monitoring, analyzing and optimizing capabilities aiming at the wind control mirror image, internal complex logic is shielded, and the operation cost of a client is reduced. Meanwhile, the wind control execution container interacts with the server side, and the server side issues the upgrade mirror image, so that the upgrade cost of the wind control mirror image of the user side is reduced.
By deploying the light-weight wind control execution container on the user side, all the service flow is subjected to wind control analysis locally on the user side, data does not need to be shared to the service side, and the requirement of data privacy compliance is met.
Through the mirror image simulation laboratory of the server, after the wind control mirror image is optimized, the wind control mirror image of the experimental version can be issued to the optimization center of the wind control execution container of the user. And the user combines the historical wind control service data to perform experimental analysis on the wind control mirror image of the experimental version. And under the condition that data is not shared, the wind control mirroring capacity optimization of cloud-end cooperation is realized.
The foregoing describes certain embodiments of the present specification, and other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily have to be in the particular order shown or in sequential order to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Fig. 4 is a schematic block diagram of a risk assessment system for protecting data privacy according to an embodiment. The system involves a server 410 and a consumer 420.
The server 410 is used for constructing an evaluation template for risk evaluation based on the business characteristics of the user 420, generating a wind control mirror image based on the evaluation template, and providing the wind control mirror image to the user 420; wherein the assessment template comprises operational logic for performing a risk assessment;
the user 420 is used for acquiring the wind control mirror image from the server 410 and loading the wind control mirror image in a local wind control execution container; and when the risk assessment is needed to be carried out on the service, calling the wind control execution container based on the service data so as to run the wind control mirror image in the wind control execution container, thereby carrying out the risk assessment based on the service data.
In one embodiment, the evaluation template comprises: a feature template and a policy template; the feature template includes feature processing logic and the policy template includes policy logic for risk assessment based on the features and conditions.
In one embodiment, the server 410 is further configured to send an instruction to the user 420 after generating the wind-controlled image, where the instruction is used to notify the user 420 to obtain the wind-controlled image from the server 410;
the user 420 is specifically configured to obtain the wind-controlled image from the server 410 after receiving the instruction.
In one embodiment, when the server 410 provides the wind-controlled image to the user 420, the method includes:
performing simulation test on the wind control mirror image by using local data of the server 410;
and when the result of the simulation test meets the preset requirement, providing the wind control mirror image to the user 420.
In one embodiment, when the user 420 loads the wind-control image in a local wind-control execution container, the method includes:
and analyzing the wind control mirror image in a local wind control execution container, and loading the file obtained by analysis into a memory of the wind control execution container.
In one embodiment, the wind-controlled image includes execution logic; when the user 420 calls the wind control execution container based on the service data, the method includes:
and inputting the business data as an input parameter into the wind control execution container so that an execution engine in the wind control execution container carries out risk assessment on the business data according to the execution logic.
In one embodiment, when the user 420 calls the container based on the service data, the method includes:
and inputting the identification of the service data as an input parameter into the wind control execution container, so that the wind control execution container reads the service data from the local data of the user 420 based on the identification through a customized plug-in.
In one embodiment, the service party 410 is further configured to upgrade the evaluation template, generate an upgrade image based on the upgraded evaluation template, and provide the upgrade image to the user 420;
the user 420 is further configured to load the upgrade image in the wind control execution container after obtaining the upgrade image from the service provider 410, and replace the wind control image with the upgrade image when a preset condition is met.
In one embodiment, the user 420, when replacing the wind control image with the upgrade image when the preset condition is satisfied, includes:
calling the wind control execution container based on service data to try to run the upgrade mirror image in the wind control execution container;
and acquiring a trial operation report of the wind control execution container aiming at the upgrade mirror image, and replacing the wind control mirror image with the upgrade mirror image when the trial operation report reaches a preset operation result.
In one embodiment, the user 420 is further configured to set an index threshold for risk assessment used in the wind control executive container, so that the wind control executive container performs risk assessment based on the index threshold.
In one embodiment, the server 410 is further configured to construct an experiment template for performing a risk assessment experiment, generate an experiment image based on the experiment template, and provide the experiment image to the user 420;
the user 420 is further configured to obtain the experiment mirror image from the server 410, load the experiment mirror image in a local wind control execution container, perform simulation evaluation on the experiment mirror image by using local business data, and feed back an evaluation result to the server 410.
In one embodiment, the wind control mirror image further comprises a monitoring center, and the monitoring center is used for recording intermediate data and/or evaluation results when a risk evaluation process is performed in the wind control execution container.
The above system embodiments correspond to the method embodiments, and for specific description, reference may be made to the description of the method embodiments, which is not described herein again. The system embodiment is obtained based on the corresponding method embodiment, and has the same technical effect as the corresponding method embodiment, and specific description can be found in the corresponding method embodiment.
Fig. 5 is a schematic block diagram of a risk assessment apparatus for protecting data privacy according to an embodiment. The apparatus 500 is deployed in a server for providing services to a user. The apparatus embodiment corresponds to the method performed by the service side in the embodiment shown in fig. 2. The apparatus 500 comprises:
a construction module 510 configured to construct an assessment template for risk assessment based on the business characteristics of the user;
a generating module 520, configured to generate a wind control mirror image based on the evaluation template, and provide the wind control mirror image to the user, so that the user loads the wind control mirror image in a local wind control execution container, and when a risk evaluation needs to be performed on a service, the wind control execution container is called based on service data of the user, so that the wind control mirror image is run in the wind control execution container, and thus the risk evaluation is performed based on the service data; wherein the assessment template contains operational logic for performing a risk assessment.
In one embodiment, the evaluation template comprises: a feature template and a policy template; the feature template includes feature processing logic and the policy template includes policy logic for risk assessment based on the features and conditions.
In one embodiment, the apparatus 500 further comprises:
a sending module (not shown in the figure) configured to send, to the user, an instruction for notifying the user to acquire the wind control image from the server after the wind control image is generated.
In one embodiment, the generating module, when providing the wind-controlled image to the user, includes:
carrying out simulation test on the wind control mirror image by using the local data of the server;
and when the result of the simulation test meets the preset requirement, providing the wind control mirror image for a user.
In one embodiment, the apparatus 500 further comprises:
and the first upgrading module (not shown in the figure) is configured to upgrade the evaluation template, generate an upgrading mirror image based on the upgraded evaluation template, provide the upgrading mirror image to the user, enable the user to load the upgrading mirror image in the wind control execution container, and replace the wind control mirror image with the upgrading mirror image when a preset condition is met.
In one embodiment, the apparatus 500 further comprises:
the first experiment module (not shown in the figure) is configured to construct an experiment template for performing a risk assessment experiment, generate an experiment mirror image based on the experiment template, and provide the experiment mirror image to the user, so that the user loads the experiment mirror image in a local wind control execution container, performs simulation assessment on the experiment mirror image by using local business data, and feeds an assessment result back to the service side.
In one embodiment, the wind control mirror image further comprises a monitoring center, and the monitoring center is used for recording intermediate data and/or evaluation results when a risk evaluation process is performed in the wind control execution container.
Fig. 6 is another schematic block diagram of a risk assessment device for protecting data privacy according to an embodiment. The apparatus 600 is deployed in a user, and the user uses a service provided by a service provider. This embodiment of the apparatus corresponds in part to the method performed by the user in the embodiment shown in fig. 2. The apparatus 600 comprises:
an obtaining module 610 configured to obtain the wind control mirror image from the server, and load the wind control mirror image in a local wind control execution container; the wind control mirror image is generated by the server based on an evaluation template, the evaluation template is constructed by the server based on the service characteristics of the user, and the evaluation template comprises operation logic for risk evaluation;
the invoking module 620 is configured to invoke the wind control execution container based on the service data when the risk assessment needs to be performed on the service, so as to run the wind control mirror image in the wind control execution container, thereby performing the risk assessment based on the service data.
In one embodiment, the evaluation template comprises: a feature template and a policy template; the feature template includes feature processing logic and the policy template includes policy logic for risk assessment based on the features and conditions.
In one embodiment, the obtaining module 610 is specifically configured to:
after receiving an instruction sent by the server, acquiring the wind control mirror image from the server; the instruction is used for informing the user to acquire the wind control mirror image from the server.
In one embodiment, the obtaining module 610, when loading the wind control image in a local wind control execution container, includes:
and analyzing the wind control mirror image in a local wind control execution container, and loading the file obtained by analysis into a memory of the wind control execution container.
In one embodiment, the wind-controlled image includes execution logic; the invoking module 620 is specifically configured to:
and inputting the business data as an input parameter into the wind control execution container so that an execution engine in the wind control execution container carries out risk assessment on the business data according to the execution logic.
In one embodiment, the calling module 620 is specifically configured to:
and inputting the identification of the service data as an input parameter into the wind control execution container, so that the wind control execution container reads the service data from the local data of the user based on the identification through a customized plug-in.
In one embodiment, the apparatus further comprises:
a second upgrade module (not shown in the figure), configured to obtain an upgrade image from the service provider, load the upgrade image in the wind control execution container, and replace the wind control image with the upgrade image when a preset condition is met; and the upgrade mirror image is generated by the service side based on the upgraded evaluation template.
In one embodiment, when the second upgrade module replaces the wind control image with the upgrade image when a preset condition is met, the method includes:
calling the wind control execution container based on service data to try to run the upgrade mirror image in the wind control execution container;
and acquiring a trial operation report of the wind control execution container aiming at the upgrade mirror image, and replacing the wind control mirror image with the upgrade mirror image when the trial operation report reaches a preset operation result.
In one embodiment, the apparatus 600 further comprises:
a setting module (not shown in the figure) configured to set an index threshold value for risk assessment used in the wind control executive container, so that the wind control executive container performs risk assessment based on the index threshold value.
In one embodiment, the method further comprises:
and a second experiment module (not shown in the figure) configured to obtain the experiment mirror image from the service party, load the experiment mirror image in a local wind control execution container, perform simulation evaluation on the experiment mirror image by using local service data, and feed back an evaluation result to the service party.
In one embodiment, the wind control mirror image further comprises a monitoring center, and the monitoring center is used for recording intermediate data and/or evaluation results when a risk evaluation process is performed in the wind control execution container.
The above device embodiments correspond to the method embodiments, and for specific description, reference may be made to the description of the method embodiments, which is not described herein again. The device embodiment is obtained based on the corresponding method embodiment, has the same technical effect as the corresponding method embodiment, and for the specific description, reference may be made to the corresponding method embodiment.
Embodiments of the present specification also provide a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any one of fig. 1 to 3.
The embodiment of the present specification further provides a computing device, which includes a memory and a processor, where the memory stores executable code, and the processor executes the executable code to implement the method described in any one of fig. 1 to 3.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the storage medium and the computing device embodiments, since they are substantially similar to the method embodiments, they are described relatively simply, and reference may be made to some descriptions of the method embodiments for relevant points.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in connection with the embodiments of the invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments further describe the objects, technical solutions and advantages of the embodiments of the present invention in detail. It should be understood that the above description is only exemplary of the embodiments of the present invention, and is not intended to limit the scope of the present invention, and any modification, equivalent replacement, or improvement made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.
Claims (19)
1. A risk assessment method for protecting data privacy relates to a service party and a user party, and comprises the following steps:
the server side constructs an evaluation template for risk evaluation based on the service characteristics of the user side, generates a wind control mirror image based on the evaluation template, and provides the wind control mirror image for the user side; wherein the assessment template contains operational logic for performing a risk assessment;
the user side acquires the wind control mirror image from the server side and loads the wind control mirror image in a local wind control execution container; and when the risk assessment is needed to be carried out on the service, calling the wind control execution container based on the service data so as to run the wind control mirror image in the wind control execution container, thereby carrying out the risk assessment based on the service data.
2. The method of claim 1, the evaluating a template comprising: a feature template and a policy template; the feature template includes feature processing logic and the policy template includes policy logic for performing risk assessment based on the features and the conditions.
3. The method of claim 1, further comprising:
the server side sends an instruction to the user side after the wind control mirror image is generated, wherein the instruction is used for informing the user side to obtain the wind control mirror image from the server side;
and the user acquires the wind control mirror image from the server after receiving the instruction.
4. The method of claim 1, the step of providing the wind-controlled image to the user comprising:
carrying out simulation test on the wind control mirror image by using the local data of the server;
and when the result of the simulation test meets the preset requirement, providing the wind control mirror image for the user.
5. The method of claim 1, the step of loading the wind-controlled image in a local wind-controlled execution container, comprising:
and analyzing the wind control mirror image in a local wind control execution container, and loading the file obtained by analysis into a memory of the wind control execution container.
6. The method of claim 1, the wind-controlled image comprising execution logic; the step of calling the wind control execution container based on the service data comprises the following steps:
and inputting the business data as an input parameter into the wind control execution container so that an execution engine in the wind control execution container carries out risk assessment on the business data according to the execution logic.
7. The method of claim 1, the step of invoking the wind control execution container based on traffic data, comprising:
and inputting the identification of the service data as an input parameter into the wind control execution container, so that the wind control execution container reads the service data from the local data of the user based on the identification through a customized plug-in.
8. The method of claim 1, further comprising:
the server side upgrades the evaluation template, generates an upgrade image based on the upgraded evaluation template, and provides the upgrade image to the user side;
and the user loads the upgrade image in the wind control execution container after acquiring the upgrade image from the service side, and replaces the wind control image with the upgrade image when a preset condition is met.
9. The method of claim 8, wherein the step of replacing the wind control image with the upgrade image when a preset condition is met comprises:
the user calls the wind control execution container based on the service data so as to try to run the upgrade mirror image in the wind control execution container;
and the user acquires a trial operation report of the wind control execution container aiming at the upgrade mirror image, and replaces the wind control mirror image with the upgrade mirror image when the trial operation report reaches a preset operation result.
10. The method of claim 1, further comprising:
and the user sets an index threshold value used in the wind control execution container for risk assessment, so that the wind control execution container carries out risk assessment based on the index threshold value.
11. The method of claim 1, further comprising:
the server side constructs an experiment template for carrying out a risk assessment experiment, generates an experiment mirror image based on the experiment template, and provides the experiment mirror image for the user side;
and the user acquires the experiment mirror image from the server, loads the experiment mirror image in a local wind control execution container, performs simulation evaluation on the experiment mirror image by using local service data, and feeds back an evaluation result to the server.
12. The method of claim 1, further comprising a monitoring center in the wind control mirror image, wherein the monitoring center is used for recording intermediate data and/or evaluation results when a risk evaluation process is performed in the wind control execution container.
13. A risk assessment method for protecting data privacy relates to a service party and a user party; the method is performed by the server and comprises the following steps:
constructing an evaluation template for risk evaluation based on the service characteristics of the user;
generating a wind control mirror image based on the evaluation template, providing the wind control mirror image for the user, so that the user loads the wind control mirror image in a local wind control execution container, and calling the wind control execution container based on service data of the user to run the wind control mirror image in the wind control execution container when the risk evaluation of the service is needed, so as to perform the risk evaluation based on the service data; wherein the assessment template contains operational logic for performing a risk assessment.
14. A risk assessment method for protecting data privacy relates to a service party and a user party; the method is performed by the user and comprises the following steps:
acquiring the wind control mirror image from the server side, and loading the wind control mirror image in a local wind control execution container; the wind control mirror image is generated by the server based on an evaluation template, the evaluation template is constructed by the server based on the service characteristics of the user, and the evaluation template comprises operation logic for risk evaluation;
and when the risk assessment is needed to be carried out on the service, calling the wind control execution container based on the service data so as to run the wind control mirror image in the wind control execution container, thereby carrying out the risk assessment based on the service data.
15. A risk assessment system for protecting data privacy relates to a service party and a user party;
the server is used for constructing an evaluation template for risk evaluation based on the service characteristics of the user, generating a wind control mirror image based on the evaluation template, and providing the wind control mirror image for the user; wherein the assessment template contains operational logic for performing a risk assessment;
the user side is used for acquiring the wind control mirror image from the server side and loading the wind control mirror image in a local wind control execution container; and when the risk assessment is needed to be carried out on the service, calling the wind control execution container based on the service data so as to run the wind control mirror image in the wind control execution container, thereby carrying out the risk assessment based on the service data.
16. A risk assessment device for protecting data privacy is deployed in a service party, and the service party is used for providing services for a user; the device comprises:
the construction module is configured to construct an assessment template for risk assessment based on the service characteristics of the user;
the generating module is configured to generate a wind control mirror image based on the evaluation template, provide the wind control mirror image for the user, enable the user to load the wind control mirror image in a local wind control execution container, and call the wind control execution container based on service data of the user to run the wind control mirror image in the wind control execution container when risk evaluation needs to be performed on a service, so that risk evaluation is performed based on the service data; wherein the assessment template contains operational logic for performing a risk assessment.
17. A risk assessment apparatus that protects data privacy, the apparatus being deployed in a user who uses a service provided by a service provider; the device comprises:
the acquisition module is configured to acquire the wind control mirror image from the server and load the wind control mirror image in a local wind control execution container; the wind control mirror image is generated by the server based on an evaluation template, the evaluation template is constructed by the server based on the service characteristics of the user, and the evaluation template comprises operation logic for risk evaluation;
and the calling module is configured to call the wind control execution container based on service data when the risk assessment is required to be performed on the service, so as to run the wind control mirror image in the wind control execution container, and perform the risk assessment based on the service data.
18. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-14.
19. A computing device comprising a memory having executable code stored therein and a processor that, when executing the executable code, implements the method of any of claims 1-14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210753265.3A CN115063146A (en) | 2022-06-29 | 2022-06-29 | Risk assessment method, system and device for protecting data privacy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210753265.3A CN115063146A (en) | 2022-06-29 | 2022-06-29 | Risk assessment method, system and device for protecting data privacy |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115063146A true CN115063146A (en) | 2022-09-16 |
Family
ID=83204876
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210753265.3A Pending CN115063146A (en) | 2022-06-29 | 2022-06-29 | Risk assessment method, system and device for protecting data privacy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115063146A (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090182593A1 (en) * | 2008-01-14 | 2009-07-16 | International Business Machines Corporation | Automated risk assessments using a contextual data model that correlates physical and logical assets |
| US20150278515A1 (en) * | 2014-03-27 | 2015-10-01 | International Business Machines Corporation | Monitoring an application in a process virtual machine |
| US20180173866A1 (en) * | 2016-12-15 | 2018-06-21 | David H. Williams | Systems and methods for providing location-based security and/or privacy for restricting user access |
| US20180182009A1 (en) * | 2016-04-01 | 2018-06-28 | OneTrust, LLC | Data processing systems and methods for efficiently assessing the risk of privacy campaigns |
| CN109828824A (en) * | 2018-12-29 | 2019-05-31 | 东软集团股份有限公司 | Safety detecting method, device, storage medium and the electronic equipment of mirror image |
| US20190281074A1 (en) * | 2018-03-06 | 2019-09-12 | Huazhong University Of Science And Technology | Cloud tenant oriented method and system for protecting privacy data |
| CN110659800A (en) * | 2019-08-15 | 2020-01-07 | 平安科技(深圳)有限公司 | Risk monitoring processing method and device, computer equipment and storage medium |
| US10643002B1 (en) * | 2017-09-28 | 2020-05-05 | Amazon Technologies, Inc. | Provision and execution of customized security assessments of resources in a virtual computing environment |
| CN112860282A (en) * | 2021-03-31 | 2021-05-28 | 中国工商银行股份有限公司 | Upgrading method and device of cluster plug-in and server |
| US20210174453A1 (en) * | 2019-12-07 | 2021-06-10 | Cerity Services, Inc. | Managing risk assessment and services through modeling |
| WO2021232845A1 (en) * | 2020-05-22 | 2021-11-25 | 国云科技股份有限公司 | Container-based image updating and distribution method, and apparatus |
| US20220035904A1 (en) * | 2020-07-29 | 2022-02-03 | Red Hat, Inc. | Using a trusted execution environment to enable network booting |
| CN114066584A (en) * | 2021-11-05 | 2022-02-18 | 支付宝(杭州)信息技术有限公司 | Method and device for risk prevention and control of block chain |
-
2022
- 2022-06-29 CN CN202210753265.3A patent/CN115063146A/en active Pending
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090182593A1 (en) * | 2008-01-14 | 2009-07-16 | International Business Machines Corporation | Automated risk assessments using a contextual data model that correlates physical and logical assets |
| US20150278515A1 (en) * | 2014-03-27 | 2015-10-01 | International Business Machines Corporation | Monitoring an application in a process virtual machine |
| US20180182009A1 (en) * | 2016-04-01 | 2018-06-28 | OneTrust, LLC | Data processing systems and methods for efficiently assessing the risk of privacy campaigns |
| US20180173866A1 (en) * | 2016-12-15 | 2018-06-21 | David H. Williams | Systems and methods for providing location-based security and/or privacy for restricting user access |
| US10643002B1 (en) * | 2017-09-28 | 2020-05-05 | Amazon Technologies, Inc. | Provision and execution of customized security assessments of resources in a virtual computing environment |
| US20190281074A1 (en) * | 2018-03-06 | 2019-09-12 | Huazhong University Of Science And Technology | Cloud tenant oriented method and system for protecting privacy data |
| CN109828824A (en) * | 2018-12-29 | 2019-05-31 | 东软集团股份有限公司 | Safety detecting method, device, storage medium and the electronic equipment of mirror image |
| CN110659800A (en) * | 2019-08-15 | 2020-01-07 | 平安科技(深圳)有限公司 | Risk monitoring processing method and device, computer equipment and storage medium |
| US20210174453A1 (en) * | 2019-12-07 | 2021-06-10 | Cerity Services, Inc. | Managing risk assessment and services through modeling |
| WO2021232845A1 (en) * | 2020-05-22 | 2021-11-25 | 国云科技股份有限公司 | Container-based image updating and distribution method, and apparatus |
| US20220035904A1 (en) * | 2020-07-29 | 2022-02-03 | Red Hat, Inc. | Using a trusted execution environment to enable network booting |
| CN112860282A (en) * | 2021-03-31 | 2021-05-28 | 中国工商银行股份有限公司 | Upgrading method and device of cluster plug-in and server |
| CN114066584A (en) * | 2021-11-05 | 2022-02-18 | 支付宝(杭州)信息技术有限公司 | Method and device for risk prevention and control of block chain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| García-Bañuelos et al. | Optimized execution of business processes on blockchain | |
| Lung et al. | An approach to software architecture analysis for evolution and reusability | |
| Galindo et al. | Testing variability-intensive systems using automated analysis: an application to android | |
| CN109636607A (en) | Business data processing method, device and computer equipment based on model deployment | |
| CN110083369A (en) | A kind of continuous integrating and lasting delivery method based on container scheme | |
| JP5280587B2 (en) | Dependability maintenance system, change response cycle execution device, failure response cycle execution device, control method of dependability maintenance system, control program, and computer-readable recording medium recording the same | |
| Rosca et al. | A decision making methodology in support of the business rules lifecycle | |
| Ma et al. | Evaluating service identification with design metrics on business process decomposition | |
| US20060184995A1 (en) | Creating a privacy policy from a process model and verifying the compliance | |
| Duipmans et al. | A transformation-based approach to business process management in the cloud | |
| Sanchez et al. | An approach based on feature models and quality criteria for adapting component-based systems | |
| Braga et al. | Adapting a software product line engineering process for certifying safety critical embedded systems | |
| Hamid et al. | Model-driven engineering for trusted embedded systems based on security and dependability patterns | |
| Ahmadian et al. | Privacy-enhanced system design modeling based on privacy features | |
| Ziadi et al. | Product line derivation with uml | |
| Tawhid et al. | Integrating performance analysis in the model driven development of software product lines | |
| Al-Refai et al. | Model-based regression test selection for validating runtime adaptation of software systems | |
| CN110162310B (en) | Plug-in interface test method and device, computer equipment and storage medium | |
| CN107122307B (en) | Internet of things execution system | |
| CN115063146A (en) | Risk assessment method, system and device for protecting data privacy | |
| D’Ambrogio et al. | A method for the prediction of software reliability | |
| Chondamrongkul et al. | Software architectural migration: an automated planning approach | |
| Calegari et al. | Systematic evaluation of business process management systems: a comprehensive approach | |
| Kotonya et al. | Analysing the impact of change in COTS-based systems | |
| CN112613063B (en) | Data verification system construction method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |