CN111708995A - Service processing method, device and equipment - Google Patents

Service processing method, device and equipment Download PDF

Info

Publication number
CN111708995A
CN111708995A CN202010533985.XA CN202010533985A CN111708995A CN 111708995 A CN111708995 A CN 111708995A CN 202010533985 A CN202010533985 A CN 202010533985A CN 111708995 A CN111708995 A CN 111708995A
Authority
CN
China
Prior art keywords
account
data
service
login
detection result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010533985.XA
Other languages
Chinese (zh)
Inventor
王守源
马磊
庄育涵
张磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp, CCB Finetech Co Ltd filed Critical China Construction Bank Corp
Priority to CN202010533985.XA priority Critical patent/CN111708995A/en
Publication of CN111708995A publication Critical patent/CN111708995A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/407Cancellation of a transaction

Abstract

The embodiment of the specification provides a service processing method, a service processing device and service processing equipment. The method comprises the following steps: after the login information of a target account is detected, account state data of the target account is collected; the account state data comprises account login data and user operation data; after receiving the service to be processed submitted by the target account, detecting the account state data by using at least one preset detection model to obtain an account detection result; and processing the service to be processed based on the account detection result. According to the method, before the service of the user is processed, the account detection result is obtained according to the acquired account state data, so that the service to be processed can be processed based on the account detection result, and the safety of service processing is ensured.

Description

Service processing method, device and equipment
Technical Field
The embodiment of the specification relates to the technical field of computers, in particular to a service processing method, a service processing device and service processing equipment.
Background
With the development of internet technology, the handling of related services by using a network has become a normal state in daily life of people, for example, a user can directly use a corresponding client to realize services such as user information modification, account inquiry and the like, so that the convenience of processing services by the user is improved.
Compared with the actual service, the network service has the characteristics of high user opacity degree, convenience in information forgery and the like, the safety of the service needs to be verified when the service is handled, specifically, a judgment rule can be set in advance for an abnormal service, and the service data submitted by the user is detected by utilizing the judgment rule to determine whether the service is the abnormal service submitted by a lawbreaker. However, the current verification method only detects the correctness of the business operation itself, i.e. the business data submitted by the user. If the lawbreaker successfully forges the data, the lawbreaker can directly pass the security verification, thereby causing the consequences of data leakage, account amount stealing and the like. Therefore, a method for ensuring the security of the processed service is needed.
Disclosure of Invention
An object of the embodiments of the present specification is to provide a method, an apparatus, and a device for processing a service, so as to solve a problem of how to ensure security of the processed service.
In order to solve the foregoing technical problem, an embodiment of the present specification provides a service processing method, including:
after the login information of a target account is detected, account state data of the target account is collected; the account state data comprises account login data and user operation data;
after receiving the service to be processed submitted by the target account, detecting the account state data by using at least one preset detection model to obtain an account detection result;
and processing the service to be processed based on the account detection result.
An embodiment of this specification further provides a service processing apparatus, including:
the data collection module is used for collecting account state data of a target account after the login information of the target account is detected; the account state data comprises account login data and user operation data;
the data monitoring module is used for detecting the account state data by utilizing at least one preset detection model to obtain an account detection result after receiving the to-be-processed service submitted by the target account;
and the service processing module is used for processing the service to be processed based on the account detection result.
The embodiment of the present specification further provides a service processing device, where the service processing device includes a memory and a processor; the memory to store computer program instructions; the processor to execute the computer program instructions to implement the steps of: after the login information of a target account is detected, account state data of the target account is collected; the account state data comprises account login data and user operation data; after receiving the service to be processed submitted by the target account, detecting the account state data by using at least one preset detection model to obtain an account detection result; and processing the service to be processed based on the account detection result.
As can be seen from the technical solutions provided by the embodiments of the present specification, for a target account, after a user logs in, the embodiments of the present specification collect account status data of the target account, including account login data and user operation data, and after receiving a service to be processed, detect the collected account status data to obtain an account detection result, so that the service to be processed can be processed based on the account detection result. According to the service processing method, the operation executed on the service data is determined only according to the truth of the service data, and meanwhile, the account detection result for evaluating the user account is obtained according to the account state data after the user logs in, so that the processing result of the service to be processed can better accord with the relevant operation corresponding to the account, the behaviors of lawbreakers are identified, and the safety of service processing is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the specification, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a service processing method according to an embodiment of the present disclosure;
fig. 2 is a block diagram of a service processing apparatus according to an embodiment of the present disclosure;
fig. 3 is a block diagram of a service processing device according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present specification without any creative effort shall fall within the protection scope of the present specification.
The following describes a service processing method according to an embodiment of the present specification with reference to fig. 1, where an execution subject of the method is a computer device, and the computer device includes, but is not limited to, a server, an industrial personal computer, a PC, and the like, and the service processing method includes the following specific implementation steps.
S110: after the login information of a target account is detected, account state data of the target account is collected; the account state data comprises account login data and user operation data.
When a user needs to process some transactions, corresponding services can be generated based on the transactions and submitted to the computer equipment. Generally, when a user submits a service, the user account needs to be associated with the corresponding service, for example, when the user needs to query the public accumulation fund balance by using the public accumulation fund system APP, the submitted service is to query the public accumulation fund balance of the corresponding account, and the corresponding user account may be an account used by the user to log in the public accumulation fund system APP.
In the embodiment of the present specification, in order to ensure that when a user's business is processed, the determination of the security of the business is not limited to the detection of the security of the business data submitted by the user, and data generated by the user during the account login needs to be collected. Because the user account is associated with the service submitted by the user, the operation data corresponding to the user account can be collected in advance, and the safety of the service submitted by the user is detected by using the data corresponding to the user account after the service is submitted by the user.
The target account is an account which can submit a service corresponding to the account, and a processing result corresponding to the service submitted by the target account is determined by acquiring corresponding operation records and login information aiming at the target account. Specifically, the target account may be, for example, an account of the public fund system APP, and the like, which is not limited thereto.
The login information may be information generated when a user logs in the target account on a corresponding client, for example, when the user needs to log in a certain client form, after a user account and a corresponding password are input in a login interface of the client, information including the user account and the password is generated and sent to a server associated with the client. After receiving the information containing the user account and the password, the server determines that the information is submitted by the user for login, and after detecting the user account in the information, the server takes the information containing the user account and the password as login information and the user account as a target account.
The above description of the login information is only a specific example in this specification, and in practical applications, for example, a specific account may be preset, and the login request corresponding to the specific account may be taken as the login information when the login request is received. The description of the login information is not limited to the above example, and is not described herein again.
Account status data may represent data submitted to the computer device corresponding to the target account. In some embodiments, the account status data may include at least one of account login data and user operation data.
The account login data may include data generated by logging in the target account on the corresponding client. Specifically, the account login information may include time when the user logs in the target account, a device that logs in the target account, a location of the device that logs in the target account, a number of times of inputting an error password when logging in the target account, a channel through which the user logs in the target account, and the like.
The device that logs in the target account may include information corresponding to a device identifier, a device model, a device system, a device version number, a device screen size, a device screen resolution, and the like of the device.
The channel for logging in the target account may be different clients for logging in the account, for example, a user may log in through a native client corresponding to the target account, or may log in through other clients having a corresponding relationship with the client, for example, a client specifically set in an entity operating device logs in. When the client corresponding to the target account can be embedded in other application software as a functional module, the channel for logging in the target account can also be other application software in which the functional module is embedded.
The location where the target account is logged into may be an actual geographic location, such as latitude and longitude coordinates obtained using GPS technology; the location may also be a network address, such as an IP address or MAC address of the user equipment, etc.
The user operation data may be data that a user performs an operation on a client corresponding to the target account and submits to the computer device. For example, the user operation data may include data corresponding to a user performing operations such as clicking a button, switching pages, submitting a form, calling data, and the like. The user operation data may also include data of time corresponding to an operation taken by the user.
In some embodiments, the account status data may also include user information associated with the target account. The user information may include, for example, a user identification number, a user mobile phone number, user government affairs information, user accumulation data, user reputation records, and the like.
The account status data may be collected in different ways according to different situations. For example, in application software, various items of data generated in the device may be acquired by encapsulating a native API of an IOS or Android system, in an applet, corresponding data may be acquired through a corresponding interface of the applet API, and for operation data in a page, a corresponding method may be called in a related hook to acquire a corresponding event, so as to acquire data corresponding to the event. In practical application, the account status data may be obtained in a corresponding manner for a corresponding scene, which is not described herein again.
S120: and after receiving the service to be processed submitted by the target account, detecting the account state data by using at least one preset detection model to obtain an account detection result.
The preset detection model may be a model trained in advance. The preset detection model may be configured to obtain an account detection result corresponding to the account status data. Specifically, the preset detection model may include, for example, a data distribution range corresponding to a certain type of account status data, and if the account status data is within the data distribution range, the account status data is normal data.
When the preset detection model is obtained, sample data of at least one reference user can be obtained, and the preset detection model is trained by using the sample data.
The reference user may be a user who trains the preset detection model as a sample. The reference user may be selected from users corresponding to the clients associated with the target account based on big data, or users of other clients similar to the client may be used as the reference user. The selection criteria of the reference user may be adjusted according to actual requirements, and is not limited to the above examples.
The sample data comprises data corresponding to the reference user, such as reference user equipment data, reference user address data, reference user identity data, reference user operation data and the like. For the detailed description of the reference user device data, the reference user address data, the reference user identity data, and the reference user operation data, reference may be made to the description of the account status data in step S110, which is not described herein again.
The sample data may be accompanied by a normal data marker or an abnormal data marker. The normal data mark indicates that the sample data is data generated by a normal reference user; correspondingly, the abnormal data mark may be used to indicate that the sample data is data generated by a reference user corresponding to the detected malicious user or illegal program. The preset detection model can be obtained by training with the normal data mark or the abnormal data mark.
The process of training the preset detection model by using the sample data with the marks can be to classify different sample data by using algorithms such as a clustering algorithm, a decision tree algorithm and the like, so that the classified data is used for acquiring the preset detection model. The specific training process may be adjusted based on the requirements of the actual situation, and is not described herein again.
In some embodiments, the preset detection model may include an abnormal login detection model and a malicious operation detection model. The abnormal login detection model is used for inputting the account login data, and the malicious operation detection model is used for inputting the user operation data. The abnormal login detection model and the malicious operation detection model can generate corresponding account detection results according to account state data.
In some embodiments, after the account login data is input into the abnormal login detection model, whether the account login data includes abnormal login data or not can be detected. The abnormal login data comprises at least one of the following: the login data comprises login data from an abnormal login channel, login data with the number of wrong account input times exceeding an account input threshold value, and login data for logging in by using at least two login addresses within a preset time period. If the account number exists, the abnormal condition exists when the user logs in the target account number, so that the account number detection result corresponding to the target account number can be output as an account number abnormal result.
In some embodiments, after the user operation data is input into the malicious operation detection model, whether a user malicious operation is included in the user operation data may be detected; the user malicious operation comprises at least one of the following: operations for stealing data, and operations for malicious harassment. If the account number exists, the abnormal condition exists when the user logs in the target account number, so that the account number detection result corresponding to the target account number can be output as an account number abnormal result.
The account detection result comprises an account normal result and an account abnormal result. The account normal result indicates that the target account does not adopt operations similar to lawless persons before submitting the to-be-processed service, and can normally process the to-be-processed service submitted by the user. The account abnormal result indicates that the target account generates suspicious operation in the login process or the subsequent operation process and needs to reject the service to be processed submitted by the user or authenticate the identity information of the user.
In some embodiments, the account detection result further comprises a suspicious user detection result. When the output account detection result is a suspicious user detection result, it may be that the number of times of account error information included in the account login data exceeds an account error threshold and/or the account login data includes an abnormal login address. Correspondingly, a specific account error threshold value and an abnormal login address can be obtained through training in the preset detection model.
The number of times of account error information may be the number of times that a user fails to verify when logging in to the target account, and the account error threshold represents the maximum number of times that the user is allowed to fail to verify when logging in. For example, the threshold of the number of account error times may be 3, and when the number of times of querying account error information in the account login data of the user is 4, it indicates that the number of times of inputting the error account information by the user is too large, and it may not be that the actual user corresponding to the target account operates the target account and the identity information of the user needs to be verified.
The abnormal login address may be physical actual address information or network address information. For example, when it is detected that the geographic location where the terminal device where the user logs in the target account is located is different from the historical login geographic location of the user, it indicates that the currently logged-in target account may not be logged in by the actual user corresponding to the target account, and the identity information of the user needs to be verified. Similarly, when the abnormal login address is network address information, the IP address, the MAC address, and the like of the device where the user logs in the target account may also be used for comparison, so as to determine whether the account detection result is a suspicious user detection result.
The suspicious user detection indicates that the action corresponding to the target account may not be an action by an account holder. For example, when it is detected that the number of times of inputting the wrong password when the user logs in the target account exceeds the account error threshold, it may be that a lawbreaker is trying to log in the target account, or the password is input incorrectly due to the carelessness of the user. Therefore, when the account detection result is a suspicious user detection result, an identity authentication request may be sent to the target account. The identity authentication request comprises a biological feature code authentication request and a living body identification authentication request. The biometric code authentication request may be a request for obtaining biometric information with unique identification, such as a fingerprint, an iris, and a pulse, of the user to implement user identity authentication. The living body identification authentication request may be an authentication request that can indicate that the user currently operating the target account is a real user, such as face identification performed by a camera device on the user terminal device. In practical applications, the identity information of the user may be verified in other ways based on the suspicious user detection result, and is not limited to the above example.
S130: and processing the service to be processed based on the account detection result.
And when the account detection result is obtained, the service to be processed is processed based on the account detection result in a suspicious manner. When the account status data is detected by using a plurality of preset detection models, a plurality of account detection results may be obtained. If an account abnormal result exists in the account detection results, that is, the target account is an account which may have a risk, the corresponding service submitted based on the target account may be a service submitted by a lawless person for stealing data and funds, and service rejection information may be fed back to the target account.
The service rejection information is used for indicating that the currently submitted service to be processed may have risks, and the computer equipment rejects to process the service to be processed.
In some embodiments, when the account detection results are all normal account results, the service to be processed may be directly processed, or after the service data included in the service to be processed is verified, if the verification result is also normal, the service to be processed is processed. The specific method for processing the service to be processed may be adjusted based on the requirements of the actual application, and is not described herein again.
In some embodiments, when the account detection result includes an account abnormality result, the target account may be marked as an abnormal account. The abnormal account can be some accounts which are easy to generate abnormal behaviors, and the abnormal account is marked as the abnormal account, so that risks caused by the abnormal account can be reduced, and harassment behaviors of the abnormal account can be avoided.
In some examples, the abnormal account may also be set actively by the computer device, and is used to mark some accounts for which no business can be processed. For example, a certain account has a higher confidentiality, so that in order to avoid leakage of confidential data through the account processing service, if a service submitted by the abnormal account is received, the submitted service can be directly rejected.
After the target account is marked as the abnormal account, after the login information of the abnormal account is detected, the account state data of the target account does not need to be collected, and the service rejection information can be fed back to the abnormal account directly after the service to be processed submitted by the abnormal account is received, so that the corresponding resources are saved.
According to the service processing method, the operation executed on the service data is determined only according to the truth of the service data, and meanwhile, the account detection result for evaluating the user account is obtained according to the account state data after the user logs in, so that the processing result of the service to be processed can better accord with the relevant operation corresponding to the account, the behaviors of lawbreakers are identified, and the safety of service processing is ensured.
A service processing apparatus provided in the computer device according to an embodiment of the present disclosure is described below. As shown in fig. 2, the apparatus includes the following modules.
The data collection module 210 is configured to collect account status data of a target account after login information of the target account is detected; the account state data comprises account login data and user operation data;
the data monitoring module 220 is configured to, after receiving a to-be-processed service submitted by the target account, detect the account status data by using at least one preset detection model to obtain an account detection result;
and the service processing module 230 is configured to process a service to be processed based on the account detection result.
A service processing device according to an embodiment of the present specification is introduced based on the service processing method. As shown in fig. 3, the traffic processing device includes a memory and a processor.
In this embodiment, the memory may be implemented in any suitable manner. For example, the memory may be a read-only memory, a mechanical hard disk, a solid state disk, a U disk, or the like. The memory may be used to store computer program instructions.
In this embodiment, the processor may be implemented in any suitable manner. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, an embedded microcontroller, and so forth. The processor may execute the computer program instructions to perform the steps of: after the login information of a target account is detected, account state data of the target account is collected; the account state data comprises account login data and user operation data; after receiving the service to be processed submitted by the target account, detecting the account state data by using at least one preset detection model to obtain an account detection result; and processing the service to be processed based on the account detection result.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate a dedicated integrated circuit chip 2. Furthermore, nowadays, instead of manually making an integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Language Description Language), traffic, pl (core unified Programming Language), HDCal, JHDL (Java Hardware Description Language), langue, Lola, HDL, laspam, hardsradware (Hardware Description Language), vhjhd (Hardware Description Language), and vhigh-Language, which are currently used in most popular applications. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
From the above description of the embodiments, it is clear to those skilled in the art that the present specification can be implemented by software plus the necessary first hardware platform. Based on such understanding, the technical solutions of the present specification may be essentially or partially implemented in the form of software products, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and include instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments of the present specification.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The description is operational with numerous first or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
While the specification has been described with examples, those skilled in the art will appreciate that there are numerous variations and permutations of the specification that do not depart from the spirit of the specification, and it is intended that the appended claims include such variations and modifications that do not depart from the spirit of the specification.

Claims (10)

1. A method for processing a service, comprising:
after the login information of a target account is detected, account state data of the target account is collected; the account state data comprises at least one of account login data and user operation data;
after receiving a service to be processed corresponding to the target account, detecting the account state data by using at least one preset detection model to obtain an account detection result;
and processing the service to be processed based on the account detection result.
2. The method of claim 1, wherein the predetermined detection model is obtained by:
acquiring sample data of at least one reference user; the sample data comprises reference user equipment data, reference user address data, reference user identity data and reference user operation data; the sample data is attached with a normal data mark or an abnormal data mark;
training a preset detection model by using the sample data; the preset detection model comprises: an abnormal login detection model and a malicious operation detection model.
3. The method of claim 2, wherein the detecting the account status data by using at least one preset detection model to obtain an account detection result comprises:
inputting the account login data into the abnormal login detection model, and detecting whether the account login data contains abnormal login data; the abnormal login data comprises at least one of the following: login data from an abnormal login channel, login data with the number of wrong account number inputs exceeding an account number input threshold, and login data for logging in by using at least two login addresses within a preset time period;
and if so, outputting the account detection result corresponding to the target account as an account abnormal result.
4. The method of claim 2, wherein the detecting the account status data by using at least one preset detection model to obtain an account detection result comprises:
inputting the user operation data into the malicious operation detection model, and detecting whether the user operation data contains user malicious operations; the user malicious operation comprises at least one of the following: operations for stealing data and operations for malicious harassment;
and if so, outputting the account detection result corresponding to the target account as an account abnormal result.
5. The method of claim 1, wherein the account detection results comprise suspicious user detection results; the detecting the account state data by using at least one preset detection model to obtain an account detection result comprises the following steps:
when detecting that the number of times of account error information contained in the account login data exceeds an account error number threshold and/or the account login data contains an abnormal login address, outputting a suspicious user detection result;
correspondingly, the processing the service to be processed based on the account detection result and the service verification result includes:
if the account detection result is a suspicious user detection result, sending an identity authentication request to the target account; the identity authentication request comprises a biological feature code authentication request and a living body identification authentication request.
6. The method of claim 1, wherein the account detection result comprises an account security result and an account exception result; the processing of the service to be processed based on the account detection result comprises the following steps:
and feeding back service rejection information to the target account when the account detection result contains an account abnormal result.
7. The method of claim 1, wherein the processing the service to be processed based on the account detection result comprises:
and when the account detection result contains an account abnormal result, marking the target account as an abnormal account.
8. The method of claim 7, wherein after the detecting the login information of the target account and collecting the account status data of the target account, the method further comprises:
and if the target account is an abnormal account, feeding back service rejection information to the target account after receiving the service to be processed submitted by the target account.
9. A traffic processing apparatus, comprising:
the data collection module is used for collecting account state data of a target account after the login information of the target account is detected; the account state data comprises account login data and user operation data;
the data monitoring module is used for detecting the account state data by utilizing at least one preset detection model to obtain an account detection result after receiving the to-be-processed service submitted by the target account;
and the service processing module is used for processing the service to be processed based on the account detection result.
10. A traffic processing device comprising a memory and a processor;
the memory to store computer program instructions;
the processor to execute the computer program instructions to implement the steps of: after the login information of a target account is detected, account state data of the target account is collected; the account state data comprises account login data and user operation data; after receiving the service to be processed submitted by the target account, detecting the account state data by using at least one preset detection model to obtain an account detection result; and processing the service to be processed based on the account detection result.
CN202010533985.XA 2020-06-12 2020-06-12 Service processing method, device and equipment Pending CN111708995A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010533985.XA CN111708995A (en) 2020-06-12 2020-06-12 Service processing method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010533985.XA CN111708995A (en) 2020-06-12 2020-06-12 Service processing method, device and equipment

Publications (1)

Publication Number Publication Date
CN111708995A true CN111708995A (en) 2020-09-25

Family

ID=72539727

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010533985.XA Pending CN111708995A (en) 2020-06-12 2020-06-12 Service processing method, device and equipment

Country Status (1)

Country Link
CN (1) CN111708995A (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150339477A1 (en) * 2014-05-21 2015-11-26 Microsoft Corporation Risk assessment modeling
CN106936807A (en) * 2015-12-31 2017-07-07 阿里巴巴集团控股有限公司 A kind of recognition methods of malicious operation and device
CN107872436A (en) * 2016-09-27 2018-04-03 阿里巴巴集团控股有限公司 A kind of account recognition methods, apparatus and system
WO2018090839A1 (en) * 2016-11-16 2018-05-24 阿里巴巴集团控股有限公司 Identity verification system, method, device, and account verification method
CN108768943A (en) * 2018-04-26 2018-11-06 腾讯科技(深圳)有限公司 A kind of method, apparatus and server of the abnormal account of detection
CN109241711A (en) * 2018-08-22 2019-01-18 平安科技(深圳)有限公司 User behavior recognition method and device based on prediction model
CN109345260A (en) * 2018-10-09 2019-02-15 北京芯盾时代科技有限公司 A kind of fraud detection model training method and device and fraud detection method and device
CN110399925A (en) * 2019-07-26 2019-11-01 腾讯科技(武汉)有限公司 Risk Identification Method, device and the storage medium of account
CN110489964A (en) * 2019-08-21 2019-11-22 北京达佳互联信息技术有限公司 Account detection method, device, server and storage medium
CN111031017A (en) * 2019-11-29 2020-04-17 腾讯科技(深圳)有限公司 Abnormal business account identification method, device, server and storage medium
CN111083165A (en) * 2019-12-31 2020-04-28 支付宝(杭州)信息技术有限公司 Login interception method and system based on combined anti-collision library platform

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150339477A1 (en) * 2014-05-21 2015-11-26 Microsoft Corporation Risk assessment modeling
CN106936807A (en) * 2015-12-31 2017-07-07 阿里巴巴集团控股有限公司 A kind of recognition methods of malicious operation and device
CN107872436A (en) * 2016-09-27 2018-04-03 阿里巴巴集团控股有限公司 A kind of account recognition methods, apparatus and system
WO2018090839A1 (en) * 2016-11-16 2018-05-24 阿里巴巴集团控股有限公司 Identity verification system, method, device, and account verification method
CN108768943A (en) * 2018-04-26 2018-11-06 腾讯科技(深圳)有限公司 A kind of method, apparatus and server of the abnormal account of detection
CN109241711A (en) * 2018-08-22 2019-01-18 平安科技(深圳)有限公司 User behavior recognition method and device based on prediction model
CN109345260A (en) * 2018-10-09 2019-02-15 北京芯盾时代科技有限公司 A kind of fraud detection model training method and device and fraud detection method and device
CN110399925A (en) * 2019-07-26 2019-11-01 腾讯科技(武汉)有限公司 Risk Identification Method, device and the storage medium of account
CN110489964A (en) * 2019-08-21 2019-11-22 北京达佳互联信息技术有限公司 Account detection method, device, server and storage medium
CN111031017A (en) * 2019-11-29 2020-04-17 腾讯科技(深圳)有限公司 Abnormal business account identification method, device, server and storage medium
CN111083165A (en) * 2019-12-31 2020-04-28 支付宝(杭州)信息技术有限公司 Login interception method and system based on combined anti-collision library platform

Similar Documents

Publication Publication Date Title
US10778626B2 (en) Determining authenticity of reported user action in cybersecurity risk assessment
Feizollah et al. A study of machine learning classifiers for anomaly-based mobile botnet detection
JP4954979B2 (en) Systems and methods for fraud monitoring, detection, and hierarchical user authentication
EP3029593B1 (en) System and method of limiting the operation of trusted applications in the presence of suspicious programs
US9667613B1 (en) Detecting mobile device emulation
CN109756458B (en) Identity authentication method and system
US9798981B2 (en) Determining malware based on signal tokens
CN109547426B (en) Service response method and server
US10567374B2 (en) Information processing method and server
WO2015016901A1 (en) Signal tokens indicative of malware
CN111274046A (en) Service call validity detection method and device, computer equipment and computer storage medium
CN109460653B (en) Rule engine based verification method, verification device, storage medium and apparatus
CN110955395A (en) Risk assessment method and device for printing system and storage medium
CN105337739B (en) Safe login method, device, server and terminal
CN111641588A (en) Webpage analog input detection method and device, computer equipment and storage medium
WO2022106616A1 (en) Method and apparatus for user recognition
CN104486306A (en) Method for identity authentication based on finger vein recognition and cloud service
CN107294981B (en) Authentication method and equipment
CN110546638A (en) Improvements in biometric authentication
CN111708995A (en) Service processing method, device and equipment
CN115906028A (en) User identity verification method and device and self-service terminal
US20230041534A1 (en) Security status based on hidden information
CN114895775A (en) Service data processing method and device and intelligent counter
CN111784352A (en) Authentication risk identification method and device and electronic equipment
CN111274563A (en) Security authentication method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20220914

Address after: 25 Financial Street, Xicheng District, Beijing 100033

Applicant after: CHINA CONSTRUCTION BANK Corp.

Address before: 25 Financial Street, Xicheng District, Beijing 100033

Applicant before: CHINA CONSTRUCTION BANK Corp.

Applicant before: Jianxin Financial Science and Technology Co.,Ltd.

TA01 Transfer of patent application right