Embodiment
Below in conjunction with the accompanying drawings, embodiments of the invention are described.
The risk control method and device that the embodiment of the present application is provided are applied to enter the account or network behavior of user
The scene of row risk control, wherein, network behavior can include login behavior, payment behavior and trading activity etc..
Such as, it is adaptable in application scenarios as shown in Figure 1, in Fig. 1, client can both refer to the registration for having logged in user
The terminal device of account or refer to the application program for having logged in the login account of user, the application program is set positioned at terminal
In standby;The event information for the risk case that the user that above-mentioned client can upload client to service end in real time perceives, namely
User in the application refers to can be with the user of Perceived Risk event, and above-mentioned event information can include event title and/thing
Part content etc..
Service end in Fig. 1 can be combined default after the event information of risk case of client upload is received
Historical behavior information, to determine the classification of risk case;And it is determined that the classification of risk case is the situation of risky event
Under, event information is classified, is such as divided into:Personalized event information and general purpose event information;Specifically, if above-mentioned event is believed
Breath belongs to personalized event information, then directly records the event information, and generates personalized secure strategy according to the event information,
So as to service end can according to the personalized secure strategy and default security strategy, user to above-mentioned client and/or
The account or network behavior of similar users carry out risk control, so that closer to the demands of individuals of user, it is above-mentioned default
Security strategy is the historical behavior message composition according to user by developer;If above-mentioned event information belongs to general purpose event letter
Breath, then further determine that the risk class of the risk case, in the case where risk class meets preparatory condition, according to above-mentioned thing
Part information, generates communication security policy;And according to the communication security policy and default security strategy, to above-mentioned client
The account and network behavior of user and other users carry out risk control, thus achieve multiple users to share event informations
Purpose.
It should also be noted that, in the case of event information is effective, service end can be stored to the event information,
So that follow-up service end can combine default historical behavior information and above-mentioned event information, to the account or net of user
Network behavior carries out risk control, so as to preferably ensure the safety of user.
The risk control method flow chart that Fig. 2 provides for a kind of embodiment of the application.The executive agent of methods described can be with
For the equipment with disposal ability:Server or system or device, e.g., the service end in Fig. 1, as shown in Fig. 2 the side
Method can specifically include:
Step 210, the corresponding event information of risk case that client is sent is received.
Client herein can refer to log in the terminal device of the login account of user or referred to have logged in use
The application program of the login account at family, the application program is located in terminal device.In addition, above-mentioned risk case can be included but not
It is limited to following event:Account is stolen event, the event that loses money, the equipment that is of little use log-in events, bill anomalous event, network state not
Good event, login failure event and the event etc. that goes offline.
It should also be noted that, in the application, the user of client has the ability for perceiving above-mentioned risk case.Specifically
Ground, the user of client is when perceiving above-mentioned risk case, and the application interface that can be provided by client fills in risk thing
The event information of part, triggers client and the event information of risk case is uploaded into service end afterwards.Event information herein can
With including event title and/or event content etc., wherein, classification and risk class can be set according to the actual requirements, at one
In example, classification can include:Risky two kinds of event and devoid of risk event, risk class can include:High, medium and low three kinds.
Certainly, the above-mentioned simply exemplary classification and three kinds of risk class for illustrating two kinds of risk cases, is not intended as
Restriction to the application, in actual applications, the classification of risk case can also be expressed as:Occurrence risk event and hidden danger wind
Dangerous event, or other classifications etc. can also be included;In addition, risk class can also be expressed as numerical value, or it can also wrap
Include other risk class etc..
In addition, service end is after the event information of client transmission is received, the event information can also be carried out pre-
Processing, e.g., event information is converted to information for meeting preset format etc., the information of the preset format can be known with being serviced end
Not.
As an example it is assumed that entitled " daoyong " of the wifi network that the terminal device of user is currently connected, and the use
Family has logged in Alipay client using registered Alipay account, and after a period of time, is not carried out in the user any
In the case of delivery operation, the Alipay account of the user occurs in that the situation of monetary losses, so that user has perceived risk
Event, now, user can trigger the event information that Alipay client sends risk case to Alipay service end, it is assumed that should
Event information includes event title and event content, then its event title can be " account is stolen event ", and event content can be with
For " when connection name is the wifi network of " daoyong ", occurring in that the situation of monetary losses ".
Step 220, according to event information and default historical behavior information, the classification of risk case is determined.
Herein, default historical behavior information can be collected in advance from background data base by service end.Specifically, may be used
With according to the default historical behavior information, to analyze event information, to determine the classification of risk case, wherein, root
According to default historical behavior information, the process of data cleansing is also referred to as the process analyzed event information.A kind of real
In existing mode, risk model modeling can be carried out according to the default historical behavior information;Afterwards by risk model come to thing
Part information is analyzed, to determine the classification of risk case, event information is analyzed here by risk model, with true
The classification for determining risk case belongs to conventional art, does not repeat again herein.
The classification of the risk case determined in step 220 can include risk case and devoid of risk event, or also may be used
With including occurrence risk and hidden danger risk etc., in this description, with the classification of risk case include risk case and
Illustrated exemplified by two kinds of devoid of risk event.
Step 230, if the classification of risk case is risky event, according to event information, security strategy is generated.
If service end judges that the classification of risk case, for risky event, illustrates the corresponding event information of the risk case
As effective information or data available, so as to based on the event information, further to generate security strategy, wherein, peace
Full strategy refers to service end when identifying the account of user or risky network behavior, for the account or network behavior
The risk control method or rule taken, it can include two kinds of personalized secure strategy and communication security policy, personalized
Security strategy is used to carry out risk control to the account or network behavior of some user and/or similar users;Universal safety plan
Slightly it is used to carry out risk control to the account or network behavior of all users.
It should be noted that in step 230 according to event information, generation security strategy can further include:
According to event information, the classification of event information is determined;
If the classification of event information belongs to general purpose event information, according to event information, risk of risk case etc. is obtained
Level;
When risk class meets preparatory condition, according to event information, security strategy is generated.
In order to carry out personalized secure protection to user, the application, can be with when it is determined that risk case is risky event
Further event information is classified.In one implementation, the event information can also include classification information, the classification
Information includes:Personalized event information and general purpose event information;Service end is after event information is received, according to event information
In classification information, determine the classification of event information.Specifically, if the classification of event information belongs to personalized event information,
Directly according to event information, personalized secure strategy is generated;If the classification of event information belongs to general purpose event information, according to thing
Part information, obtains the risk class of risk case;In the case where risk class meets preparatory condition, generated according to event information
Communication security policy.
In one implementation, according to event information, before the risk class for obtaining risk case, it can set in advance
Memory cell is put, the memory cell is used for the event information pass corresponding with class information for recording at least one default risk case
System, default risk case herein can be by artificially collecting in advance.
In one example, default memory cell can be as shown in table 1.
Table 1
It should be noted that the content in table 1 is exemplary illustration, in actual applications, it can also be included in table 1
Its risk case, and the event information of risk case can also be not limited to event title, can also include event content and
Event identifier etc., the application is not construed as limiting to this.
After default memory cell, above-mentioned according to event information, obtaining the risk class of risk case can specifically wrap
Include:By event information with memory cell preset risk case event information matched, when with any default risk case
Event information when matching, using the corresponding class information of event information of any default risk case as risk case wind
Dangerous grade.Herein, consistent or Similarity value maximum (or more than predetermined threshold value) etc. can be included by matching.Believed with event
Breath is only included for the entitled example of event, and the event for the risk case that Alipay client is sent is entitled in such as previous example
" account is stolen event ", the event title is consistent with second title in table 1, therefore, the title and second title in table 1
Match, thus obtain the risk case risk class for " in ";And the event name of the risk case when client transmission
Referred to as " account is stolen event " when, second title Similarity value is maximum in the event title and table 1, therefore, the title and table 1
In second title match, therefore obtain the risk case risk class be similarly " in ".
Above-mentioned is to only include event title with event information, and the entitled example of event is only have recorded in memory cell carries out
Explanation, it is to be understood that when event information also includes being also recorded for event content in event content, and memory cell, then
Event title and event content in the event information that client can be sent respectively with the event title in memory cell and
Event content is matched, in the case where event title and event content all match, with thing in acquisition memory cell
Part title and the corresponding class information of event content.
It should also be noted that, client send risk case event information and memory cell in each default risk
When the event information of event is mismatched, then the risk class of the risk case can be artificially distributed, meet pre- in risk class
If during condition, the event information can be added in memory cell with corresponding risk equivalent, so as to supervention after client
The event information sent is matched.
It is determined that after the risk class of risk case, and when risk class meets preparatory condition, it can generate general
Security strategy.
Such as previous example, the risk class of the risk case of acquisition for " in ", and assume that preparatory condition is:" >=in ", then
The risk class of risk case meets preparatory condition.
If it is understood that risk class is unsatisfactory for preparatory condition, abandoning event information.Herein, due to client
User it is possible that perceive mistake situations such as (such as, different-place login event, user may have forgotten it and be set using excessively a certain
It is standby, so as to be by mistake risk case by the event perception for logging in the equipment), now service end is believed in the event for receiving risk case
During breath, the risk class of the risk case of acquisition is than relatively low (being unsatisfactory for preparatory condition), so that will not be by the event information
It is used as the foundation of generation security strategy.
In one implementation, the communication security policy of generation can include:
Reminder message is sent to the client of user;Or,
Prohibit the use of the account or forbid performing the network behavior.
Such as previous example, entitled " account is stolen event " in event, event content is " connection name is " daoyong "
Wifi network when, occur in that the situation of monetary losses " when, Alipay service end generation communication security policy can be:"
When detecting user and performing login, delivery operation by the wifi network of entitled " daoyong ", reminder message is sent " or
" wifi network that no thoroughfare entitled " daoyong " performs login, delivery operation " etc..
Step 240, according to the security strategy of generation and default security strategy, to the account or network behavior of user
Risk control is carried out, wherein, default security strategy is according to historical behavior message composition.
Service end, can be according to the personalized secure strategy and default safety after generation personalized secure strategy
Strategy, the account or network behavior of user and/or similar users to client detect that similar users herein refer to
By service end by analyzing the historical behavior data of active user and other users, there is similar row to active user obtained from
For user;Or generation communication security policy after, can according to the communication security policy and default security strategy,
The account or network behavior of user and/or other users to client are detected.Such as previous example, Alipay service end
Alipay user (user and the user of other clients including the use of active client) is being detected by entitled
When the wifi network of " daoyong " logs in Alipay account or performs delivery operation, reminder message is sent;Or Alipay clothes
Business end once detects Alipay user (user and the user of other clients including the use of active client) by name
When referred to as the wifi network of " daoyong " logs in Alipay account or performs delivery operation, forbid the login behavior or taboo
Only delivery operation etc..
Namely the communication security policy generated by the application, the account or network behavior of all users can be carried out
Risk control, it is achieved thereby that between user data it is shared.
Certainly, above-mentioned steps 210- steps 240 are to judge feelings of the classification of risk case for risky event in service end
Under condition, the operation performed by service end;When service end judges the classification of risk case for devoid of risk event, then client is abandoned
The event information of upload.Herein, above-mentioned risk case is perceived by user, it may appear that error, so that service end is being received
, it is necessary to first be filtered to risk case, to ensure that the risk case is real risk during the event information that client is sent
Event, rather than because user perceives risk case that is wrong and sending by mistake;Wrong risk case is perceived receiving user
Event information when, then not according to the event information generate security strategy.
It is understood that the communication security policy and personalized secure strategy of the application generation are intended only as existing safety
The supplement of strategy, not as the replacement of existing security strategy, namely the communication security policy in generation the application or personalization
After security strategy, existing security strategy can be combined with communication security policy or personalized secure strategy, to user
Account or network behavior carry out risk control, thus, it is possible to improve the validity of risk control.
The risk control method flow chart that Fig. 3 provides for another embodiment of the application.The executive agent of methods described can
Think the equipment with disposal ability:Server or system or device, e.g., the service end in Fig. 1, as shown in figure 3, described
Method can specifically include:
Step 310, the corresponding event information of risk case that client is sent is received.
Step 320, according to event information and default historical behavior information, the classification of risk case is determined.
Step 330, if the classification of risk case is risky event, step 350 is performed, step 340 is otherwise performed;
Step 340, the event information is abandoned.
Step 350, according to event information, the classification of event information is determined.
Step 360, if the classification of event information belongs to personalized event information, step 370 is performed, step is otherwise performed
390。
Step 370, according to event information, personalized secure strategy is generated.
Step 380, according to personalized secure strategy and default security strategy, user to client and/or similar
The account or network behavior of user carries out risk control.
Step 390, according to event information, the risk class of risk case is obtained.
Step 3100, if risk class meets preparatory condition, step 3120 is performed, step 3110 is otherwise performed.
Step 3110, the event information is abandoned.
Step 3120, according to event information, communication security policy is generated.
Step 3130, according to communication security policy and default security strategy, user and/or other use to client
The account or network behavior at family carry out risk control.
Thus, the individual demand of user can be both met, the mesh of shared data between a plurality of users can also be realized
's.
To sum up, the core concept of the application be exactly change it is traditional by developer according to the historical behavior data of user come
Security strategy is write, and according to the security strategy, account or network behavior to user carry out risk control;But allow use
Family is participated in during this, namely applies the subject of participatory perception, so that service end can be with real-time reception client
The event information of the risk case of biography, and security strategy is generated according to the event information, finally with reference to the security strategy of the generation
And default security strategy, to realize that account or network behavior to user carry out risk control, so as to improve wind
The validity of danger control.
With above-mentioned risk control method accordingly, a kind of risk control device that the embodiment of the present application is also provided, such as Fig. 4 institutes
Show, the device includes:
Receiving unit 401, the corresponding event information of risk case for receiving client transmission.
Determining unit 402, for the event information that is received according to receiving unit 401 and default historical behavior information, really
Determine the classification of risk case.
Generation unit 403, for if it is determined that the classification for the risk case that unit 402 is determined is risky event, then basis
Event information, generates security strategy.
Alternatively, generation unit 403 specifically for:
According to event information, the classification of event information is determined;
If the classification of event information belongs to general purpose event information, according to event information, risk of risk case etc. is obtained
Level;
When risk class meets preparatory condition, according to event information, security strategy is generated.
Alternatively, generation unit 403 also particularly useful for:
Event information is matched with presetting the event information of risk case in memory cell, wherein, memory cell is used
In the event information and the corresponding relation of class information that record at least one default risk case;
When the event information with any default risk case matches, by the event information pair of any default risk case
The class information answered as risk case risk class.
Control unit 404, for the security strategy and default security strategy generated according to generation unit 403, to
The account or network behavior at family carry out risk control, wherein, default security strategy is according to historical behavior message composition.
Herein, the communication security policy of generation can include:
Reminder message is sent to the client of user;Or,
Prohibit the use of the account or forbid performing the network behavior.
Alternatively, described device can also include:Discarding unit 405, if the classification for risk case is devoid of risk thing
Part, then abandon event information.
The function of each functional module of the embodiment of the present application device, can be by each step of above method embodiment come real
Existing, therefore, the specific work process for the device that the application is provided is not repeated again herein.
The risk control device that the application is provided, receiving unit 401 receives the corresponding thing of risk case that client is sent
Part information;Determining unit 402 determines the classification of risk case according to event information and default historical behavior information;If risk
The classification of event is risky event, and generation unit 403 generates security strategy according to event information;Control unit 404 is according to life
Into security strategy and default security strategy, account to user or network behavior carry out risk control.Thus, it is possible to
Realize and effective risk control is carried out to the account or network behavior of user.
Those skilled in the art are it will be appreciated that in said one or multiple examples, work(described in the invention
It is able to can be realized with hardware, software, firmware or their any combination.When implemented in software, can be by these functions
It is stored in computer-readable medium or is transmitted as one or more instructions on computer-readable medium or code.
Above-described embodiment, has been carried out further to the purpose of the present invention, technical scheme and beneficial effect
Describe in detail, should be understood that the embodiment that the foregoing is only the present invention, be not intended to limit the present invention
Protection domain, it is all technical scheme basis on, any modifications, equivalent substitutions and improvements done etc. all should
It is included within protection scope of the present invention.