CN102917334B - A kind of violation terminal built-in behavior processing method, apparatus and system - Google Patents

Abstract

The embodiment of the present invention discloses a method, device and system for processing built-in behaviors of illegal terminals. The method includes collecting behavior log data of all users on the service management platform; extracting log data of users' uplink services; The frequency of each uplink of the user terminal number, and judge whether the frequency is within the preset value range, if so, count 1 abnormal frequency; judge whether the frequency abnormal frequency of the user terminal number in a certain period exceeds the set number , if yes, it is judged as an abnormal user; user authentication control is performed on the operation of ordering SP services by the abnormal user. The devices and systems of the present invention are used to implement the method. By adopting the present invention, the built-in behavior of the illegal terminal can be accurately discovered and effectively curbed, thereby reducing the situation of terminal illegal charging and protecting the interests of users from being infringed.

Description

A method, device, and system for processing built-in behavior of illegal terminals

technical field

The present invention relates to the field of communication technology, in particular to a method, device and system for processing built-in behaviors of illegal terminals.

Background technique

With the increasing number of users using counterfeit mobile phones, some service providers, together with solution providers and mobile phone manufacturers, illegally built SP (Service Provider, Service Provider) services in counterfeit mobile phones, triggering Internal illegal built-in SP business deduction, this is the so-called "fake phone trap". The illegal built-in behavior of such terminals (cottage phones) has caused a large number of complaints from users. Some users even asked to turn off the mobile information service switch in order to avoid being charged, which seriously affected the promotion of normal business. At present, there are many illegal built-in behaviors of terminals (counterfeit phones). The common illegal built-in methods include: built-in menu method, when the user clicks on the built-in menu of the copycat phone, it triggers business order or business use; built-in backdoor program method, the backdoor software randomly Or trigger service ordering or service use according to the user's keystrokes; the built-in game software method, when the counterfeit mobile phone user needs to enter the next level during the process of playing the mobile phone's built-in game, press "OK" to trigger service ordering or service use; application software method , In the application software downloaded by the user (such as the theme of the mobile phone), there is a hidden trap of attracting fees, which automatically triggers service subscription or service use.

Regarding the built-in behavior of illegal terminals, the current audit methods mainly include counterfeit phone dial-up testing and user complaint verification. Counterfeit phone dial-up test, active dial-up test for illegal built-in business behaviors in counterfeit phones, and found problems such as simulated user ordering, no tariff reminder, vulgar menu content, deduction of fees without providing business content, etc., thus judging that the terminal suspected of having illegal built-in Behavior of abnormal users and abnormal SP services. Its disadvantages are: the coverage of models is limited, and only some counterfeit machine violations can be found; counterfeit machine manufacturers have implemented selective built-in by batch, so the dial test results are inaccurate. The verification of user complaints is to manually extract user service log data for analysis based on user complaints, to determine the authenticity of the complaint content and determine whether the complained business violates regulations. Its disadvantages are: it is a passive process, which cannot effectively reduce the user complaint rate; at the same time, there is insufficient evidence as a business violation, and it is difficult to obtain evidence.

Contents of the invention

The technical problem solved by the embodiments of the present invention is to provide a method, device, and system for processing illegal terminal built-in behaviors, which can actively and effectively discover and process illegal terminal built-in behaviors, reduce the situation of terminal illegal fees, and reduce users’ concerns about The complaint rate of the built-in behavior of the illegal terminal to protect the interests of users from infringement.

In order to achieve the above purpose, an embodiment of the present invention provides a method for processing built-in behaviors of illegal terminals, including:

Collect behavior log data of all users of the business management platform;

Extracting the log data of the user's uplink service;

Calculate the daily uplink frequency of the user terminal number according to the user terminal number, and judge whether the frequency is within the preset value range, and if so, count 1 frequency abnormality;

Judging whether the abnormal frequency of the user terminal number in a certain period exceeds the set number, if so, it is judged as an abnormal user;

User authentication control is performed on the abnormal user's operation of ordering SP services.

Further, the step of performing user authentication control on the operation of the abnormal user ordering SP service includes:

Performing user group authentication on the abnormal user, and determining the user group to which it belongs;

The user group secondary confirmation policy corresponding to the determined user group is used to perform authentication control on the SP service ordered by the abnormal user.

Further, the step of performing user group authentication on the abnormal user and determining the user group it belongs to specifically includes:

The user group to which the abnormal user belongs is determined according to the amount or frequency of complaints of the abnormal user about the illegal charges.

Further, the user group includes a high-sensitivity user group and a low-sensitivity user group, wherein users whose complaint volume or frequency of complaints about illegal charges reaches a first set number belong to the high-sensitivity user group , users whose complaint volume or frequency of complaints about illegal charges reaches a second set number condition belong to the low-sensitivity user group.

Further, the corresponding user group secondary confirmation strategy set by the high-sensitivity user group is: secondary confirmation of random code or secondary confirmation of complex questions;

The corresponding user group secondary confirmation policy set by the low-sensitivity user group is: simple question secondary confirmation.

Correspondingly, the embodiment of the present invention also provides another method for processing built-in behaviors of violating terminals, including:

Collect behavior log data of all users of the business management platform;

Extracting the log data of the user's uplink service;

Calculate the daily uplink frequency of the user terminal number according to the user terminal number, and judge whether the frequency is within the preset value range, and if so, count 1 frequency abnormality;

Judging whether the abnormal frequency of the user terminal number in a certain period exceeds the set number, if so, it is judged as an abnormal user;

Extracting the SP service list of the abnormal user's successful uplink access within a certain period;

According to the business statistics in the business list, the corresponding successful uplink indicators are counted;

Judging whether the successful uplink index exceeds the set number, if so, then judging that the service is an abnormal SP service;

Perform service authentication control on the user's ordering operation of the abnormal SP service.

Further, the successful uplink indicator includes any one or more of the number of abnormal users, the number of successful uplinks by abnormal users, and the proportion of successful uplinks by abnormal users.

Further, the step of performing service authentication control on the operation of the user ordering the abnormal SP service includes:

Perform service group authentication on the abnormal SP service, and determine the service group to which it belongs;

The authentication control of the SP service is performed by using the service group secondary confirmation policy corresponding to the determined service group.

Further, if it is an abnormal SP business, the step of performing business group authentication on the SP business to determine the business group it belongs to specifically includes:

Determine the service group to which the SP abnormal service belongs according to the severity of violations of the abnormal SP service.

Further, the business group includes a high-violation business group, a medium-violation business group, and a low-violation business group, wherein, the SP business whose occurrence frequency abnormality reaches the third set number condition belongs to the high-violation degree For the business group, the SP business whose occurrence frequency of abnormal frequency reaches the fourth set number condition belongs to the medium violation degree business group, and the SP business whose occurrence frequency abnormality frequency reaches the fifth set number condition belongs to the low violation degree business group.

Further, the secondary confirmation policy of the corresponding business group set by the high-violation business group is: the secondary confirmation rule is a secondary confirmation for each order, and the secondary confirmation mode is a secondary confirmation of complex issues or a random code Second confirmation;

The secondary confirmation strategy of the corresponding business group set by the business group with a medium degree of violation is: the secondary confirmation rule is the secondary confirmation of the first on-demand broadcast, and the secondary confirmation mode is the secondary confirmation of complex issues or the secondary confirmation of random codes;

The corresponding business group secondary confirmation strategy set by the low-violation business group is: the secondary confirmation rule is the secondary confirmation of the first on-demand broadcast, and the secondary confirmation mode is the secondary confirmation of simple questions.

Correspondingly, the present invention also provides a built-in behavior processing device for illegal terminals, including:

The collection unit is used to collect behavior log data of all users of the business management platform;

The first extraction unit is used to extract the log data of the user's uplink service;

The first statistical unit is used to calculate the daily uplink frequency of the user terminal number according to the user terminal number, and judge whether the frequency is within a preset numerical range, and if so, count 1 frequency abnormality;

The first judging unit is used to judge whether the abnormal frequency of the user terminal number in a certain period exceeds the set number, and if so, it is judged as an abnormal user;

A user authentication control unit, configured to perform user authentication control on the abnormal user's operation of ordering SP services.

Further, the user authentication control unit further includes:

The first determining unit is configured to perform user group authentication on the user, and determine the user group to which the user belongs;

The first control unit is configured to use the user group secondary confirmation policy corresponding to the determined user group to perform authentication control on the SP service ordered by the user.

Further, the device also includes:

The second extraction unit is used to extract the SP service list of the abnormal user's successful uplink access within a certain period;

The second statistical unit is used to count the corresponding successful uplink indicators according to the services in the service list;

The second judging unit is used to judge whether the successful uplink index exceeds the set number, and if so, it is judged as an abnormal SP service;

A service authentication control unit, configured to perform service authentication control on the user's ordering operation of the abnormal SP service.

Further, the service authentication control unit further includes:

The second determining unit is configured to perform service group authentication on the abnormal SP service, and determine the service group to which it belongs;

The second control unit is configured to perform authentication control on the SP service ordered by the user by adopting the service group secondary confirmation policy corresponding to the determined service group.

Correspondingly, the present invention also provides a built-in behavior processing system for illegal terminals, the system includes an audit system and a business management platform;

The audit system is used to audit abnormal users and abnormal SP services suspected of having illegal built-in behaviors on the business management platform, and divide the abnormal users and abnormal SP services into different user groups and business groups according to preset conditions Group, and set different user group secondary confirmation policies and business group secondary confirmation policies for different user groups and business groups;

The service management platform is used to perform user group authentication when judging that the user is an abnormal user after receiving the SP service request requested by the user, and then adopts the corresponding user group secondary confirmation strategy to check the SP service request requested by the user. After receiving the SP service request ordered by the user, it is judged that the user is not an abnormal user, and then when it is judged that the SP service requested by the user is an abnormal SP service, the service group authentication is performed, and then the corresponding The secondary confirmation policy of the service group performs authentication control on the SP service requested by the user.

Further, the audit system includes:

The collection unit is used to collect behavior log data of users of the business management platform;

The extraction unit is used to extract the log data of the user's uplink service;

The statistical analysis unit is used to count the number of abnormal daily frequencies according to the user terminal numbers, determine the abnormal users, and list them into different user groups according to preset conditions; According to the log data of the SP business, the successful uplink indicators are counted respectively, the abnormal SP business is determined, and the abnormal SP business is listed in different business groups according to the preset conditions;

The configuration unit is used for setting different user group secondary confirmation policies and service group secondary confirmation policies for different user groups and service groups.

Further, the business management platform includes:

The user authentication module is used to judge whether the user of the on-demand SP service is an abnormal user, and if it is an abnormal user, then judge the user group it belongs to, and adopt the user group secondary confirmation strategy corresponding to the determined user group to verify all user groups. authenticate the SP service requested by the user;

The service authentication module is used to judge whether the SP service ordered by the user is an abnormal SP service, and if it is an abnormal SP service, further judge the service group it belongs to, and use the service group corresponding to the determined service group for secondary confirmation The policy authenticates the SP service ordered by the user.

Further, the user authentication module includes:

Judging unit, for judging whether the user of the SP service on demand is an abnormal user;

a search unit, configured to search for the user group to which the abnormal user determined by the determination unit belongs;

The authentication unit is configured to use the user group secondary confirmation policy corresponding to the user group found by the search unit to authenticate the SP service ordered by the user.

Further, the service authentication module includes:

Judging unit, for judging whether the SP service requested by the user is an abnormal SP service;

a search unit, configured to search for the service group to which the abnormal service determined by the determination unit belongs;

The authentication unit is configured to use the service group secondary confirmation policy corresponding to the service group found by the search unit to authenticate the SP service ordered by the user.

Further, the business management platform has different question banks for different user group secondary confirmation strategies and business group secondary confirmation strategies, including random code question banks, complex question question banks and simple question question banks. It can be provided to the business management platform by the audit system.

Implementing the embodiment of the present invention has the following beneficial effects:

1. Through audit and judgment, statistical analysis of log data of users' uplink services can more accurately discover abnormal users and abnormal SP services suspected of having illegal built-in behaviors in the terminal, and then group them, and set different control strategies for different groups. Realize refined management.

2. For different user groups and business groups, different secondary confirmation control strategies can be used to achieve targeted management operations, so that the built-in terminal violations cannot easily complete the secondary confirmation for users, and more effectively reduce the number of terminals In the case of illegal fees, reduce the number of complaints from users about illegal fees, and protect the interests of users from infringement.

Description of drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those skilled in the art, other drawings can also be obtained according to these drawings without any creative effort.

FIG. 1 is a flow chart of the first embodiment of the method for processing built-in behaviors of illegal terminals according to the present invention;

FIG. 2 is a configuration diagram of a user group secondary confirmation strategy of the present invention;

FIG. 3 is a flow chart of the second embodiment of the method for processing built-in behaviors of illegal terminals according to the present invention;

FIG. 4 is a configuration diagram of a business group secondary confirmation strategy of the present invention;

Fig. 5 is the flowchart that the user adopts the method for ordering SP business of the present invention;

FIG. 6 is a schematic structural diagram of the first embodiment of the device for processing violations of the built-in behavior of the terminal according to the present invention;

7 is a schematic structural diagram of the user authentication control unit of the built-in behavior processing device for violating terminals according to the present invention;

FIG. 8 is a schematic structural diagram of a second embodiment of the device for processing violations built into terminals of the present invention;

FIG. 9 is a schematic structural diagram of the service authentication control unit of the built-in behavior processing device for illegal terminals according to the present invention;

FIG. 10 is a schematic structural diagram of an embodiment of a built-in behavior processing system of a violation terminal according to the present invention;

Fig. 11 is a structural schematic diagram of the audit system of the present invention;

Fig. 12 is a schematic structural diagram of the business management platform of the present invention;

Fig. 13 is a schematic structural diagram of the user authentication module of the present invention.

detailed description

The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

Please refer to FIG. 1, which is a flow chart of the first embodiment of the method for processing the built-in behavior of the illegal terminal according to the present invention; the method includes:

Step S101, collecting behavior log data of all users of the service management platform.

In a specific implementation, collecting the behavior log data of all users of the service management platform is an existing technology, and will not be repeated here.

Step S102, extracting the log data of the user's uplink service.

In a specific implementation, extracting the log data of the user's uplink service is a prior art, and will not be repeated here.

Step S103, calculating the daily uplink frequency of the user terminal number according to the user terminal number, and judging whether the frequency is within a preset value range, and if so, counting 1 frequency abnormality.

Specifically, the frequency refers to the time interval for the user to use the SP service uplink through the short message channel. If the frequency is within the pre-set abnormal frequency range (such as 0≦frequency≦10, can be configured), then count as 1 frequency abnormality, and count the daily frequency abnormalities of the user number according to this rule.

The judging principle is as follows: for terminals (cottage phones) with built-in SP services in violation of regulations, usually when the user clicks on the menu to trigger or the backdoor program captures the user's key press, it will automatically trigger the uplink request to use the service, that is, the request is automatically initiated on behalf of the user. If it is short, the user's uplink frequency will be very short, usually only a few seconds, and some even have multiple uplinks in the same second. When a normal user initiates a request, he needs to enter an instruction message, then send it, and then check the downlink result, and then rewrite the on-demand instruction to send the message. The uplink frequency is generally not less than 10 seconds. Therefore, the uplink video-on-demand with a frequency less than 10 seconds can be regarded as abnormal.

Step S104, judging whether the number of abnormal frequencies of the user terminal number within a certain period exceeds a set number, and if so, judging as an abnormal user.

Specifically, if the user terminal number is used for uplink services, there are abnormal uplink frequencies on multiple days in a week (for example, more than 3 days, it can be configured), or there are multiple times in a week (for example, more than 7 times, it can be configured) the abnormal uplink frequency can be determined. This user terminal number is an abnormal user.

Step S105, performing user authentication control on the abnormal user's operation of ordering SP services.

In the specific implementation, the steps of performing user authentication control on the operation of the SP service requested by the abnormal user include:

(1) Perform user group authentication on the abnormal user, and determine the user group to which he belongs;

(2) Using the user group secondary confirmation policy corresponding to the determined user group to perform authentication control on the SP service requested by the abnormal user.

Wherein, step (1) performs user group authentication on the abnormal user and determines the user group to which it belongs, specifically including:

The user group to which the abnormal user belongs is determined according to the amount or frequency of complaints of the abnormal user about the illegal charges.

The user groups include a high-sensitivity user group and a low-sensitivity user group, wherein users whose complaint volume or frequency of complaints about illegal charges reaches a first set number belong to the high-sensitivity user group, and those who violate the regulations Users whose charged complaint volume or complaint frequency reaches the second set number condition belong to the low-sensitivity user group. The user group to which the abnormal user belongs is determined according to the amount or frequency of complaints of the abnormal user about the illegal charges.

Step (2) Using the user group secondary confirmation policy corresponding to the determined user group to perform authentication control on the SP service ordered by the user.

In specific implementation, please refer to FIG. 2 for the corresponding user group secondary confirmation policy.

The corresponding user group secondary confirmation strategy set by the high-sensitivity user group is: secondary confirmation of random codes or secondary confirmation of complex questions, wherein both random codes and complex questions are provided by corresponding question banks. The random code is generally a string, and its confirmation method can be, for example: "Please enter the string 'ahgt21' to confirm the on-demand", the user can only input "ahgt21" to confirm the on-demand; complex questions refer to questions that have only one answer, such as : "What is 2 plus 3?" The answer is "5", and the user can confirm on-demand only by inputting the correct answer.

The corresponding user group secondary confirmation strategy set by the low-sensitivity user group is: simple question secondary confirmation, wherein the simple question is provided by the corresponding question bank, and the simple question refers to a question with many answers, such as: "Please enter any number between 10 and 20", the user can enter any one of "11, 12, ..., 19" to confirm the on-demand.

It should be noted that the secondary confirmation policy of the user group corresponding to the high-sensitivity user group shown in the figure is the secondary confirmation of random code or the secondary confirmation of complex questions; the secondary confirmation of the user group corresponding to the low-sensitivity user group The confirmation strategy is that the mode of secondary confirmation for simple questions is not unique, and there may be other corresponding modes, as long as a user group corresponds to a secondary confirmation mode.

Embodiments of the present invention have the following technical effects:

1. Through audit and judgment, statistical analysis of log data of users' uplink services can more accurately discover abnormal users and abnormal SP services suspected of having illegal built-in behaviors in the terminal, and then group them, and set different control strategies for different groups. Realize refined management.

2. For different user groups, adopt different user group secondary confirmation control strategies, which can achieve targeted management operations, so that the built-in terminal violations cannot easily complete the secondary confirmation for users, and more effectively reduce terminal violations The situation of charging fees can reduce the number of complaints from users about illegal charging fees, and at the same time, it can also improve the perception of normal users in using services.

Please refer to FIG. 3, which is a flow chart of the second embodiment of the method for processing the built-in behavior of the illegal terminal according to the present invention; the method includes:

Step S301, collect behavior log data of all users of the service management platform.

In specific implementation, it is the same as step S101 in the embodiment shown in FIG. 1 , and details are not repeated here.

Step S302, extracting the log data of the user's uplink service.

In specific implementation, it is the same as step S102 in the embodiment shown in FIG. 1 , and details are not repeated here.

Step S303, calculating the daily uplink frequency of the user terminal number according to the user terminal number, and judging whether the frequency is within a preset value range, and if so, counting 1 frequency abnormality.

In specific implementation, it is the same as step S103 in the embodiment shown in FIG. 1 , and details are not repeated here.

Step S304, judging whether the number of abnormal frequencies of the user terminal number within a certain period exceeds a set number, and if so, judging as an abnormal user.

In specific implementation, it is the same as step S104 in the embodiment shown in FIG. 1 , and details are not repeated here.

Step S305, extracting a list of SP services accessed by the abnormal user successfully uplinked within a certain period.

In a specific implementation, for example, a list of services that the abnormal user has successfully uplinked to access the SP within a week is extracted.

Step S306, counting the corresponding successful uplink indicators according to the services in the service list.

In a specific implementation, the successful uplink indicator includes any one or more of the number of abnormal users, the number of successful uplinks by abnormal users, and the proportion of successful uplinks by abnormal users.

The number of abnormal users: refers to the "number of abnormal user terminal numbers" that access the service within a period;

The number of successful uplinks of abnormal users: refers to the "number of successful uplinks of abnormal users" who access the service within a period;

The proportion of successful uploads of abnormal users: refers to the ratio of the number of successful uploads of abnormal users accessing the service within the period to the total number of successful uploads of the service within the period, which can be divided by the number of successful uploads of abnormal users divided by the number of successful uploads, and then multiplied by Get it at 100%.

Step S307, judging whether the successful uplink index exceeds the set number, if so, judging that the service is an abnormal SP service.

In the specific implementation, if the number of abnormal users exceeds the set value (such as 1000, configurable) or the "abnormal user successful upstream number" exceeds the set value (such as 5000, configurable) within a period (such as a week), and the abnormal successful upstream accounts for If the ratio exceeds the set value (such as 10%, configurable), it is determined that the service is an abnormal SP service.

Step S308, performing service authentication control on the user's ordering operation of the abnormal SP service.

In the specific implementation, the steps of performing service authentication control on the operation of the user ordering the abnormal SP service include:

(1) Perform business group authentication on the abnormal SP business, and determine the business group to which it belongs;

(2) Perform authentication control on the SP service by adopting the service group secondary confirmation strategy corresponding to the determined service group.

Wherein, step (1) performs service group authentication on the SP service, and the step of determining the service group to which it belongs further includes:

Determine the service group to which the SP abnormal service belongs according to the severity of violations of the abnormal SP service.

In the specific implementation, the business group includes a high-violation business group, a medium-violation business group, and a low-violation business group, wherein, the SP business whose occurrence frequency abnormality reaches the third set number condition belongs to the high violation The SP business whose occurrence frequency of abnormal frequency reaches the fourth set number condition belongs to the medium violation degree business group, and the SP business whose frequency abnormality frequency reaches the fifth set number condition belongs to the low violation degree business group. Determine the service group to which the SP abnormal service belongs according to the severity of violations of the abnormal SP service.

Step (2) performing authentication control on the SP service by adopting the service group secondary confirmation policy corresponding to the determined service group.

In specific implementation, please refer to Figure 4 for the corresponding business group secondary confirmation policy.

The business group secondary confirmation strategy corresponding to the high-violation service group: the secondary confirmation rule is a secondary confirmation for each order, and the secondary confirmation mode is a complex question secondary confirmation or a random code secondary confirmation. Among them, the complex question is provided by the corresponding question bank, and the complex question refers to the question whose answer is unique, for example: "What is 2 plus 3?" The random code is provided by the corresponding question bank. The random code is generally a character string, and its confirmation method can be, for example: "Please enter the character string 'ahgt21' to confirm the order", and the user can input "ahgt21" to confirm the order.

The business group secondary confirmation strategy corresponding to the business group with a medium degree of violation: the secondary confirmation rule is the secondary confirmation of the first on-demand broadcast, and the secondary confirmation mode is the secondary confirmation of complex questions or the secondary confirmation of random codes. Among them, the complex question is provided by the corresponding question bank, and the complex question refers to the question whose answer is unique, for example: "What is 2 plus 3?" The random code is provided by the corresponding question bank. The random code is generally a character string, and its confirmation method can be, for example: "Please enter the character string 'ahgt21' to confirm the order", and the user can input "ahgt21" to confirm the order.

The business group secondary confirmation strategy corresponding to the low-violation business group: the secondary confirmation rule is the secondary confirmation of the first on-demand program, and the secondary confirmation mode is the secondary confirmation of simple questions. Among them, simple questions are provided by the corresponding question bank. Simple questions refer to questions with many answers, for example: "Please enter any number between 10 and 20", the user can enter "11,12,...,19" Any one of the , you can confirm on-demand.

It should be noted that the secondary confirmation rule corresponding to the high-violation business group shown in the figure is secondary confirmation for each order, and the corresponding secondary confirmation mode is complex question or random code secondary confirmation, medium violation The second confirmation rule corresponding to the high-degree business group is the first on-demand second confirmation, the corresponding second confirmation mode is the second confirmation of complex questions or random codes, and the second confirmation rule corresponding to the low-violation business group is the first on-demand second Confirmation, the corresponding secondary confirmation mode is a simple question. The secondary confirmation mode is not unique, and there are other corresponding modes, as long as a business group corresponds to a secondary confirmation rule and a secondary confirmation mode.

Please refer to FIG. 5 , which is a flowchart of ordering SP services by users using the method of the present invention.

1) The user initiates an uplink command-on-demand service to the SMS gateway;

2) The SMS gateway sends the on-demand request to the business management platform;

3) The business management platform performs authentication operations such as user authentication and business authentication;

4) The business management platform performs user group authentication to determine which group the user belongs to;

5) User group secondary confirmation strategy authentication, to determine the secondary confirmation strategy corresponding to the user group to which they belong;

6) The business management platform conducts business group authentication to determine which group the business belongs to;

7) Business group secondary confirmation strategy authentication, to determine the secondary confirmation strategy corresponding to the business group to which it belongs;

8) The service management platform returns the SMS gateway request response, and the identification requires the user to confirm twice;

9) The business management platform forwards the second confirmation request to the SMS center, carrying the second confirmation strategy;

10) The SMS center combines the corresponding secondary confirmation SMS according to the secondary confirmation strategy;

11) The SMS center sends a second confirmation SMS to the user;

12) The user replies to the second confirmation message;

13) The SMS center initiates an on-demand confirmation request to the business management platform;

14) The business management platform generates a temporary order relationship;

15) The business management platform sends an on-demand confirmation response to the SMS gateway;

16) The SMS gateway sends an on-demand confirmation response to the user.

Embodiments of the present invention have the following technical effects:

1. Through audit and judgment, statistical analysis of log data of users' uplink services can more accurately discover abnormal users and abnormal SP services suspected of having illegal built-in behaviors in the terminal, and then group them, and set different control strategies for different groups. Realize refined management.

2. Different secondary confirmation strategies are adopted for business groups with different degrees of violations, which can effectively control the illegal business use of counterfeit machines, so that the built-in terminal violations cannot easily complete the secondary confirmation for users, and more effectively reduce the risk of terminal violations. In order to reduce the number of complaints from users about illegal fees, and protect the interests of users from infringement.

Correspondingly, the present invention also discloses a built-in behavior processing device for illegal terminals. FIG. 6 is a schematic structural diagram of the first embodiment of the built-in behavior processing device for illegal terminals of the present invention. As shown in FIG. 6 , the device 1 includes: A collection unit 11 , a first extraction unit 12 , a first statistics unit 13 , a first judgment unit 14 and a user authentication control unit 15 .

The collection unit 11 is configured to collect behavior log data of all users of the service management platform.

Specifically, the acquisition unit 11 is an existing technology, and will not be repeated here.

The first extracting unit 12 is configured to extract the log data of the user's uplink service.

Specifically, the first extracting unit 12 is an existing technology, which will not be repeated here.

The first statistical unit 13 is used to calculate the daily uplink frequency of the user terminal number according to the user terminal number, and judge whether the frequency is within a preset value range, and if so, count 1 frequency abnormality .

Specifically, the frequency refers to the time interval for the user to use the SP service uplink through the short message channel. If the frequency is within the preset abnormal frequency range (such as 0≦frequency≦10, which can be configured), then one frequency abnormality will be counted, and the first statistical unit will count the daily frequency abnormalities of the user number according to this rule.

The judging principle is as follows: for terminals (cottage phones) with built-in SP services in violation of regulations, usually when the user clicks on the menu to trigger or the backdoor program captures the user's key press, it will automatically trigger the uplink request to use the service, that is, the request is automatically initiated on behalf of the user. If it is short, the user's uplink frequency will be very short, usually only a few seconds, and some even have multiple uplinks in the same second. When a normal user initiates a request, he needs to enter an instruction message, then send it, and then check the downlink result, and then rewrite the on-demand instruction to send the message. The uplink frequency is generally not less than 10 seconds. Therefore, an uplink video-on-demand with a frequency of less than 10 seconds can be regarded as an abnormal frequency.

The first judging unit 14 is used to judge whether the number of abnormal frequencies of the user terminal number within a certain period exceeds a set number, and if so, it is judged as an abnormal user.

Specifically, if the user terminal number is used for uplink services, there are abnormal uplink frequencies on multiple days in a week (for example, more than 3 days, it can be configured), or there are multiple times in a week (for example, more than 7 times, it can be configured) the abnormal uplink frequency can be determined. This user terminal number is an abnormal user.

The user authentication control unit 15 is configured to perform user authentication control on the abnormal user's operation of ordering SP services.

Specifically, the user authentication control unit 15 further includes: a first determination unit 151 and a first control unit 152, please refer to FIG. 7 for details.

The first determining unit 151 is configured to perform user group authentication on the user, and determine the user group to which the user belongs.

In a specific implementation, the user group includes a high-sensitivity user group and a low-sensitivity user group, wherein users whose complaint volume or frequency of complaints about illegal charges reaches a first set number condition belong to the high-sensitivity user group Group, the users whose complaint volume or frequency of complaints about illegal charges reaches the second set number condition belong to the low-sensitivity user group. The user group to which the abnormal user belongs is determined according to the amount or frequency of complaints of the abnormal user about the illegal charges.

The first control unit 152 is configured to use the user group secondary confirmation policy corresponding to the determined user group to perform authentication control on the SP service ordered by the user.

In specific implementation, please refer to FIG. 2 for the corresponding user group secondary confirmation policy.

The corresponding user group secondary confirmation strategy set by the high-sensitivity user group is: secondary confirmation of random codes or secondary confirmation of complex questions, wherein both random codes and complex questions are provided by corresponding question banks. The random code is generally a string, and its confirmation method can be, for example: "Please enter the string 'ahgt21' to confirm the on-demand", the user can only input "ahgt21" to confirm the on-demand; complex questions refer to questions that have only one answer, such as : "What is 2 plus 3?" The answer is "5", and the user can confirm on-demand only after inputting the correct answer.

The corresponding user group secondary confirmation strategy set by the low-sensitivity user group is: simple question secondary confirmation, wherein the simple question is provided by the corresponding question bank, and the simple question refers to a question with many answers, such as: "Please enter any number between 10 and 20", the user can enter any one of "11, 12, ..., 19" to confirm the on-demand.

It should be noted that the secondary confirmation policy of the user group corresponding to the high-sensitivity user group shown in the figure is the secondary confirmation of random code or the secondary confirmation of complex questions; the secondary confirmation of the user group corresponding to the low-sensitivity user group The confirmation strategy is that the mode of secondary confirmation for simple questions is not unique, and there may be other corresponding modes, as long as a user group corresponds to a secondary confirmation mode.

Embodiments of the present invention have the following technical effects:

1. Through audit and judgment, statistical analysis of log data of users' uplink services can more accurately find abnormal users suspected of having illegal built-in behaviors in the terminal, and then group them, and set different control strategies for different groups to achieve refined management .

2. For different user groups, adopt different user group secondary confirmation control strategies, which can achieve targeted management operations, so that the built-in terminal violations cannot easily complete the secondary confirmation for users, and more effectively reduce terminal violations The situation of charging fees can reduce the number of complaints from users about illegal charging fees, and at the same time, it can also improve the perception of normal users in using services.

FIG. 8 is a schematic structural diagram of a second embodiment of a device for processing violations built into a terminal of the present invention. As shown in FIG. A judgment unit 24 , a user authentication control unit 25 , a second extraction unit 26 , a second statistics unit 27 , a second judgment unit 28 , and a service authentication control unit 29 .

The collection unit 21 is configured to collect behavior log data of all users of the service management platform.

Specifically, it is the same as the collection unit 11 in the embodiment shown in FIG. 6 , and will not be repeated here.

The first extracting unit 22 is configured to extract the log data of the user's uplink usage service.

Specifically, it is the same as the first extracting unit 12 in the embodiment shown in FIG. 6 , and details are not repeated here.

The first statistical unit 23 is used to calculate the daily uplink frequency of the user terminal number according to the user terminal number, and judge whether the frequency is within a preset value range, and if so, count 1 frequency abnormality .

Specifically, it is the same as the first statistics unit 13 in the embodiment shown in FIG. 6 , and details are not repeated here.

The first judging unit 24 is used for judging whether the number of abnormal frequencies of the user terminal number within a certain period exceeds a set number, and if so, it is judged as an abnormal user.

Specifically, it is the same as the first judging unit 14 in the embodiment shown in FIG. 6 , and details are not repeated here.

The user authentication control unit 25 is configured to perform user authentication control on the abnormal user's operation of ordering SP services.

Specifically, it is the same as the user authentication control unit 15 in the embodiment shown in FIG. 6 , and will not be repeated here.

The second extracting unit 26 is configured to extract a list of SP services accessed successfully by the abnormal user within a certain period.

Specifically, for example, extract the list of SP services that the abnormal user has successfully uplinked within a week.

The second statistical unit 27 is configured to count the corresponding successful uplink indicators according to the services in the service list.

Specifically, the successful uplink indicator includes any one or more of the number of abnormal users, the number of successful uplinks by abnormal users, and the proportion of successful uplinks by abnormal users.

The number of abnormal users: refers to the "number of abnormal user terminal numbers" that access the service within a period;

The number of successful uplinks of abnormal users: refers to the "number of successful uplinks of abnormal users" who access the service within a period;

The proportion of successful uploads of abnormal users: refers to the ratio of the number of successful uploads of abnormal users accessing the service within the period to the total number of successful uploads of the service within the period, which can be divided by the number of successful uploads of abnormal users divided by the number of successful uploads, and then multiplied by Get it at 100%.

The second judging unit 28 is used for judging whether the successful uplink index exceeds the set number, and if so, it is judged as an abnormal SP service.

In the specific implementation, if the number of abnormal users exceeds the set value (such as 1000, configurable) or the "abnormal user successful upstream number" exceeds the set value (such as 5000, configurable) within a period (such as a week), and the abnormal successful upstream accounts for If the ratio exceeds the set value (such as 10%, configurable), it is determined that the service is an abnormal SP service.

The service authentication control unit 29 is configured to perform service authentication control on the user's ordering operation of the abnormal SP service.

Specifically, the service authentication control unit 29 further includes: a second determining unit 291 and a second

For the control unit 292, please refer to FIG. 9 for details.

The second determining unit 291 is configured to perform service group authentication on the abnormal SP service, and determine the service group to which it belongs.

In the specific implementation, the business group includes a high-violation business group, a medium-violation business group, and a low-violation business group, wherein, the SP business whose occurrence frequency abnormality reaches the third set number condition belongs to the high violation The SP business whose occurrence frequency of abnormal frequency reaches the fourth set number condition belongs to the medium violation degree business group, and the SP business whose frequency abnormality frequency reaches the fifth set number condition belongs to the low violation degree business group. Determine the service group to which the SP abnormal service belongs according to the severity of violations of the abnormal SP service.

The second control unit 292 is configured to perform authentication control on the SP service ordered by the user by adopting the service group secondary confirmation policy corresponding to the determined service group.

In specific implementation, please refer to Figure 4 for the corresponding business group secondary confirmation policy.

The business group secondary confirmation strategy corresponding to the high-violation service group: the secondary confirmation rule is a secondary confirmation for each order, and the secondary confirmation mode is a complex question secondary confirmation or a random code secondary confirmation. Among them, the complex question is provided by the corresponding question bank, and the complex question refers to the question whose answer is unique, for example: "What is 2 plus 3?" The random code is provided by the corresponding question bank. The random code is generally a character string, and its confirmation method can be, for example: "Please enter the character string 'ahgt21' to confirm the order", and the user can input "ahgt21" to confirm the order.

The business group secondary confirmation strategy corresponding to the business group with a medium degree of violation: the secondary confirmation rule is the secondary confirmation of the first on-demand broadcast, and the secondary confirmation mode is the secondary confirmation of complex questions or the secondary confirmation of random codes. Among them, the complex question is provided by the corresponding question bank, and the complex question refers to the question whose answer is unique, for example: "What is 2 plus 3?" The random code is provided by the corresponding question bank. The random code is generally a character string, and its confirmation method can be, for example: "Please enter the character string 'ahgt21' to confirm the order", and the user can input "ahgt21" to confirm the order.

The business group secondary confirmation strategy corresponding to the low-violation business group: the secondary confirmation rule is the secondary confirmation of the first on-demand program, and the secondary confirmation mode is the secondary confirmation of simple questions. Among them, simple questions are provided by the corresponding question bank. Simple questions refer to questions with many answers, for example: "Please enter any number between 10 and 20", the user can enter "11,12,...,19" Any one of the , you can confirm on-demand.

Embodiments of the present invention have the following technical effects:

1. Through audit and judgment, statistical analysis of log data of users' uplink services can more accurately discover abnormal users and abnormal SP services suspected of having illegal built-in behaviors in the terminal, and then group them, and set different control strategies for different groups. Realize refined management.

2. For different user groups and business groups, different user group secondary confirmation control strategies and business group secondary confirmation strategies can be used to achieve targeted management operations, so that the built-in terminal violations cannot be easily replaced. The user completes the second confirmation, which can more effectively reduce the situation of terminal illegal fee collection, reduce the number of user complaints about illegal fee collection, and protect the interests of users from infringement.

Correspondingly, the present invention also provides a built-in behavior processing system for illegal terminals. FIG. 10 is a schematic structural diagram of an embodiment of a built-in behavior processing system for illegal terminals according to the present invention. As shown in FIG. 10 , the system 1 includes an audit system 11 and a business management platform 12 .

The audit system 11, the audit system is used to audit abnormal users and abnormal SP services that are suspected of having illegal built-in behaviors on the business management platform, and divide the abnormal users and abnormal SP services into different categories according to preset conditions. User groups and business groups, and set different user group secondary confirmation policies and business group secondary confirmation policies for different user groups and business groups.

Specifically, please refer to FIG. 11 , the audit system 11 includes: a collection unit 111 , an extraction unit 112 , a statistical analysis unit 113 and a configuration unit 114 .

The collection unit 111 is configured to collect behavior log data of service management platform users.

The extracting unit 112 is configured to extract log data of user uplink services.

The statistical analysis unit 113 is used to count the number of abnormal daily frequency according to the user terminal number, determine abnormal users, and list them into different user groups according to preset conditions; According to the log data of the uplink service, the successful uplink indicators are counted according to the SP service, and the abnormal SP service is determined, and the abnormal SP service is included in different service groups according to the preset conditions.

The configuration unit 114 is configured to set different user group secondary confirmation policies and service group secondary confirmation policies for different user groups and service groups.

The service management platform 12 is used to perform user group authentication when judging that the user is an abnormal user after receiving the SP service request requested by the user, and then adopts the corresponding user group secondary confirmation strategy to order the user or after receiving the SP service request ordered by the user, it is judged that the user is not an abnormal user, and then when it is judged that the SP service requested by the user is an abnormal SP service, the service group authentication is performed, and then the The corresponding service group secondary confirmation policy performs authentication control on the SP service requested by the user.

Wherein, the business management platform is provided with different question banks for different user group secondary confirmation strategies and business group secondary confirmation strategies, including random code question banks, complex question question banks and simple question question banks, and the question bank can also be Provided to the business management platform by the audit system.

Specifically, referring to FIG. 12 , the service management platform 12 includes: a user authentication module 121 and a service authentication module 122 .

User authentication module 121 is used to judge whether the user of SP service on demand is an abnormal user, and if it is an abnormal user, then judge the user group it belongs to, and adopt the user group secondary confirmation strategy corresponding to the user group determined to The SP service ordered by the user is authenticated.

Service authentication module 122, is used for judging whether the SP service of user order is abnormal SP service, if it is abnormal SP service, then further judge the service group to which it belongs, and adopt the service group corresponding to the service group determined for the second time The confirmation policy authenticates the SP service ordered by the user.

Further, please refer to FIG. 13 , which is a schematic structural diagram of the user authentication module 121 . The user authentication module 121 includes: a judgment unit 1211 , a search unit 1212 and an authentication unit 1213 .

The judging unit 1211 is configured to judge whether the user of the on-demand SP service is an abnormal user.

The searching unit 1212 is configured to search for the user group to which the abnormal user determined by the judging unit belongs.

The authentication unit 1213 is configured to use the user group secondary confirmation policy corresponding to the user group found by the search unit to authenticate the SP service ordered by the user.

Likewise, the service authentication module 122 includes: a judging unit, a searching unit and an authenticating unit.

The judging unit is used to judge whether the SP service ordered by the user is an abnormal SP service.

The searching unit is configured to search for the business group to which the abnormal business determined by the judging unit belongs.

The authentication unit is configured to authenticate the SP service ordered by the user by using the service group secondary confirmation policy corresponding to the service group found by the search unit.

Implementing the embodiment of the present invention has the following beneficial effects:

1. Through audit and judgment, statistical analysis of log data of users' uplink services can more accurately discover abnormal users and abnormal SP services suspected of having illegal built-in behaviors in the terminal, and then group them, and set different control strategies for different groups. Realize refined management.

2. For different user groups and business groups, different secondary confirmation control strategies can be used to achieve targeted management operations, so that the built-in terminal violations cannot easily complete the secondary confirmation for users, and more effectively reduce the number of terminals In the case of illegal fees, reduce the number of complaints from users about illegal fees, and protect the interests of users from infringement.

Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented through computer programs to instruct related hardware, and the programs can be stored in a computer-readable storage medium. During execution, it may include the processes of the embodiments of the above-mentioned methods. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM) or a random access memory (Random Access Memory, RAM), and the like.

What is disclosed above is only a preferred embodiment of the present invention, and certainly cannot limit the scope of rights of the present invention with this. Those of ordinary skill in the art can understand the whole or part of the process of realizing the above-mentioned embodiment, and make according to the claims of the present invention The equivalent changes still belong to the scope covered by the invention.

Claims (18)

1. A method for processing built-in behaviors of illegal terminals, characterized in that it comprises: Collect behavior log data of all users of the business management platform; Extracting the log data of the user's uplink service; Calculate the daily uplink frequency of the user terminal number according to the user terminal number, and judge whether the frequency is within the preset value range. The time interval for uplink using SP services; Judging whether the abnormal frequency of the user terminal number in a certain period exceeds the set number, if so, it is judged as an abnormal user; Perform user authentication control on the operation of ordering SP services by the abnormal user; The step of carrying out user authentication control on the operation of the SP service requested by the abnormal user includes: performing user group authentication on the abnormal user, and determining the user group to which it belongs; The user group secondary confirmation policy corresponding to the determined user group is used to perform authentication control on the SP service ordered by the abnormal user. 2. The method according to claim 1, wherein the step of performing user group authentication on the abnormal user, and determining the user group to which it belongs, specifically includes: The user group to which the abnormal user belongs is determined according to the amount or frequency of complaints of the abnormal user about the illegal charges. 3. The method according to claim 2, wherein the user group includes a high-sensitivity user group and a low-sensitivity user group, wherein the amount of complaints or the frequency of complaints to illegal charges reaches a first setting A certain number of users belongs to the high-sensitivity user group, and users whose complaint volume or frequency of complaints about illegal charges reach the second set number belong to the low-sensitivity user group. 4. The method according to claim 3, wherein the secondary confirmation strategy for the corresponding user group set by the high-sensitivity user group is: secondary confirmation of random code or secondary confirmation of complicated questions; The corresponding user group secondary confirmation policy set by the low-sensitivity user group is: simple question secondary confirmation. 5. A method for processing built-in behaviors of illegal terminals, comprising: Collect behavior log data of all users of the business management platform; Extracting the log data of the user's uplink service; Calculate the daily uplink frequency of the user terminal number according to the user terminal number, and judge whether the frequency is within the preset value range. The time interval for uplink using SP services; Judging whether the abnormal frequency of the user terminal number in a certain period exceeds the set number, if so, it is judged as an abnormal user; Extracting the SP service list of the abnormal user's successful uplink access within a certain period; According to the business statistics in the business list, the corresponding successful uplink indicators are counted; Judging whether the successful uplink index exceeds the set number, if so, then judging that the service is an abnormal SP service; Perform service authentication control on the user's ordering operation of the abnormal SP service; The successful uplink indicator includes any one or more of the number of abnormal users, the number of successful uplinks by abnormal users, and the proportion of successful uplinks by abnormal users. 6. The method according to claim 5, characterized in that, the step of performing service authentication control on the operation of user ordering the abnormal SP service comprises: Perform service group authentication on the abnormal SP service, and determine the service group to which it belongs; The authentication control of the SP service is performed by using the service group secondary confirmation policy corresponding to the determined service group. 7. The method according to claim 6, wherein, if it is an abnormal SP service, the step of performing service group authentication on the SP service, and determining the service group to which it belongs, specifically includes: Determine the service group to which the SP abnormal service belongs according to the severity of violations of the abnormal SP service. 8. The method according to claim 7, wherein the business groups include a high violation degree business group, a medium violation degree business group, and a low violation degree business group, wherein the frequency of abnormal occurrences reaches the second 3. The SP business with the set number of conditions belongs to the business group with a high degree of violation, and the SP business with the frequency of abnormal occurrences reaching the fourth set number of conditions belongs to the business group with a medium degree of violation, and the frequency of abnormalities with the number of occurrences reaches the fifth set number of conditions. The SP service belongs to the low-violation service group, and the frequency refers to the time interval for users to use the SP service uplink through the SMS channel. 9. The method of claim 8, wherein: The secondary confirmation policy of the corresponding business group set by the high-violation business group is: the secondary confirmation rule is a secondary confirmation for each order, and the secondary confirmation mode is a secondary confirmation of complex issues or a secondary confirmation of random codes ; The secondary confirmation strategy of the corresponding business group set by the business group with a medium degree of violation is: the secondary confirmation rule is the secondary confirmation of the first on-demand broadcast, and the secondary confirmation mode is the secondary confirmation of complex issues or the secondary confirmation of random codes; The corresponding business group secondary confirmation strategy set by the low-violation business group is: the secondary confirmation rule is the secondary confirmation of the first on-demand broadcast, and the secondary confirmation mode is the secondary confirmation of simple questions. 10. A built-in behavior processing device for illegal terminals, characterized in that it includes: The collection unit is used to collect behavior log data of all users of the business management platform; The first extraction unit is used to extract the log data of the user's uplink service; The first statistical unit is used to calculate the frequency of each uplink of the user terminal number every day according to the user terminal number, and judge whether the frequency is within a preset value range, and if so, count 1 frequency abnormality, said Frequency refers to the time interval for users to use SP services uplink through the SMS channel; The first judging unit is used to judge whether the abnormal frequency of the user terminal number in a certain period exceeds the set number, and if so, it is judged as an abnormal user; A user authentication control unit, configured to perform user authentication control on the operation of ordering SP services by the abnormal user; The user authentication control unit further includes: The first determining unit is configured to perform user group authentication on the user, and determine the user group to which the user belongs; The first control unit is configured to use the user group secondary confirmation policy corresponding to the determined user group to perform authentication control on the SP service ordered by the user. 11. The device of claim 10, further comprising: The second extraction unit is used to extract the SP service list of the abnormal user's successful uplink access within a certain period; The second statistical unit is used to count the corresponding successful uplink indicators according to the services in the service list; The second judging unit is used to judge whether the successful uplink index exceeds the set number, and if so, it is judged as an abnormal SP service; A service authentication control unit, configured to perform service authentication control on the user's ordering operation of the abnormal SP service. 12. The device according to claim 11, wherein the service authentication control unit further comprises: The second determining unit is configured to perform service group authentication on the abnormal SP service, and determine the service group to which it belongs; The second control unit is configured to perform authentication control on the SP service ordered by the user by adopting the service group secondary confirmation policy corresponding to the determined service group. 13. A built-in behavior processing system for illegal terminals, characterized in that the system includes an audit system and a business management platform; The audit system is used to audit abnormal users and abnormal SP services suspected of having illegal built-in behaviors on the business management platform, and divide the abnormal users and abnormal SP services into different user groups and business groups according to preset conditions Group, and set different user group secondary confirmation policies and business group secondary confirmation policies for different user groups and business groups; The service management platform is used to perform user group authentication when judging that the user is an abnormal user after receiving the SP service request requested by the user, and then adopts the corresponding user group secondary confirmation strategy to check the SP service request requested by the user. After receiving the SP service request ordered by the user, it is judged that the user is not an abnormal user, and then when it is judged that the SP service requested by the user is an abnormal SP service, the service group authentication is performed, and then the corresponding The secondary confirmation policy of the service group performs authentication control on the SP service requested by the user. 14. The system according to claim 13, wherein the audit system comprises: The collection unit is used to collect behavior log data of users of the business management platform; The extraction unit is used to extract the log data of the user's uplink service; The statistical analysis unit is used to count the number of abnormal daily frequency according to the user terminal number, determine the abnormal user, and put them into different user groups according to the preset conditions. The time interval for using the SP service; and counting the log data of the uplink service of the abnormal user according to the successful uplink index of the SP service, determining the abnormal SP service, and listing the abnormal SP service according to the preset conditions different business groups; The configuration unit is used for setting different user group secondary confirmation policies and service group secondary confirmation policies for different user groups and service groups. 15. The system according to claim 13, wherein the service management platform comprises: The user authentication module is used to judge whether the user of the on-demand SP service is an abnormal user, and if it is an abnormal user, then judge the user group it belongs to, and adopt the user group secondary confirmation strategy corresponding to the determined user group to verify all user groups. authenticate the SP service requested by the user; The service authentication module is used to judge whether the SP service ordered by the user is an abnormal SP service, and if it is an abnormal SP service, further judge the service group it belongs to, and use the service group corresponding to the determined service group for secondary confirmation The policy authenticates the SP service ordered by the user. 16. The system according to claim 15, wherein the user authentication module comprises: Judging unit, for judging whether the user of the SP service on demand is an abnormal user; a search unit, configured to search for the user group to which the abnormal user determined by the determination unit belongs; The authentication unit is configured to use the user group secondary confirmation policy corresponding to the user group found by the search unit to authenticate the SP service ordered by the user. 17. The system according to claim 15, wherein the service authentication module comprises: Judging unit, for judging whether the SP service requested by the user is an abnormal SP service; a search unit, configured to search for the service group to which the abnormal service determined by the determination unit belongs; The authentication unit is configured to use the service group secondary confirmation policy corresponding to the service group found by the search unit to authenticate the SP service ordered by the user. 18. The system according to claim 15, wherein the business management platform is provided with different question banks for different user group secondary confirmation strategies and business group secondary confirmation strategies, including random code question banks, A question bank for complex questions and a question bank for simple questions, the question bank is provided to the business management platform by the audit system.