CN112232809A

CN112232809A - Data management method, device and equipment for frozen account and storage medium

Info

Publication number: CN112232809A
Application number: CN202011015061.7A
Authority: CN
Inventors: 黄嘉祺
Original assignee: Alipay Hangzhou Information Technology Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd
Priority date: 2020-09-24
Filing date: 2020-09-24
Publication date: 2021-01-15
Anticipated expiration: 2040-09-24
Also published as: CN112232809B

Abstract

The specification provides a data management method, a data management device, data management equipment and a storage medium for frozen accounts, and the frozen accounts are subjected to special monitoring after being thawed by acquiring thawing information of the frozen accounts. The account operation information of the frozen account after unfreezing is obtained, and the unfreezing information is compared with the account operation information to accurately determine whether the operation of the frozen account after unfreezing and the operation of the frozen account after unfreezing are the same person, so that the problem that the unfreezing of the frozen account is successful due to the fact that the unfreezing risk identification fails to be crowdsourced in the unfreezing link of the frozen account through batch behaviors is solved. The account operation information and the unfreezing information of the unfrozen frozen account are recorded and compared, so that whether the unfreezing of the frozen account belongs to crowdsourcing unfreezing or not is more accurately determined, whether the unfrozen frozen account can be used for illegal business or not is judged, the safety detection of the unfrozen frozen account is achieved, and the accuracy of account safety management is improved.

Description

Data management method, device and equipment for frozen account and storage medium

Technical Field

The present specification belongs to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a storage medium for data management of a frozen account.

Background

The scientific and technological progress brings convenience to the life and work of people and brings more risks, and the safety problem of online business is more and more emphasized. Some illegal users may purchase or otherwise obtain an account of a general user for illegal activities. Generally, a system monitors risks of an account, and when some accounts are monitored to have risks, the accounts may be frozen, so that the accounts cannot be subjected to business processing, and economic losses of users are avoided. For frozen accounts, the use can be recovered by some thawing means, and the thawing process is usually simple, such as: the thawing can be performed through authentication and the like. Some illegal users can also easily utilize the unfreezing means to continue to use the account after unfreezing, so that reasonable control over the risk account cannot be realized, and higher risk potential hazards exist.

Disclosure of Invention

An object of the embodiments of the present specification is to provide a method, an apparatus, a device, and a storage medium for data management of a frozen account, so as to improve accuracy of account security management.

In one aspect, an embodiment of the present specification provides a data management method for a frozen account, where the method includes:

obtaining unfreezing information of a frozen account, wherein the unfreezing information comprises unfreezing user information;

monitoring the frozen account after being unfrozen, and acquiring account operation information of the frozen account, wherein the account operation information comprises operation user information;

and comparing the unfreezing information with the account operation information, and if the unfreezing user information is inconsistent with the operation user information, determining that the unfrozen frozen account has risks.

In another aspect, the present specification provides a data management apparatus for freezing an account, including:

the system comprises a unfreezing information acquisition module, a data processing module and a data processing module, wherein the unfreezing information acquisition module is used for acquiring unfreezing information of a frozen account, and the unfreezing information comprises unfreezing user information;

the account operation information acquisition module is used for monitoring the unfrozen frozen account and acquiring the account operation information of the frozen account, wherein the account operation information comprises operation user information;

and the risk identification module is used for comparing the unfreezing information with the account operation information, and if the unfreezing user information is inconsistent with the operation user information, determining that the unfrozen frozen account has risks.

In another aspect, the present specification provides a data management device for frozen accounts, including at least one processor and a memory for storing processor-executable instructions, where the processor executes the instructions to implement the data management method for frozen accounts.

In yet another aspect, the present specification provides a computer-readable storage medium, on which computer instructions are stored, and when executed, the instructions implement the above data management method for frozen accounts.

According to the frozen account data management method, the frozen account data management device, the frozen account data management equipment and the frozen account data management storage medium, the unfreezing information of the frozen account during unfreezing is obtained, the frozen account is specially monitored after being unfrozen, the account operation information of the frozen account after unfreezing is obtained, the unfreezing information and the account operation information are compared, whether the operation of the frozen account after unfreezing and the operation of the frozen account after unfreezing are the same person or not is accurately determined, and the problem that the unfreezing is successfully unfrozen due to crowdsourcing of unfreezing risk identification failure in a frozen account unfreezing link through. The account operation information and the unfreezing information of the unfrozen frozen account are recorded and compared, so that whether the unfreezing of the frozen account belongs to crowdsourcing unfreezing or not is more accurately determined, whether the unfrozen frozen account can be used for illegal business or not is judged, the safety detection of the unfrozen frozen account is achieved, and the accuracy of account safety management is improved.

Drawings

In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.

FIG. 1 is a schematic flow chart diagram illustrating an embodiment of a data management method for frozen accounts provided by an embodiment of the present specification;

FIG. 2 is a schematic flow diagram of crowd-sourced thawing in some embodiments of the present description;

FIG. 3 is a schematic diagram illustrating a data management process for frozen accounts in one embodiment of the present disclosure;

FIG. 4 is a schematic diagram of a risk identification process for crowd-sourced unfrozen frozen accounts in one example scenario of the present specification;

FIG. 5 is a block diagram of an embodiment of a data management apparatus for frozen accounts provided herein;

fig. 6 is a block diagram of a hardware configuration of a data management server for freezing accounts in one embodiment of the present specification.

Detailed Description

In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.

With the continuous development of online services, some illegal users perform illegal activities on the online services, such as: network gambling and the like, and the service system generally carries out punishment on some accounts with high-risk behaviors and malicious intentions, such as control, limit acceptance, account freezing and the like. However, there are some cases of false disturbance because it is inevitable, such as: some legal accounts are frozen, and in order to ensure that normal users can normally remove account restrictions, the users can be allowed to use some unfreezing means such as: binding resource accounts, real name authentication, etc., unfreezing frozen accounts. However, this mechanism may be utilized by some malicious users, such as: in order to continuously carry out illegal activities, malicious users obtain a large number of accounts in a mode of issuing tasks or obviously returning benefits through a network crowdsourcing platform, and then identify related accounts or unfreeze frozen accounts through groups with weak law consciousness and strong trending, so that the subsequent illegal activities can be used. Crowdsourcing, among other things, is understood to be the act of a company or organization outsourcing work tasks performed by employees in the past to unspecified (and often large) public volunteers in a free-voluntary fashion.

Therefore, risk control of the frozen account may need to be different from that of a common account, and whether malicious thawing exists in the thawing of the frozen account or not can be judged through actions such as the number of times of thawing the account in a past period of time and skipping of an operation address of a bank card used by the frozen account in a thawing manner, so that whether the thawing action is crowd-sourced thawing or not is judged. The method can identify some malicious behaviors of batch unfreezing, and may miss some situations of infrequent use of the bank card, or unfreezing of the bank card at intentional intervals for a long time, so that some frozen accounts are unfrozen successfully in a crowdsourcing mode and continue illegal operation.

The embodiment of the specification provides a data management method for frozen accounts, which can monitor frozen accounts and frozen accounts after unfreezing in a targeted manner according to necessary factors in crowdsourcing unfreezing behaviors, and identify whether the frozen accounts after unfreezing belong to crowdsourcing unfreezing or not, so as to ensure that the frozen accounts after unfreezing are not used maliciously again, and improve the safety of the accounts.

Fig. 1 is a schematic flowchart of an embodiment of a data management method for frozen accounts provided in an embodiment of the present specification. Although the present specification provides the method steps or apparatus structures as shown in the following examples or figures, more or less steps or modules may be included in the method or apparatus structures based on conventional or non-inventive efforts. In the case of steps or structures which do not logically have the necessary cause and effect relationship, the execution order of the steps or the block structure of the apparatus is not limited to the execution order or the block structure shown in the embodiments or the drawings of the present specification. When the described method or module structure is applied to a device, a server or an end product in practice, the method or module structure according to the embodiment or the figures may be executed sequentially or in parallel (for example, in a parallel processor or multi-thread processing environment, or even in an implementation environment including distributed processing and server clustering).

In a specific embodiment, as shown in fig. 1, in an embodiment of the data management method for frozen accounts provided in this specification, the method may be applied to an account management system or a wind control management system, and specifically may be a computer, a tablet computer, a server, and other terminals, and the method may include the following steps:

and 102, obtaining unfreezing information of the frozen account, wherein the unfreezing information comprises unfreezing user information.

In a specific implementation process, the frozen account can be understood as an account which is limited to use of some functions or is not allowed to be used because of some risk behaviors of the account, and the frozen account can be a real risk account or a normal account which is misjudged. For truly risky accounts, a typical user who may be maliciously used defrosts using crowd-sourced means. Fig. 2 is a schematic flow diagram of crowdsourcing and unfreezing in some embodiments of the present specification, as shown in fig. 2, when an account has high-risk operation, the account is frozen, and after the account is frozen, an illegal user can issue a task on a crowdsourcing platform, guide some groups with weak law consciousness and strong tendency to receive orders, perform operations such as identity verification and bank card binding on the frozen account, and realize the purpose of removing limits from the frozen account. Wherein, the restriction is the same as that of thawing in the examples of the present specification. In the embodiment of the present specification, the frozen account may be monitored, and when the frozen account is thawed, thawing information of the frozen account is collected and acquired, and generally, the thawing information may include information of a thawing user, such as: unfreezing the name of the user, identification card identification number, home address, unit, etc.

And 104, monitoring the unfrozen frozen account, and acquiring account operation information of the frozen account, wherein the account operation information comprises operation user information.

In a specific implementation process, the frozen account after thawing may be continuously monitored, whether the frozen account after thawing is used is monitored, and account operation information of the frozen account after thawing is acquired, where the account operation information may include operation user information such as: the name of the operating user, the identification number of the ID card, the home address, the unit, etc.

In some embodiments of the present specification, the monitoring the frozen account after thawing includes:

and monitoring the account authentication operation, the associated account opening operation and the account login operation of the frozen account after the frozen account is unfrozen.

Generally, the frozen account after unfreezing is regarded as a normal account, and the same risk monitoring is carried out as the normal account, such as: determine if there are some dangerous operations on the account, etc. The embodiment of the present specification performs special monitoring on a frozen account after thawing, such as: when monitoring whether the frozen account is used, the account authentication operation of the frozen account can be monitored with emphasis such as: the identity authentication specifically comprises the following steps: face identification authentication, password authentication, real name authentication and the like, and can also monitor the operation of opening the associated account of the unfrozen frozen account, such as: opening a financial account, a game account and the like, monitoring account login operation of a frozen account after unfreezing, certainly monitoring operation behaviors of other accounts, and recording user identity information of each operation.

By monitoring the special operation behavior of the frozen account after unfreezing, the problem that the account safety is reduced due to the fact that unfreezing of the frozen account is successful and the frozen account is considered as a safe account due to the fact that crowd-sourced unfreezing risk identification fails when the frozen account is unfrozen is solved. And the identity information of the operation user of the frozen account after unfreezing is recorded, instead of simply monitoring whether dangerous actions exist in the frozen account after unfreezing, whether the frozen account is maliciously unfrozen is further judged, and a data basis is laid for risk identification of the frozen account after unfreezing.

And 106, comparing the unfreezing information with the account operation information, and if the unfreezing user information is inconsistent with the operation user information, determining that the unfrozen frozen account has risks.

In a specific implementation process, a general frozen account unfrozen maliciously is generally handed over to other users for use after unfreezing, as shown in fig. 2, a crowd-sourced frozen account is unfrozen by an illegal user through a task issuing request, and the unfrozen frozen account is still used by the illegal user who issues a task. After the account operation information of the frozen account after being thawed is obtained, the operation user information in the account operation information and the thawing user information in the thawing information can be compared, whether the operation user information is consistent with the thawing user information or not is judged, if so, other people who do not turn hands of the frozen account after being thawed can be considered to be still used by the thawing user, the thawing of the frozen account can be considered to belong to normal thawing, and the frozen account after being thawed is considered to have no risk. If the operation user information is different from the unfreezing user information, the frozen account is unfrozen and then handed over to other people, the unfrozen frozen account is not used by the unfreezing user, the frozen account is considered to be popular for unfreezing, the unfrozen frozen account can still be used for illegal business, and risks exist.

In some embodiments of this specification, the information of the thawing user includes a name of the thawing user and an identity of the thawing user, and the information of the operation user includes: operating a user name and an operating user identity;

the comparing the thawing information and the operation information includes:

and comparing the unfreezing user name with the operation user name, comparing the unfreezing user identity with the operation user identity, and if the unfreezing user name is the same as the operation user name and the unfreezing user identity is the same as the operation user identity, determining that the unfreezing user information is consistent with the operation user information, and the unfrozen frozen account has no risk.

In a specific implementation process, the unfreezing user information may include a unfreezing user name (such as a name), and an unfreezing user identity (such as an identity card number), when the unfreezing information is compared with the account operation information, the unfreezing user name and the operation user name may be compared, and the unfreezing user identity and the operation user identity may be compared, if the unfreezing user name is the same as the operation user name, and the unfreezing user identity is the same as the operation user identity, it may be considered that the unfreezing user of the frozen account and the operation user of the unfrozen frozen account are the same user, and other people may consider that the frozen account does not have a handoff, i.e., the frozen account belongs to unfreezing of a normal user, and is not crowd-sourced, it is determined that there is no risk in the unfroz. By comparing names and identification marks of a unfreezing user when the frozen account is unfrozen and an operation user after unfreezing, whether the operation use of the unfrozen and unfrozen frozen account is the same person or not is accurately determined, and then whether the unfrozen frozen account belongs to crowdsourcing unfreezing is determined.

After determining that the frozen account after thawing has risks, performing secondary risk control on the account after thawing, such as: and limiting certain functions, or monitoring and the like, so as to ensure that illegal and malicious operation behaviors of the frozen account after unfreezing do not occur.

According to the data management method for the frozen account, provided by the embodiment of the specification, the unfreezing information of the frozen account during unfreezing is obtained, and continuous special monitoring is performed on the unfrozen frozen account. The account operation information of the frozen account after unfreezing is obtained, and the unfreezing information is compared with the account operation information to accurately determine whether the operation of the frozen account after unfreezing and the operation of the frozen account after unfreezing are the same person, so that the problem that the unfreezing of the frozen account is successful due to the fact that the unfreezing risk identification fails to be crowdsourced in the unfreezing link of the frozen account through batch behaviors is solved. The account operation information and the unfreezing information are recorded and compared for the unfrozen frozen account. The account operation information and the unfreezing information of the unfrozen frozen account are recorded and compared, so that whether the unfreezing of the frozen account belongs to crowdsourcing unfreezing or not is more accurately determined, whether the unfrozen frozen account can be used for illegal business or not is judged, the safety detection of the unfrozen frozen account is achieved, and the accuracy of account safety management is improved.

Fig. 3 is a schematic data management flow diagram of a frozen account in one embodiment of the present specification, and based on the foregoing embodiment, in some embodiments of the present specification, before acquiring account operation information of the frozen account, the method further includes:

step 1021, monitoring whether the defrosted frozen account is unbound within a first preset time after defrosted, if yes, executing step 1041, obtaining account operation information of the defrosted frozen account within a second preset time after defrosted, and if not, executing step 108. Wherein the first preset time is less than or equal to the second preset time

And step 108, determining that no risk exists in the thawed frozen account.

In a specific implementation process, as shown in fig. 2, a frozen account that is crowd-sourced and defrosted is generally used by a non-defrosted user after being defrosted, and then a change of hands is performed after being defrosted, and further, a unbinding behavior of a resource account bound by the frozen account is likely to occur. In the embodiment of the specification, when monitoring the frozen account after thawing, whether the frozen account after thawing has a behavior of unbinding the resource account within a first preset time after thawing can be monitored, if yes, the frozen account after thawing is continuously monitored, account operation information of the frozen account after thawing within a second preset time after thawing is acquired, and risk identification is performed on the frozen account after thawing based on the acquired account operation information and the thawing information. If the frozen account is not subjected to the operation of unbinding the resource account within the first preset time after the frozen account is unfrozen, the frozen account can be considered not to be handed over, the unfrozen frozen account can be determined to have no risk, the unfrozen frozen account can be classified as a normal account, and special monitoring is not required, such as: the frozen account after being thawed is monitored whether some dangerous operations exist just like the normal account, and operation information of each operation does not need to be acquired and compared with thawing information. The resource account can be understood as an account which is bound when the frozen account is defrosted and can prove the identity of the user, such as: financial accounts (bank cards), social accounts, and the like, and embodiments of the present specification are not particularly limited.

It can be seen that the first preset time can be understood as a minimum time range for the special monitoring of whether the unfrozen frozen account has the possibility of crowdsourcing the unfreezing, and the second preset time can be understood as a maximum time range for the special monitoring of whether the unfrozen frozen account has the possibility of crowdsourcing the unfreezing. If the frozen account thawed within the first preset time after thawing has the behavior of removing the bound resource account, the frozen account needs to be monitored continuously, and the operation information of the frozen account after thawing within the second preset time after thawing is acquired. If the frozen account unfrozen within the first preset time does not have the unbinding operation, the frozen account unfrozen can be considered to belong to a normal user, and special monitoring is not needed. The first preset time is generally less than or equal to the second preset time, and values of the first preset time and the second preset time can be set based on actual needs, such as: the number of the cells may be 30 days, 3 months, half a year, 1 year, 2 years, etc., and the examples in this specification are not particularly limited.

In the embodiment of the specification, monitoring whether the frozen account has the unbinding behavior within a first preset time by setting the monitoring time, if so, determining that the unfreezing operation of the frozen account has a relatively large risk, and needing to perform special monitoring to obtain account operation information of the unfrozen frozen account within a second preset time after unfreezing. The account operation information is compared with the unfreezing information, so that whether the frozen account is subjected to crowdsourcing unfreezing is further accurately determined, whether the frozen account after unfreezing has risks is further judged, and the accuracy of safety detection of the frozen account is improved. And if the frozen account is monitored to have no unbinding behavior within the first preset time, the frozen account is considered not to be subjected to crowdsourcing unfreezing, and no special processing is needed, so that data processing resources are saved, and the efficiency of security detection of the frozen account is improved.

On the basis of the foregoing embodiments, in some embodiments of the present specification, the thawing information further includes: unfreezing the equipment information, wherein the account operation information further comprises: operating device information;

the comparing the unfreezing information with the account operation information further comprises:

and comparing the unfreezing equipment information with the operating equipment information, if the unfreezing user information is not consistent with the operating user information but the unfreezing equipment information is the same as the operating equipment information, judging whether the operating user corresponding to the account operating information is a related user of the unfreezing user corresponding to the unfreezing information, and if so, determining that the unfrozen frozen account has no risk.

In a specific implementation process, when obtaining the thawing information of the frozen account when thawing, the thawing information may further include thawing device information such as: similarly, when the account operation information of the frozen account is obtained, the operation information may further include operation device information such as: device identification, device fingerprint, device password, etc. When the unfreezing information is compared with the account operation information, the unfreezing user information can be compared with the operation user information, and the unfreezing equipment information can be compared with the operation equipment information. If the unfreezing user information is inconsistent with the operation user information, the method comprises the following steps: the thawing user name and the operation user name are different and/or the thawing user identification and the operation user identification are different, but the thawing device information is the same as the operation device information, and then it can be determined whether the operation user corresponding to the account operation information and the thawing user corresponding to the thawing user information are related users, such as: whether historical transactions exist between the unfreezing user and the consumption account or the financial account of the operation user or whether social contact exists on the social software or not can be judged, if yes, the operation user and the unfreezing user can be determined to be related users, the unfreezing operation of the frozen account can be considered to be unfreezing of relatives and friends, the frozen account belongs to normal unfreezing, and the unfrozen frozen account can be considered to have no risk. If the unfreezing user information is inconsistent with the operation user information and the unfreezing equipment information is inconsistent with the operation equipment information, the frozen account can be considered to belong to crowdsourcing unfreezing, and the unfrozen frozen account has risks.

According to the embodiment of the specification, the unfreezing user information and the unfreezing equipment information of the frozen account are compared with the account operation information and the operation equipment information, and the equipment information is combined, so that whether the frozen account has the condition of multi-equipment operation or not can be verified, the situation that whether relatives and friends are unfrozen is misjudged is avoided, and the accuracy of safety detection of the frozen account is improved.

On the basis of the foregoing embodiments, in some embodiments of the present specification, the thawing information further includes: unfreezing equipment information and an unfreezing address, wherein the account operation information further comprises: operating device information and an operating address;

comparing the unfreezing equipment information with the operating equipment information, comparing the unfreezing address with the operating address, and determining the operating distance between the unfreezing address and the operating address;

and if the unfreezing user information is not consistent with the operation user information, but the unfreezing equipment information is the same as the operation equipment information, and the operation distance is smaller than a preset distance, determining that the unfrozen frozen account has no risk.

In a specific implementation process, when obtaining the thawing information of the frozen account when thawing, the thawing information may further include thawing device information (such as device identifier, device fingerprint, device password, and the like) and a thawing address, such as: the area or longitude and latitude where the device is located during the unfreezing operation, and the like, and similarly, when the account operation information of the frozen account is obtained, the operation information may further include (operation device information such as device identification, device fingerprint, device password, and the like) and an operation address such as: and freezing the area or longitude and latitude where the equipment is located when the account is used, and the like. The unfreezing address and the operation address can be obtained through a device positioning technology, such as: the method includes acquiring an IP Address (Internet Protocol Address) of the thawing device, GPS positioning, and the like, and the embodiments of the present specification do not specifically limit the manner of acquiring the thawing Address and the operation Address. When comparing the thawing information with the account operation information, the operation distance between the thawing address and the operation address may also be calculated when comparing the thawing user information, the operation user information, the thawing device information, and the operation user information, such as: and calculating the distance between the GPS positioning of the thawing equipment and the GPS positioning of the operating equipment, or calculating whether the IP address of the thawing equipment and the IP address of the operating equipment are in the same province or the same city, and the like. If the unfreezing user information is not consistent with the operation user information, but the unfreezing device information is the same as the operation device information, and the calculated operation distance is smaller than the preset distance, the frozen account can be determined to be unfrozen by the operator account, but probably be unfrozen by relatives and friends, and belong to a normal unfreezing behavior, the unfrozen frozen account can be determined to have no risk, and risk control is not needed.

In the embodiment of the specification, equipment conflict and address conflict are added to judge whether the frozen account is unfrozen by relatives and friends as soon as possible instead of crowd-sourced unfreezing, so that misjudgment of unfreezing of relatives and friends is avoided, and the accuracy and efficiency of safety detection of the frozen account are improved.

Fig. 4 is a schematic diagram of a risk identification process of a frozen account crowd-sourced and unfrozen in a scenario example of the present specification, and as shown in fig. 4, in a scenario example of the present specification, a data management identification process for determining whether a frozen account belongs to a crowd-sourced deadline may include:

1. registering defreezing accounts

When the account has high-risk operation behaviors, the wind control system can freeze the account. For crowd-sourced unfreezing users, as shown in fig. 4, multiple accounts may be registered in bulk, dedicated to account unfreezing.

2. Frozen account restriction behavior monitoring

As shown in fig. 2 and 4, after the frozen account is frozen, the user may issue a task on the crowdsourcing platform, and the unfreezing user may unfreeze the frozen account by receiving a single order. In the unfreezing process of the frozen account, the wind control system can be used for monitoring the limitation removing action of the frozen account, and data acquisition and risk action judgment are carried out. Such as: the binding and releasing behavior monitoring is carried out, and the collected data can comprise: unfreezing operation IP (Internet Protocol address), name of bound card identity, identity card number of bound card identity and operating equipment fingerprint.

3. Recording account unbinding card behavior

And monitoring whether bank card unbinding behaviors exist in the frozen account after unfreezing. The white number generated by crowdsourcing limitation removal is probably used by the identity of the non-bound card limitation removal person, and if the hand needs to be changed, bank card limitation removal operation is needed to remove the relation between the account and the bound bank card identity.

4. Operational behavior monitoring

When the frozen account after thawing is subjected to identity authentication, fund account opening and other operations, the operation IP (Internet Protocol address), the name of the bound card, the identity card number of the bound card identity and the fingerprint of the operating equipment can be acquired

5. Crowdsourcing deconstruct risk determination

According to the data recorded when the account is subjected to operations such as identity authentication, fund account opening and the like after the binding card is unfrozen and unfrozen, whether the user during unfreezing and the user after unfreezing are the same or not is judged, and if yes, the method comprises the following steps: the identity names before and after the identity name is inconsistent, the use certificate numbers are inconsistent, the used equipment is different or the provinces of operating the IP are different. When the account behavior meets the risk judgment condition, the account behavior is used as a crowdsourcing limitation-resolving account to perform secondary risk control, and specific judgment modes and criteria can refer to the records of the above embodiments, which are not described herein again.

In the embodiment of the specification, necessary conditions of account production existing in crowdsourcing limitation removal behaviors can be mined by node disassembly and information extraction of crowdsourcing limitation removal account links, in the operation process of a user on a frozen account, extraction of wind control characteristics is performed by the aid of identity information associated with the account and judgment of whether hands are turned, effective identification of crowdsourcing behaviors can be achieved, secondary management and control can be accurately applied to crowdsourcing accounts, risk magnitude of the accounts breaking through maliciously and managing and then flowing into other business scenes is reduced, wind control operation cost on back-end business nodes is reduced, and loss caused by risk accounts is reduced.

In the present specification, each embodiment of the method is described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The relevant points can be obtained by referring to the partial description of the method embodiment.

Based on the data management method for the frozen account, one or more embodiments of the present specification further provide a device for data management of the frozen account. The system may include devices (including distributed systems), software (applications), modules, components, servers, clients, etc. that use the methods described in embodiments of the present specification in conjunction with hardware where necessary to implement the apparatus. Based on the same innovative conception, embodiments of the present specification provide an apparatus as described in the following embodiments. Since the implementation scheme of the apparatus for solving the problem is similar to that of the method, the specific apparatus implementation in the embodiment of the present specification may refer to the implementation of the foregoing method, and repeated details are not repeated. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.

Specifically, fig. 5 is a schematic block diagram of an embodiment of a data management apparatus for frozen accounts provided in this specification, and as shown in fig. 5, the data management apparatus for frozen accounts provided in this specification may include:

the unfreezing information acquisition module 51 is configured to acquire unfreezing information of a frozen account, where the unfreezing information includes unfreezing user information;

the account operation information obtaining module 52 is configured to monitor the frozen account after being thawed, and obtain account operation information of the frozen account, where the account operation information includes operation user information;

and the risk identification module 53 is configured to compare the unfreezing information with the account operation information, and determine that the frozen account after unfreezing has a risk if the unfreezing user information is inconsistent with the operation user information.

The data management device for the frozen account provided by the embodiment of the specification acquires the unfreezing information of the frozen account during unfreezing, performs special monitoring on the unfrozen frozen account, acquires the account operation information of the unfrozen frozen account, and compares the unfreezing information with the account operation information to accurately determine whether the operation use of the frozen account after unfreezing and unfreezing is the same person, so that the problem that the unfreezing of the frozen account is successful due to crowdsourcing of unfreezing risk identification failure in a frozen account unfreezing link through batch behavior is avoided. The account operation information and the unfreezing information of the unfrozen frozen account are recorded and compared, so that whether the unfreezing of the frozen account belongs to crowdsourcing unfreezing or not is more accurately determined, whether the unfrozen frozen account can be used for illegal business or not is judged, the safety detection of the unfrozen frozen account is achieved, and the accuracy of account safety management is improved.

On the basis of the above embodiments, in some embodiments of the present specification, the apparatus further includes: the unbinding monitoring module is used for:

before the account operation information of the frozen account is acquired, monitoring whether the defrosted frozen account is unbound within a first preset time after defrosted, if so, acquiring the account operation information of the defrosted frozen account within a second preset time after defrosted by an account operation information acquisition module, and if not, determining that the defrosted frozen account has no risk by a risk identification module; wherein the first preset time is less than or equal to the second preset time.

The data management device for frozen accounts provided in the embodiments of the present specification monitors whether a frozen account has an unbinding behavior within a first preset time by setting a monitoring time, and if so, may consider that a relatively large risk exists in a thawing operation of the frozen account, and needs to perform special monitoring, so as to obtain account operation information of the thawed frozen account within a second preset time after thawing. The account operation information is compared with the unfreezing information, so that whether the frozen account is subjected to crowdsourcing unfreezing is further accurately determined, whether the frozen account after unfreezing has risks is further judged, and the accuracy of safety detection of the frozen account is improved. And if the frozen account is monitored to have no unbinding behavior within the first preset time, the frozen account is considered not to be subjected to crowdsourcing unfreezing, and no special processing is needed, so that data processing resources are saved, and the efficiency of security detection of the frozen account is improved.

On the basis of the above embodiments, in some embodiments of this specification, the thawing user information includes a thawing user name and a thawing user identification, and the operation user information includes: operating a user name and an operating user identity;

the risk identification module is specifically configured to:

According to the data management device for the frozen account, provided by the embodiment of the specification, the names and the identity identifications of the unfreezing user during the unfreezing of the frozen account and the unfrozen operation user are compared, whether the operation use of the unfrozen frozen account and the operation use of the unfrozen frozen account are the same person or not is accurately determined, and then whether the unfreezing of the frozen account belongs to crowd-sourced unfreezing is determined.

the risk identification module is specifically configured to:

The data management device for the frozen account provided by the embodiment of the specification can verify whether the frozen account has the condition of multi-device operation or not by comparing the unfreezing user information and the unfreezing device information of the frozen account with the account operation information and the operation device information and combining the device information, so that the unfreezing of relatives and friends is prevented from being judged by mistake, and the accuracy of safety detection of the frozen account is improved.

the risk identification module is specifically configured to:

The data management device for the frozen account provided by the embodiment of the specification is added with the equipment conflict and the address conflict so as to judge whether the frozen account is unfrozen by relatives and friends as soon as possible instead of crowd unfreezing, avoid misjudgment of unfreezing of relatives and friends, and improve the accuracy and efficiency of safety detection of the frozen account.

It should be noted that the above-mentioned apparatus may also include other embodiments according to the description of the corresponding method embodiment. The specific implementation manner may refer to the description of the above corresponding method embodiment, and is not described in detail herein.

An embodiment of the present specification further provides a data management device for freezing an account, including: at least one processor and a memory for storing processor-executable instructions, the processor implementing the account-frozen data management method of the above embodiment when executing the instructions, such as:

It should be noted that the above description of the apparatus according to the method embodiment may also include other embodiments. The specific implementation manner may refer to the description of the related method embodiment, and is not described in detail herein.

The data management device for freezing accounts provided in the present specification can also be applied to various data analysis processing systems. The system or server or terminal or device may be a single server, or may include a server cluster, a system (including a distributed system), software (applications), actual operating devices, logical gate devices, quantum computers, etc. using one or more of the methods described herein or one or more embodiments of the system or server or terminal or device, in combination with necessary end devices implementing hardware. The system for checking for discrepancies may comprise at least one processor and a memory storing computer-executable instructions that, when executed by the processor, implement the steps of the method of any one or more of the embodiments described above.

The method embodiments provided by the embodiments of the present specification can be executed in a mobile terminal, a computer terminal, a server or a similar computing device. Taking the example of the operation on a server, fig. 6 is a hardware configuration block diagram of a data management server for freezing accounts in one embodiment of the present specification, and the computer terminal may be the data management server for freezing accounts or the data management device for freezing accounts in the above embodiments. As shown in fig. 6, the server 10 may include one or more (only one shown) processors 100 (the processors 100 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA, etc.), a non-volatile memory 200 for storing data, and a transmission module 300 for communication functions. It will be understood by those skilled in the art that the structure shown in fig. 6 is only an illustration and is not intended to limit the structure of the electronic device. For example, the server 10 may also include more or fewer components than shown in FIG. 6, and may also include other processing hardware, such as a database or multi-level cache, a GPU, or have a different configuration than shown in FIG. 6, for example.

The non-volatile memory 200 may be used to store software programs and modules of application software, such as program instructions/modules corresponding to the data management method for freezing an account in the embodiment of the present specification, and the processor 100 executes various functional applications and resource data updates by executing the software programs and modules stored in the non-volatile memory 200. Non-volatile memory 200 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the non-volatile memory 200 may further include memory located remotely from the processor 100, which may be connected to a computer terminal through a network. Examples of such networks include, but are not limited to, the internet, intranets, office-to-network, mobile communication networks, and combinations thereof.

The transmission module 300 is used for receiving or transmitting data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the computer terminal. In one example, the transmission module 300 includes a Network adapter (NIC) that can be connected to other Network devices through a base station so as to communicate with the internet. In one example, the transmission module 300 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The method or apparatus provided in this specification and described in the foregoing embodiments may implement service logic through a computer program and record the service logic on a storage medium, where the storage medium may be read and executed by a computer, and implement the effects of the solutions described in the embodiments of this specification, such as:

The storage medium may include a physical device for storing information, and typically, the information is digitized and then stored using an electrical, magnetic, or optical media. The storage medium may include: devices that store information using electrical energy, such as various types of memory, e.g., RAM, ROM, etc.; devices that store information using magnetic energy, such as hard disks, floppy disks, tapes, core memories, bubble memories, and usb disks; devices that store information optically, such as CDs or DVDs. Of course, there are other ways of storing media that can be read, such as quantum memory, graphene memory, and so forth.

The data management method or apparatus for the frozen account provided in the embodiments of the present specification may be implemented in a computer by a processor executing corresponding program instructions, for example, implemented in a PC end using a c + + language of a windows operating system, implemented in a linux system, or implemented in an intelligent terminal using android and iOS system programming languages, implemented in processing logic based on a quantum computer, or the like.

It should be noted that descriptions of the apparatus, the computer storage medium, and the system described above according to the related method embodiments may also include other embodiments, and specific implementations may refer to descriptions of corresponding method embodiments, which are not described in detail herein.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the hardware + program class embodiment, since it is substantially similar to the method embodiment, the description is simple, and the relevant points can be referred to only the partial description of the method embodiment.

The embodiments of the present description are not limited to what must be consistent with industry communications standards, standard computer resource data updating and data storage rules, or what is described in one or more embodiments of the present description. Certain industry standards, or implementations modified slightly from those described using custom modes or examples, may also achieve the same, equivalent, or similar, or other, contemplated implementations of the above-described examples. The embodiments using the modified or transformed data acquisition, storage, judgment, processing and the like can still fall within the scope of the alternative embodiments of the embodiments in this specification.

In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

Although one or more embodiments of the present description provide method operational steps as described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive approaches. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When the device or the end product in practice executes, it can execute sequentially or in parallel according to the method shown in the embodiment or the figures (for example, in the environment of parallel processors or multi-thread processing, even in the environment of distributed resource data update). The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded. The terms first, second, etc. are used to denote names, but not any particular order.

For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, when implementing one or more of the present description, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of multiple sub-modules or sub-units, etc. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable resource data updating apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable resource data updating apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable resource data update apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable resource data update apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

As will be appreciated by one skilled in the art, one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, one or more embodiments of the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

One or more embodiments of the present description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. One or more embodiments of the present specification can also be practiced in distributed computing environments where tasks are performed by remote devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, and the relevant points can be referred to only part of the description of the method embodiments. In the description of the specification, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the specification. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.

The above description is merely exemplary of one or more embodiments of the present disclosure and is not intended to limit the scope of one or more embodiments of the present disclosure. Various modifications and alterations to one or more embodiments described herein will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present specification should be included in the scope of the claims.

Claims

1. A method of data management for a frozen account, the method comprising:

2. The method of claim 1, prior to obtaining account operation information for the frozen account, further comprising:

monitoring whether the unfrozen frozen account is unbound within a first preset time after unfreezing, if so, acquiring account operation information of the unfrozen frozen account within a second preset time after unfreezing, and if not, determining that the unfrozen frozen account has no risk; wherein the first preset time is less than or equal to the second preset time.

3. The method of claim 1, wherein the unfreezing user information comprises an unfreezing user name and an unfreezing user identity, and the operating user information comprises: operating a user name and an operating user identity;

the comparing the unfreezing information with the account operation information includes:

4. The method of claim 3, the thawing information further comprising: unfreezing the equipment information, wherein the account operation information further comprises: operating device information;

5. The method of claim 3, the thawing information further comprising: unfreezing equipment information and an unfreezing address, wherein the account operation information further comprises: operating device information and an operating address;

6. The method of claim 1, the monitoring frozen accounts after thawing comprising:

7. A data management apparatus to freeze an account, comprising:

8. The apparatus of claim 7, further comprising: the unbinding monitoring module is used for:

9. The apparatus as claimed in claim 7, wherein the thawing user information includes a thawing user name and a thawing user identification, and the operation user information includes: operating a user name and an operating user identity;

the risk identification module is specifically configured to:

10. The apparatus of claim 9, the thawing information further comprising: unfreezing the equipment information, wherein the account operation information further comprises: operating device information;

the risk identification module is specifically configured to:

11. The apparatus of claim 9, the thawing information further comprising: unfreezing equipment information and an unfreezing address, wherein the account operation information further comprises: operating device information and an operating address;

the risk identification module is specifically configured to:

12. A data management device to freeze an account, comprising: at least one processor and a memory for storing processor-executable instructions, the processor implementing the method of any one of claims 1-6 when executing the instructions.

13. A computer readable storage medium having stored thereon computer instructions which, when executed, implement the steps of the method of any one of claims 1-6.