CN115273322B

CN115273322B - Business security auditing method and device, electronic equipment and readable medium

Info

Publication number: CN115273322B
Application number: CN202210794116.1A
Authority: CN
Inventors: 胡小敏; 王庆华; 陈盘中; 黄红超
Original assignee: Shenzhen Yihua Financial Equipment Manufacturing Co ltd; Shenzhen Yihua Computer Co Ltd; Shenzhen Yihua Financial Intelligent Research Institute
Current assignee: Shenzhen Yihua Financial Equipment Manufacturing Co ltd; Shenzhen Yihua Computer Co Ltd; Shenzhen Yihua Financial Intelligent Research Institute
Priority date: 2022-07-07
Filing date: 2022-07-07
Publication date: 2024-04-02
Anticipated expiration: 2042-07-07
Also published as: CN115273322A

Abstract

The embodiment of the invention provides a business security auditing method, a business security auditing device, electronic equipment and a readable medium, wherein the business security auditing method comprises the following steps: after the business starts to run, recording the sequence of the flow nodes and recording the state information of the indicator lamps positioned on each flow node; when the business process is executed to a preset security audit process node, judging whether the business process accords with the normal business process of the business according to the sequence of the executed process nodes and the state information of the indicator lamps of each executed process node; if the business process of the business does not accord with the normal business process of the business, adopting security measures or terminating the business process. The method gives the existing module indicator lamp a new function, so that the state change of the module indicator lamp in the service process execution process can be used for judging whether the service process accords with the normal service process, and safety measures or measures for stopping the service process can be adopted when the service process does not accord with the normal service process, thereby improving the safety of service processing.

Description

Business security auditing method and device, electronic equipment and readable medium

Technical Field

The invention relates to the technical field of intelligent self-service equipment, in particular to a business security auditing method, a business security auditing device, electronic equipment and a computer readable medium.

Background

In recent years, with the rapid development of emerging financial services, many banks expand the delivery of financial intelligent self-service equipment, the financial intelligent self-service equipment is widely applied, great convenience is provided for wide card-holding users, but in the process of using the financial intelligent self-service equipment by users, the problem that the business operation of the users is wrong or the business flow of the equipment is unreasonable cannot be found in time due to lack of real-time guidance of staff, so that inconvenience is brought to business handling of the users, and the problem that the business flow of some equipment is unreasonable is illegal is caused, and if the business flow cannot be found in time, the loss of funds is possibly caused.

Disclosure of Invention

The embodiment of the invention provides a business security auditing method, a business security auditing device, electronic equipment and a computer readable storage medium, which are used for solving the possible business security problem when intelligent self-service equipment is used for processing business.

The embodiment of the invention discloses a business security auditing method which is applied to intelligent self-service equipment, wherein the intelligent self-service equipment comprises at least one module, the module is preset with an indicator lamp, and the method comprises the following steps:

After the business starts to run, recording the sequence of the flow nodes and recording the state information of the indicator lamps positioned on each flow node; the indicator light state information is used for indicating the real-time states of indicator lights of all modules when the indicator light state information is positioned at a certain flow node;

when a business process is executed to a preset security audit process node, judging whether the business process of the business accords with the normal business process of the business according to the sequence of the executed process nodes and the state information of the indicator lamps of each executed process node;

and if the business process of the business does not accord with the normal business process of the business, adopting security measures or terminating the business process.

Optionally, when the service flow is executed to a preset security audit flow node, according to the order of the executed flow nodes and the status information of the indicator lights of each executed flow node, the step of judging whether the service flow of the service accords with the normal service flow of the service includes:

generating a real-time state directed graph according to the sequence of the executed flow nodes and the state information of the indicator lamps of each executed flow node; the real-time state directed graph comprises at least one node and at least one directed line, wherein the node is used for representing the state information of the indicator lights of the executed flow nodes, and the directed line is used for representing the order of the executed flow nodes;

Traversing a state directed graph of a normal business process of the business by adopting a binary tree traversal method and taking a starting point of a real-time state directed graph as an initial point and an end point of the real-time state directed graph as an end point;

and judging whether the path which is the same as the path of the real-time state directed graph exists in the state directed graph of the normal business flow.

Optionally, when the business process is executed to a preset security audit process node, generating a real-time state directed graph according to the order of the executed process nodes and the status information of the indicator lamps of each executed process node, including:

configuring a corresponding first identifier for the indicator light state information of each executed flow node;

and generating a real-time state directed graph according to the order of the executed flow nodes and the first identification corresponding to the indicator light state information of each executed flow node.

Optionally, each module indicator light and each module indicator light state respectively preset a corresponding second identifier and a corresponding third identifier, and the recording of the indicator light state information of each flow node includes:

combining the second identifier of the module indicator lamp with the third identifier of the module indicator lamp state to represent the real-time state of the module indicator lamp;

And according to the opening and closing sequence of the module indicator lamps of the normal business process, the real-time state of each module indicator lamp is recorded in sequence, and the indicator lamp state information of each process node is obtained.

Optionally, the method further comprises:

after the service starts to run, at least one indicator light state information of a normal service flow is recorded;

generating a state directed graph of the normal business process according to a preset process node sequence of the normal business process and at least one indicator light state information of the normal business process;

and adopting all state directed graphs corresponding to all normal business processes of the business to form a state rule base of the business.

Optionally, if the service flow of the service does not conform to the normal service flow of the service, a step of taking a security measure or terminating the service flow includes:

if the business process of the business does not accord with the normal business process of the business, an identity authentication process node is added;

judging whether the user passes identity authentication or not;

if the identity authentication is passed, continuing to execute the preset security audit flow node;

if the identity authentication fails, terminating the service flow;

Or alternatively, the first and second heat exchangers may be,

and if the service flow of the service does not accord with the normal service flow of the service, terminating the service flow.

The embodiment of the invention also discloses a business security audit device which is applied to intelligent self-service equipment, wherein the intelligent self-service equipment comprises at least one module, the module is preset with an indicator lamp, and the device comprises:

the first recording module is used for recording the sequence of the flow nodes after the business starts to run and recording the state information of the indicator lamps positioned on each flow node; the indicator light state information is used for indicating the real-time states of indicator lights of all modules when the indicator light state information is positioned at a certain flow node;

the judging module is used for judging whether the business process of the business accords with the normal business process of the business according to the sequence of the executed process nodes and the state information of the indicator lamps of each executed process node when the business process is executed to the preset security audit process node;

and the processing module is used for taking security measures or terminating the business process if the business process of the business does not accord with the normal business process of the business.

Optionally, the judging module includes:

The generation sub-module is used for generating a real-time state directed graph according to the sequence of the executed flow nodes and the state information of the indicator lamps of each executed flow node; the real-time state directed graph comprises at least one node and at least one directed line, wherein the node is used for representing the state information of the indicator lights of the executed flow nodes, and the directed line is used for representing the order of the executed flow nodes;

the traversing sub-module is used for traversing the state directed graph of the normal business process by adopting a binary tree traversing method and taking the starting point of the real-time state directed graph as an initial point and the end point of the real-time state directed graph as an end point;

and the determining submodule is used for judging whether the paths which are the same as the paths of the real-time state directed graph exist in the state directed graph of the normal business process.

Optionally, the generating submodule includes:

the configuration unit is used for configuring a corresponding first identifier for the indicator light state information of each executed flow node;

and the generating unit is used for generating a real-time state directed graph according to the sequence of the executed flow nodes and the first identifier corresponding to the indicator light state information of each executed flow node.

Optionally, each module indicator light and each module indicator light state respectively preset a corresponding second identifier and a corresponding third identifier, and the first recording module includes:

the combination sub-module is used for combining the second identifier of the module indicator lamp with the third identifier of the module indicator lamp state to represent the real-time state of the module indicator lamp;

and the recording sub-module is used for sequentially recording the real-time state of each module indicator lamp according to the opening and closing sequence of the module indicator lamps of the normal business process to obtain the indicator lamp state information of each process node.

Optionally, the apparatus further comprises:

the second recording module is used for recording at least one indicator light state information of a normal business process after the business starts to run;

the generating module is used for generating a state directed graph of the normal business process according to the preset process node sequence of the normal business process and at least one indicator light state information of the normal business process;

and the state rule base building module is used for forming a state rule base of the service by adopting all state directed graphs corresponding to all normal service flows of the service.

Optionally, the processing module includes:

A flow node adding sub-module for adding an identity authentication flow node if the business flow of the business does not accord with the normal business flow of the business;

the identity judging sub-module is used for judging whether the user passes identity authentication or not;

a continuous execution flow sub-module, configured to continuously execute the preset security audit flow node if the identity authentication is passed;

the first termination flow sub-module is used for terminating the business flow if the identity authentication fails;

or alternatively, the first and second heat exchangers may be,

and the second termination flow sub-module is used for terminating the business flow if the business flow of the business does not accord with the normal business flow of the business.

The embodiment of the invention also discloses electronic equipment, which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;

the memory is used for storing a computer program;

the processor is configured to implement the method according to the embodiment of the present invention when executing the program stored in the memory.

Embodiments of the invention also disclose one or more computer-readable media having instructions stored thereon, which when executed by one or more processors, cause the processors to perform the methods described in the embodiments of the invention.

The embodiment of the invention has the following advantages:

the embodiment of the invention provides a business security auditing method, which is applied to intelligent self-service equipment, wherein the intelligent self-service equipment comprises at least one module, an indicator lamp is preset in the module, after business starts to run, the sequence of flow nodes is recorded, and the status information of the indicator lamp at each flow node is recorded; the indicator light state information is used for indicating the real-time states of indicator lights of all modules when the indicator light state information is positioned at a certain flow node; when a business process is executed to a preset security audit process node, judging whether the business process of the business accords with the normal business process of the business according to the sequence of the executed process nodes and the state information of an indicator lamp of each executed process node; and if the business process of the business does not accord with the normal business process of the business, adopting security measures or terminating the business process. The method of the invention endows the existing module indicator lamp with a new function, so that the state change of the module indicator lamp in the execution process of the business process can be adopted to judge whether the business process accords with the normal business process, and under the condition of not accord with the normal business process, the safety measure can be adopted or the measure for stopping the business process can be adopted, thereby improving the safety of business processing.

Drawings

FIG. 1 is a flow chart of steps of a business security audit method provided in an embodiment of the present invention;

FIG. 2 is a flow chart of steps of another business security audit method provided in an embodiment of the present invention;

FIG. 3 is a schematic diagram of a portion of a normal flow state directed graph of a card withdrawal service provided in an embodiment of the present invention;

FIG. 4 is a schematic diagram of a directed graph of the real-time status of a card withdrawal service provided in an embodiment of the present invention;

FIG. 5 is a block diagram of a business security audit device provided in an embodiment of the present invention;

FIG. 6 is a block diagram of an electronic device provided in an embodiment of the invention;

fig. 7 is a schematic diagram of a computer readable medium provided in an embodiment of the invention.

Detailed Description

In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.

For financial business, especially for business related to accounting such as card withdrawal, card-free deposit, transfer, payment and the like, which is processed on a financial intelligent self-service device, the invention provides a business security audit method which gives the existing module indicator a new function, namely, gives the module indicator different working states, and adopts the different working states of the module indicator to reflect the different working states of the module, so that the working state change of the module indicator can be adopted to reflect the real-time working state of the module in the execution process of the business process, and particularly, whether the business process accords with the normal business process or not can be judged, and safety measures or measures for stopping the business process can be adopted under the condition of not conforming to the normal business process, thereby improving the security of the business process.

The embodiment of the invention is applied to intelligent self-service equipment, the intelligent self-service equipment comprises at least one module, and the module can comprise a card reader module, an encryption keyboard module, an identity card reader module, a camera module, a flow module, a receipt module, a movement module, a passbook printer module, a bill issuing machine module, a bill acceptance equipment module, a scanner module, a laser printer module, a card sender module and the like. The module is preset with the pilot lamp, correspondingly, and the module pilot lamp can include card reader module pilot lamp, encryption keyboard module pilot lamp, ID card reader module pilot lamp, camera module pilot lamp, flowing water module pilot lamp, receipt module pilot lamp, core module pilot lamp, bankbook printer module pilot lamp, bill issue machine module pilot lamp, bill accept equipment module pilot lamp, scanner module pilot lamp, laser printer module pilot lamp, card sender module pilot lamp, etc..

Before the intelligent self-service equipment is formally used for processing the service, a module set and a module indicator lamp set corresponding to the module set are required to be selected in advance, and in practical application, all modules can be formed into the module set; the modules required by processing the service can be selected to form a module set according to different service requirements; it is also possible to select only some modules that are closely related to traffic safety to construct a set of modules, for example: a banknote dispensing module, a deposit module, an encryption keyboard module, and the like. Correspondingly, the indication lamps corresponding to the modules form a module indication lamp set.

The operating state of the module indicator light may include being in an off state, being in at least one color state, being in at least one brightness state, being in a normally on or blinking state, and the like, which the present invention is not limited to.

The operation modes of the module may include a module shutdown, a module failure, a module normal operation mode one, a module normal operation mode two, a module normal operation mode three, etc., which the present invention is not limited to.

Different operating states of the module indicator light may reflect different operating conditions of the module, such as: for the card reader module, (1) the card reader module is in a normal working state and waits for card insertion, and then is in a green light flashing state; (2) the card reader module is closed and is in a light-off state; (3) if the card reader module fails, the card reader module is in a red light state; (4) If the card reader is in a normal working state and the card exists in the normal working state, the card reader is in a green light long-lighting state. For the password keyboard module, (1) when waiting for a client to input a password, starting a normally-on green light state; (2) the card reader module is closed and is in a light-off state; (3) if the card reader module fails, the card reader module is in a red light state. The invention is not limited in this regard.

Referring to fig. 1, a step flow chart of a business security audit method provided in an embodiment of the present invention is shown, which may specifically include the following steps:

Step 101, after the service starts to run, recording the sequence of the flow nodes and recording the state information of the indicator lamps positioned on each flow node;

in order to ensure the safety of service processing, when a user adopts intelligent self-service equipment to process the service, the intelligent self-service equipment starts from service operation, records the sequence of the flow nodes in the service flow in real time, and records the state information of the indicator lights of each flow node so as to be used for judging whether the service flow is reasonable or not.

The indicator lamp state information is used for representing the real-time states of indicator lamps of all modules when the indicator lamp state information is in a certain process node; for example, when the password process node is input, the real-time state of the indicator light of the password keyboard module is a green light normally-on state, and the real-time states of the indicator lights of other modules are off states; of course, in actual situations, the indicator lamps of some modules may be set to be in the status of the indicator lamps corresponding to the working mode to be used all the time from the beginning of the operation of the service, the status of the indicator lamps of the modules changes when the module is used, the status of the indicator lamps corresponding to the working mode to be used is restored after the end of the use, and the status of the indicator lamps is changed to the status of the indicator lamps corresponding to the working mode to be used until the end of the operation of the service.

102, when a business process is executed to a preset security audit process node, judging whether the business process of the business accords with the normal business process of the business according to the sequence of the executed process nodes and the state information of the indicator lamps of each executed process node;

the processing of a service can comprise at least one flow node, and the auditing of the security of the service flow can be the auditing of the whole flow of the service, and the security auditing can be carried out for the service flow before the flow nodes which directly hook the fund security, such as cash discharge, deposit and account, transfer and payment, and the like. If the security audit is carried out on the whole business process, each process node can be set to be used as a security audit process node for carrying out multiple audits or the last process node can be set to be used as a security audit process node for carrying out one-time security audit on the whole business process; if the security audit is carried out on at least one flow node which is directly hooked with the fund security, the flow nodes which are directly hooked with the fund security are set as security audit flow nodes.

In order to determine at which process node to conduct security audit, the intelligent self-service device may obtain a preset security audit process node before starting to process the service.

When the business process is executed to the preset security audit process node, whether the business process of the business accords with the normal business process of the business can be judged according to the sequence of the executed process nodes and the state information of the indicator lamps of each executed process node. Specifically, the sequence of the executed flow nodes reflects the time sequence of the execution of the flow nodes in the business process, and whether the sequence of the execution of the flow nodes accords with the normal business process can be judged according to the sequence of the executed flow nodes; the indicator light state information of each executed flow node reflects whether the module works normally when the module is positioned at each flow node in the business flow, and whether the working mode of the corresponding module accords with the normal business flow when the module is positioned at each flow node in the business flow can be judged according to the indicator light state information of each executed flow node.

Judging whether the business process of the business accords with the normal business process of the business according to the sequence of the executed flow nodes and the state information of the indicator lamps of each executed flow node, wherein the obtained judging result can comprise that the business process of the business accords with the normal business process of the business and the business process of the business does not accord with the normal business process of the business. If the business process of the business accords with the normal business process of the business, the preset security audit process node can be continuously executed; if the business process of the business does not accord with the normal business process of the business, measures can be taken to ensure the safety of the business.

And 103, if the business process of the business does not accord with the normal business process of the business, taking security measures or terminating the business process.

Judging whether the business process of the business accords with the normal business process of the business according to the sequence of the executed flow nodes and the state information of the indicator lamps of each executed flow node, and if the obtained judging result is that the business process of the business does not accord with the normal business process of the business, adopting security measures or terminating the business process.

The security measure may be identity authentication, where the identity authentication may include face recognition, second-generation identity card recognition, short message recognition, fingerprint recognition, and the like, which is not limited in the present invention. The termination business process can be to stop the current business to continue running and send alarm information.

By the business security auditing method, the method is applied to intelligent self-service equipment, the intelligent self-service equipment comprises at least one module, the module is preset with an indicator lamp, after business starts to run, the sequence of flow nodes is recorded, and the status information of the indicator lamp at each flow node is recorded; the indicator light state information is used for indicating the real-time states of indicator lights of all modules when the indicator light state information is positioned at a certain flow node; when a business process is executed to a preset security audit process node, judging whether the business process of the business accords with the normal business process of the business according to the sequence of the executed process nodes and the state information of an indicator lamp of each executed process node; and if the business process of the business does not accord with the normal business process of the business, adopting security measures or terminating the business process. The method of the invention endows the existing module indicator lamp with a new function, so that the state change of the module indicator lamp in the execution process of the business process can be adopted to judge whether the business process accords with the normal business process, and under the condition of not accord with the normal business process, the safety measure can be adopted or the measure for stopping the business process can be adopted, thereby improving the safety of business processing.

Referring to fig. 2, a flowchart illustrating steps of another business security audit method provided in an embodiment of the present invention may specifically include the following steps:

step 201, after the service starts to run, recording the sequence of the flow nodes and recording the status information of the indicator lights of each flow node;

In one embodiment of the present invention, the recording the status information of the indicator lights at each flow node includes:

s11, combining the second identifier of the module indicator lamp with the third identifier of the module indicator lamp state to represent the real-time state of the module indicator lamp;

in the embodiment of the invention, each module indicator lamp and each module indicator lamp state are respectively preset with a corresponding second mark and a corresponding third mark. The second identifier corresponding to the module indicator lamp may be an arabic number, a case letter, or any identifier defined by the user, which is not limited in the present invention. The third identifier corresponding to the status of the module indicator light may be an arabic number, a case letter, or any identifier defined by the user, which is not limited in the present invention.

The intelligent self-service equipment records the state information of the indicator lights of each flow node, wherein the state information of the indicator lights is used for representing the real-time states of the indicator lights of all modules when the intelligent self-service equipment is positioned at a certain flow node; the recording of the real-time status of the module indicator light may be combining the second identifier of the module indicator light with the third identifier of the module indicator light status, to represent the real-time status of the module indicator light.

As a specific example of the invention, the second identifier of the card reader module indicator light is preset to be 1, the third identifier of the card reader module indicator light state is preset to be 0, 2 and 3, the preset third identifier 0 represents in a closed state, the preset third identifier 2 represents in a state of waiting for card insertion in normal operation, and the preset third identifier 3 represents in a state of having a card in normal operation. Combining the second identifier of the card reader module indicator light with a third identifier of the card reader module indicator light state, and when the combination is 10, indicating that the real-time state of the card reader module indicator light is a closed state; when the combination is 12, the real-time state of the card reader module indicator lamp is a state waiting for card insertion; and when the combination is 6, the real-time state of the card reader module indicator lamp is a card-on state.

And S12, according to the opening and closing sequence of the module indicator lights of the normal business process, the real-time state of each module indicator light is recorded in sequence, and the indicator light state information of each process node is obtained.

The intelligent self-service equipment records the state information of the indicator lights of each flow node, wherein the state information of the indicator lights is used for representing the real-time states of the indicator lights of all modules when the intelligent self-service equipment is positioned at a certain flow node; for the recording of the real-time states of the module indicator lamps of all the modules, the real-time states of the module indicator lamps of each module can be recorded in sequence according to the opening and closing sequence of the module indicator lamps of the normal business process, so that the indicator lamp state information of each process node is obtained.

As a specific example of the present invention, the second identifier of the card reader module indicator is preset to 1, the second identifier of the code keyboard module indicator is preset to 2, the second identifier of the withdrawal module indicator is preset to 3, and the second identifier of the receipt printing module indicator is preset to 4; presetting a third mark of the card reader module indicating lamp state to be 0, 2 and 3, wherein the preset third mark 0 represents a closed state, the preset third mark 2 represents a card waiting state in normal operation, and the preset third mark 3 represents a card-on state in normal operation; presetting a third mark of a code keyboard module indicator lamp, a withdrawal module indicator lamp and a receipt printing module indicator lamp to be 0, wherein the preset third mark 0 represents a closed state; the module indicator lights of the normal business process are assumed to be on and off in sequence: the first is a card reader module indicator light, the second is a password keyboard module indicator light, the third is a withdrawal module indicator light, and the fourth is a receipt printing indicator light; when the node is in the waiting card insertion process, the status information of the indicator light can be recorded as: 12, 20, 30, 40.

Step 202, generating a real-time state directed graph according to the order of the executed flow nodes and the status information of the indicator lamps of each executed flow node;

In the embodiment of the invention, the real-time state directed graph can be adopted to reflect the real-time change of the business process, and specifically, the real-time state directed graph can be generated according to the order of the executed process nodes and the status information of the indicator lamps of each executed process node so as to compare the real-time state directed graph with the preset state directed graph of the normal business process to judge whether the business process accords with the normal business process.

The real-time state directed graph comprises at least one node and at least one directed line, wherein the node is used for representing the indicator light state information of the executed flow nodes, and the directed line is used for representing the sequence of the executed flow nodes.

In one embodiment of the present invention, when the business process is executed to a preset security audit process node, the step of generating a real-time status directed graph according to the order of the executed process nodes and the status information of the indicator lamps of each executed process node includes:

s21, configuring a corresponding first identifier for the indicator light state information of each executed flow node;

in the embodiment of the invention, a state directed graph of a normal business flow of the business is preset, nodes in the state directed graph of the normal business flow represent real-time states of all module indicator lamps of a certain flow node, and different first identifiers are adopted for each node to represent the node. Therefore, in the service processing process, a corresponding first identifier can be configured for the indicator light state information of each executed flow node, and for the indicator light state information of the executed flow node which is the same as the indicator light state information in the normal service flow, the indicator light state information of the executed flow node can be configured with the same first identifier as the corresponding node in the state directed graph; for the indicator light state information of the executed flow node different from the indicator light state information in the normal business flow, a first identifier different from all the first identifiers in the state directed graph can be configured; therefore, whether the working states of all modules in the executed flow nodes in the business process accord with the working states of all modules in the flow nodes in the normal business process can be judged by comparing the first identification in the normal business process state directed graph with the first identification in the real-time state directed graph.

S22, generating a real-time state directed graph according to the sequence of the executed flow nodes and the first identification corresponding to the indicator light state information of each executed flow node.

After the corresponding first identifier is configured for the indicator light state information of each executed flow node, a real-time state directed graph can be generated according to the order of the executed flow nodes and the first identifier corresponding to the indicator light state information of each executed flow node.

The real-time state directed graph comprises at least one node and at least one directed line, wherein the node is used for representing the indicator light state information of the executed flow nodes, specifically, each node is represented by adopting a first identifier of the indicator light state information corresponding to the node, and the directed line is used for representing the sequence of the executed flow nodes.

Step 203, using binary tree traversal, using the start point of the real-time state directed graph as an initial point and the end point of the real-time state directed graph as an end point, and traversing the state directed graph of the normal business process of the business;

in the embodiment of the invention, since a service includes at least one normal service flow, a preset normal service flow state directed graph of the service includes at least one normal service flow state directed graph, each path in the normal service flow state directed graph is a complete path of a complete service flow of a normal service flow, and a preset security audit flow node in the service processing process can be any flow node in the service flow, so that the real-time state directed graph is usually a sub-state directed graph of the normal service flow state directed graph, and therefore, in the service processing process, after the real-time state directed graph is generated, a binary tree traversal method can be adopted, the state directed graph of the normal service flow of the service is traversed by taking the starting point of the real-time state directed graph as an initial point and the end point of the real-time state directed graph as an end point, so as to judge whether the real-time state directed graph is a sub-state directed graph of the normal service flow state directed graph.

Step 204, judging whether the path which is the same as the path of the real-time state directed graph exists in the state directed graph of the normal business process;

in the embodiment of the invention, whether the real-time state directed graph is a sub-state directed graph of the normal business process state directed graph is judged, and the specific implementation is that whether the path same as the path of the real-time state directed graph exists in the state directed graph of the normal business process is judged, so after the state directed graph of the normal business process of the business is traversed by taking the starting point of the real-time state directed graph as an initial point and the end point of the real-time state directed graph as an end point, whether the path same as the path of the real-time state directed graph exists in the state directed graph of the normal business process can be judged.

Specifically, the state directed graph of the normal business process of the business is traversed by taking the starting point of the real-time state directed graph as an initial point and the ending point of the real-time state directed graph as an end point, and if a path coincident with the path of the real-time state graph can be found, the business process of the business can be considered to accord with the normal business process of the business.

And 205, if the business process of the business does not accord with the normal business process of the business, taking security measures or terminating the business process.

In the embodiment of the invention, if the same path as the path of the real-time state directed graph is not found in the state directed graph of the normal business process, the business process of the business is determined to be not in accordance with the normal business process.

After determining that the business process of the business does not conform to the normal business process, security measures can be taken or the business process can be terminated.

In one embodiment of the present invention, the step of taking a security measure if the service flow of the service does not conform to the normal service flow of the service includes:

s31, if the business flow of the business does not accord with the normal business flow of the business, an identity authentication flow node is added;

after determining that the business process of the business does not accord with the normal business process of the business, a safety measure can be adopted, and the safety measure can be adopted to increase an identity authentication process node so as to judge whether the real identity of the user accords with the user identity information stored in the intelligent self-service equipment, thereby ensuring the safety of business processing.

S32, judging whether the user passes identity authentication;

in the embodiment of the invention, whether the user passes identity authentication is judged, and the user can be specifically considered to pass the identity authentication if the real identity information of the current user using the service processing is matched with the user identity information stored in the intelligent self-service equipment; if the true identity information of the current user processed by the service is not matched with the user identity information stored in the intelligent self-service equipment, the user identity authentication can be considered to be failed.

S33, if the identity authentication is passed, continuing to execute the preset security audit flow node;

after the user passes the identity authentication, the preset security audit flow node can be continuously executed so as to meet the service processing requirement of the user.

S34, if the identity authentication fails, terminating the service flow;

after the user identity authentication fails, the service flow can be terminated to ensure the service safety and maintain the benefits of the users stored in the intelligent self-service equipment.

Or alternatively, the first and second heat exchangers may be,

in one embodiment of the present invention, the step of terminating the service flow if the service flow of the service does not conform to the normal service flow of the service includes:

s41, if the business process of the business does not accord with the normal business process of the business, terminating the business process.

In the embodiment of the invention, after the business process of the business is determined to be not in accordance with the normal business process of the business, the business process can be directly terminated, so that the safety of business processing can be ensured in a fastest and convenient way.

In one embodiment of the invention, the method further comprises:

s51, after the service starts to run, at least one indicator light state information of a normal service flow is recorded;

in the embodiment of the invention, a state directed graph of the normal business process of the business can be preset, specifically, the business can be operated first, and at least one indicator light state information of the normal business process of the business can be recorded.

S52, generating a state directed graph of the normal business process according to a preset process node sequence of the normal business process and at least one indicator light state information of the normal business process;

in the embodiment of the invention, each service has at least one normal service flow, and the flow node sequence of the normal service flow of the service can be preset in the intelligent self-service equipment by service developers. The intelligent self-service equipment can generate a state directed graph of the normal business process according to the preset process node sequence of the normal business process and at least one indicator light state information of the normal business process.

S53, adopting all state directed graphs corresponding to all normal business processes of the business to form a state rule base of the business.

After generating a state directed graph of the normal business process according to the preset process node sequence of the normal business process and at least one indicator light state information of the normal business process, the intelligent self-service device can establish a state rule base of the business in a database, and store all state directed graphs corresponding to all normal business processes of the business, so that the state directed graph can be used as a normal business process standard for judging whether the business process is reasonable or not in the process of processing the business by a user.

As a specific example of the present invention, a security audit process for a card withdrawal service is presented.

The normal business flow of the card withdrawal business performed on the intelligent self-service equipment can comprise flow nodes such as waiting for card insertion, card insertion and card reading, inputting a corresponding code of a card number, selecting withdrawal type, withdrawing, printing a certificate and the like.

Card withdrawal services, including small and large withdrawal (more than 5 ten thousand). Modules involved in general micropayment include, but are not limited to, the following: the device comprises a screen module, a card reader module, a password keyboard module, a machine core module and a receipt printer module, wherein the biometric module is correspondingly added to be used as a withdrawal authorization receipt when a large amount of money is withdrawn, and the device comprises an equipment identity card module, a fingerprint instrument module and a binocular camera module.

The module indicator lamps related to the card withdrawal business include, but are not limited to, the following module indicator lamps: atmosphere module pilot lamp, screen module pilot lamp, card reader module pilot lamp, peep-proof cover module pilot lamp, withdrawal module pilot lamp, receipt module pilot lamp, identification card module pilot lamp, fingerprint appearance module pilot lamp, binocular camera module pilot lamp.

The module operation modes involved in the card withdrawal service include, but are not limited to, the following operation modes: (1) module shut-down; (2) a module failure; (3) the module works normally, and the working mode is the first; (4) the module works normally and the working mode is II; (5) the module works normally, and the working mode is III;

The module indicates a light status including, but not limited to, the following: 1) Green, white, red, yellow or other colored lights; 2) Normally bright, blinking (slow, fast, medium); 3) Intensity of brightness, etc.

The intelligent self-service equipment is in a normal working state, and when a person walks close, the atmosphere module indicator lamp is turned on and a normally-bright white lamp is turned on; when the person leaves, the atmosphere module indicator light will be in the off state. If the atmosphere module fails, the system is in a red light state. The operation screen indicator lamps are similar, and the strength of the screen indicator lamps can be adjusted according to the operation of clients, the external brightness and the peep-proof angle.

The card reader module is in a normal working state, waits for card insertion, and is in a green light flashing state; if the card reader module fails, the card reader module is in a red light state; if the card reader is in a normal working state and a card exists in the card reader, the card reader is in a green light long-lighting state; if the card reader module is turned off, the card reader module is in a light-off state.

The password keyboard module is in a normal working state, when waiting for a customer to input a password, a normally-on green light state is started, and when the operation of the current service is completed, the indication lamp of the password keyboard module is turned off; if the cipher keyboard module fails, the cipher keyboard module is in red light state.

The money withdrawing module indicator lamp is turned on in a normally-on green light state when money is ready to be withdrawn, the money door is opened until the money is withdrawn successfully, and after a series of actions of taking the money and closing the money feeding door are completed, the money withdrawing module indicator lamp is turned off; if the withdrawal module fails, the withdrawal module is in a red light state.

The receipt printing module indicator lights are turned on when the receipt is ready to be printed, the normally-on green light state is turned on, and the receipt printing module indicator lights are turned off when the operation of the current business is completed; if the receipt printing module fails, the receipt printing module is in a red light state.

The identity card module indicator lamp, the fingerprint instrument module indicator lamp and the binocular camera module indicator lamp are turned on in a normally-on green light state when the biological characteristics are ready to be read, and the module indicator lamp is turned off until the relevant biological characteristics are read and the current service authorization is completed; if the module fails, the module is in a red light state.

Before the intelligent self-service equipment is put into use for a user, a module set capable of processing a card withdrawal service and a module indicator lamp set corresponding to the module set are selected in advance on the intelligent self-service equipment; a business application is installed on the intelligent self-service device that can be used to process at least one business.

A state directed graph of a normal business flow of a card withdrawal business is preset on the intelligent self-service equipment:

(1) Based on the normal business flow, the card withdrawal business is operated, and the state of each module indicator lamp is obtained from the beginning of business execution to the ending of business execution.

11 Before the business starts to run, the card reader module indicator lamp is started and set to be in a green light flashing state, so that the card can be inserted at the moment.

12 When the customer approaches the equipment, the atmosphere module indicator lamp and the screen operation module indicator lamp are turned on, and the white lamp is set to be in a normally-on state. If the external environment is insufficient in luminosity, the screen operation module indicator lamp is correspondingly enhanced, and if the external environment is too strong in luminosity, the screen operation module indicator lamp brightness is correspondingly reduced. For example, the anti-peeping effect of the screen is poor, and the indication lamp of the screen operation module can be set to be a yellow lamp for prompting the attention of the customer.

6) And after the card is inserted, reading the card, and setting the indication lamp of the card reader module to be in a green light normally-on state.

14 After the card is successfully read, when the password is ready to be input for verification, the indication lamp of the password keyboard module is started to prompt a customer to operate the password keyboard to input the password, and the state of normally lighting a green light is set. And after the password is successfully verified, turning off the indication lamp of the password keyboard module.

15 Selecting withdrawal type)

i) Choosing a small withdrawal, skipping biometric authorization authentication, proceeding to 16).

ii) selecting large amount of money to be withdrawn, when the identity card is ready to be read, the fingerprint is pressed, and the human face is in living body, turning on an identity card module indicator lamp, a fingerprint instrument indicator lamp and a binocular camera module indicator lamp, setting a green light normally-on state, and prompting various biological feature authentications of clients to authorize. And after the authorization is finished, the identity card module indicator lamp, the fingerprint instrument indicator lamp and the binocular camera module indicator lamp are turned off.

16 The related operation comprises sending a withdrawal message to the machine core, digging the money, discharging the money to a money opening, opening a money door, taking the money and closing the money door.

Before sending a withdrawal message to the machine core, starting a withdrawal module indicator lamp and setting a green light normally-on state; and closing the indicating lamp of the money withdrawing module after the money is dug, discharged to the money opening, the money opening door, the money taking and closing door are successful.

17 Before the customer prints the withdrawal certificate, turning on a certificate printing module indicator lamp and setting a green light normally-on state; and when the receipt printing is successful, closing the receipt printing module indicator lamp.

18 The card is withdrawn, and the card reader module indicator lamp is reset to a green light flashing state at the moment.

(2) And recording the state of the indicator lights of each module when the card withdrawal service is above each flow node, and obtaining the state information of the indicator lights of each flow node.

(3) Generating a state directed graph of the normal business process according to a preset sequence of process nodes of the normal business process and the state information of the indicator lamps of each process node;

(4) And (3) exhausting all normal working flows of the card withdrawal service, and storing the device state directed graph of each normal working flow in a database to form a state rule base of the card withdrawal service-indicator lamp of the card withdrawal service.

Specifically, the identification is configured for each module indicator and each module indicator status:

card withdrawal involves a module indicator light: 1-atmosphere module pilot lamp, 2-screen module pilot lamp, 3-card reader module pilot lamp, 4-peep-proof cover module pilot lamp, 5-withdraw module pilot lamp, 6-receipt printing module pilot lamp, 7-identity card module pilot lamp, 8-fingerprint appearance module pilot lamp, 9-binocular camera module pilot lamp.

Indicator light status: 0-off, 1-normally on green light, 2-flashing green light, 3-red light, 4-brighter white light, 5-brighter weaker white light, 6-yellow light.

Based on the above identification, there may be 6^9 exhaustive module indicator light states, which are not all exhaustive herein.

For a normal business process of a card withdrawal business, the indicator light state information of the process node is expressed as follows (the first bit from left to right of each cell represents the indicator light type, and the second bit represents the indicator light state):

1) The method comprises the steps that no person exists, only the card reader flashes to a green light, and if the state information of the indicator light is a;

table 1 indicator status information a

10

25

32

40

50

60

70

80

90

2) The people approach, the atmosphere lamp and the screen lamp are white lamps with stronger brightness, and if the state information of the flow node indication lamp is b;

table 2 indicator status information b

14

24

32

40

50

60

70

80

90

The people approach, the atmosphere lamp is turned off, the screen lamp is a white lamp with stronger brightness, and if the state information of the flow node indicator lamp is c;

table 3 indicator light status information c

10

24

32

40

50

60

70

80

90

And are not all exhaustive.

3) Inserting and reading a card, and if the state information of the flow node indicator lamp is d;

table 4 indicator light status information d

14

24

31

40

50

60

70

80

4) Inputting a password, and if the state information of the flow node indicator lamp is e;

table 5 indicator light status information e

14

23

31

41

50

60

70

80

90

5) Selecting withdrawal type

i) Withdrawal of small amount

Selecting a micropayment

If the password keyboard indicator lamp is turned off, if the state information of the flow node indicator lamp is f;

table 6 indicator light status information f

14

23

31

40

50

60

70

80

90

If the password keyboard indicator lamp is not turned off, if the state information of the flow node indicator lamp is g;

TABLE 7 indicator light status information g

14

23

31

41

50

60

70

80

90

ii) withdrawal of large amounts

Reading an identity card, and if the state information of the flow node indicator lamp is h;

table 8 indicator status information h

14

23

31

41

50

60

71

80

90

Scanning the fingerprint instrument, and if the state information of the flow node indicator lamp is i;

Table 9 indicator light status information i

14

23

31

41

50

60

71

81

90

Human body living body detection (on condition), if the flow node indicator lamp state information is j;

table 10 indicates lamp status information j

14

23

31

41

50

60

71

81

91

After authorization, each module indicates the lamp to be turned off, if the state information of the flow node indicator lamp is k;

table 11 indicator light status information k

14

23

31

40

50

60

70

80

90

6) Withdrawal of money

Withdrawal of small amount

If the password keyboard indicator lamp is turned off, if the state information of the flow node indicator lamp is l;

table 12 indicating lamp status information l

14

23

31

40

51

60

70

80

90

If the password keyboard indicator lamp is not turned off, if the state information of the flow node indicator lamp is m;

table 13 indicating lamp status information m

14

23

31

41

50

60

70

80

90

Large amount withdrawal

After authorization, each module indicates the condition that the lamp is turned off, and if the state information of the indicating lamp of the flow node is n;

table 14 indicator light status information n

14

23

31

40

51

60

70

80

90

After authorization, each module indicates that the lamp is not turned off, if the state information of the node indicator lamp in the process is o;

table 15 indicator light status information o

14

23

31

41

51

61

71

81

91

7) Successfully withdraw money, print the receipt

i) Withdrawal of small amount

Except the receipt lamp, each module indicates the lamp turning-off condition, if the flow node indicates the lamp state information to be p;

table 16 indicates lamp status information p

14

23

31

40

50

61

70

80

90

If the indication lamp of each module is not turned off except the receipt lamp, if the state information of the indication lamp of the flow node is q; ,

Table 17 indicating lamp status information q

14

23

31

41

51

61

70

80

90

ii) withdrawal of large amounts

Except the receipt lamp, each module indicates the lamp turning-off condition, if the flow node indicates the lamp state information as r;

table 18 indicates lamp status information r

14

23

31

40

50

61

70

80

90

Except the receipt lamp, if the indication lamp of each module is not turned off, if the state information of the indication lamp of the flow node is s;

table 19 indicator light status information s

14

23

31

41

51

61

71

81

91

According to the method for listing the state information of the flow node indicator lamps, the state information of the indicator lamps of each flow node of the card withdrawal service is listed out, the list is not one by one, the list comprises 6^9 types, a directed state diagram of all normal service flows of the card withdrawal service is generated, each circle represents a node, and the identification in the node corresponds to the state information of the flow node indicator lamps above.

The state information of the flow node indicator lamps of the normal flow of the card withdrawal service can comprise 6^9 types, so that the finally generated directed state diagram of the normal flow of the card withdrawal service is a huge network, and the complete directed state diagram S of the normal flow of the card withdrawal service is not specifically listed in the invention, as shown in fig. 3, a part of the directed state diagram of the normal flow of the card withdrawal service is taken for representation.

After the intelligent self-service equipment is formally put into use for users, auditing the service security of the card withdrawal service:

acquiring a preset business process security audit node;

running the service, recording the sequence of the flow nodes, and recording the state information of the indicator lamps positioned on each flow node;

generating a real-time state directed graph according to the sequence of the executed flow nodes and the state information of the indicator lamps of each executed flow node;

If the same path as the path of the real-time state directed graph is not found in the state directed graph of the normal business process, determining that the business process of the business does not accord with the normal business process.

Specifically, the withdrawal flow node is used as a security audit node, and if the withdrawal flow node has executed before, a real-time state directed graph is generated by the flow node, as shown in fig. 4.

Traversing the complete directed state diagram S of the normal business flow of the card withdrawal business by taking the starting point a of the directed state diagram as an initial point and the end point f of the directed state diagram as an end point, finding that the same path as the path of the directed state diagram is not found in the S, and taking security measures or terminating the business flow after the business flow is not considered to be in accordance with the normal business flow.

It should be noted that, for simplicity of description, the method embodiments are shown as a series of acts, but it should be understood by those skilled in the art that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred embodiments, and that the acts are not necessarily required by the embodiments of the invention.

Referring to fig. 5, a block diagram of a service security audit device provided in an embodiment of the present invention is shown and applied to an intelligent self-service device, where the intelligent self-service device includes at least one module, and the module is preset with an indicator light, and may specifically include the following modules:

a first recording module 501, configured to record an order of the flow nodes after the service starts to run, and record status information of the indicator lights at each flow node; the indicator light state information is used for indicating the real-time states of indicator lights of all modules when the indicator light state information is positioned at a certain flow node;

the judging module 502 is configured to judge, when a service flow is executed to a preset security audit flow node, whether the service flow of the service accords with a normal service flow of the service according to an order of the executed flow nodes and status information of an indicator light of each executed flow node;

And a processing module 503, configured to take a security measure or terminate the service flow if the service flow of the service does not conform to the normal service flow of the service.

In an alternative embodiment of the present invention, the determining module 502 includes:

In an alternative embodiment of the present invention, the generating submodule includes:

In an optional embodiment of the present invention, each module indicator light and a state of each module indicator light respectively preset a corresponding second identifier and a corresponding third identifier, and the first recording module includes:

In an alternative embodiment of the present invention, the apparatus further comprises:

In an alternative embodiment of the present invention, the processing module 503 includes:

or alternatively, the first and second heat exchangers may be,

Through the business security auditing device provided by the embodiment of the invention, the device is applied to intelligent self-service equipment, the intelligent self-service equipment comprises at least one module, the module is preset with the indicator lamps, after business starts to run, the sequence of the flow nodes is recorded, and the status information of the indicator lamps in each flow node is recorded; the indicator light state information is used for indicating the real-time states of indicator lights of all modules when the indicator light state information is positioned at a certain flow node; when a business process is executed to a preset security audit process node, judging whether the business process of the business accords with the normal business process of the business according to the sequence of the executed process nodes and the state information of an indicator lamp of each executed process node; and if the business process of the business does not accord with the normal business process of the business, adopting security measures or terminating the business process. The embodiment of the invention endows the existing module indicator lamp with a new function, so that the state change of the module indicator lamp in the service process execution process can be adopted to judge whether the service process accords with the normal service process, and under the condition of not accord with the normal service process, safety measures can be adopted or measures for stopping the service process can be adopted, thereby improving the safety of service processing.

For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.

In addition, the embodiment of the invention also provides an electronic device, as shown in fig. 6, which comprises a processor 601, a communication interface 602, a memory 603 and a communication bus 604, wherein the processor 601, the communication interface 602 and the memory 603 complete communication with each other through the communication bus 604,

a memory 603 for storing a computer program;

the processor 601 is configured to execute the program stored in the memory 603, and implement the following steps:

Optionally, the method further comprises:

judging whether the user passes identity authentication or not;

if the identity authentication fails, terminating the service flow;

or alternatively, the first and second heat exchangers may be,

The communication bus mentioned by the above terminal may be a peripheral component interconnect standard (Peripheral Component Interconnect, abbreviated as PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.

The communication interface is used for communication between the terminal and other devices.

The memory may include random access memory (Random Access Memory, RAM) or non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.

The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but also digital signal processors (Digital Signal Processing, DSP for short), application specific integrated circuits (Application Specific Integrated Circuit, ASIC for short), field-programmable gate arrays (Field-Programmable Gate Array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.

In yet another embodiment of the present invention, as shown in fig. 7, there is further provided a computer readable storage medium 701 having instructions stored therein, which when run on a computer, cause the computer to perform the business security audit method described in the above embodiment.

In yet another embodiment of the present invention, there is also provided a computer program product containing instructions that, when run on a computer, cause the computer to perform the business safety audit method described in the above embodiment.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.

It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.

The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims

1. The business security auditing method is characterized by being applied to intelligent self-service equipment, wherein the intelligent self-service equipment comprises at least one module, and the module is preset with an indicator lamp, and the method comprises the following steps:

if the business process of the business does not accord with the normal business process of the business, adopting security measures or terminating the business process;

When the business process is executed to a preset security audit process node, judging whether the business process of the business accords with the normal business process of the business according to the sequence of the executed process nodes and the state information of the indicator lamps of each executed process node, and the method comprises the following steps:

2. The method according to claim 1, wherein the step of generating a real-time status directed graph according to the order of the executed process nodes and the status information of the indicator lamps of each executed process node when the business process is executed to the preset security audit process node comprises:

3. The method of claim 1, wherein each module indicator and each module indicator status is pre-configured with a corresponding second identifier and a corresponding third identifier, respectively, and the recording indicator status information at each process node comprises:

4. The method according to claim 1, wherein the method further comprises:

5. The method according to claim 1, wherein the step of taking security measures or terminating a business process if the business process of the business does not conform to a normal business process of the business comprises:

judging whether the user passes identity authentication;

if the identity authentication fails, terminating the service flow;

or alternatively, the first and second heat exchangers may be,

6. The utility model provides a business security audit device, its characterized in that is applied to intelligent self-service equipment, intelligent self-service equipment includes at least one module, the module is preset with the pilot lamp, the device includes:

the processing module is used for taking security measures or terminating the business process if the business process of the business does not accord with the normal business process of the business;

wherein, the judging module includes:

And the judging sub-module is used for judging whether the path which is the same as the path of the real-time state directed graph exists in the state directed graph of the normal business process.

7. An electronic device comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory communicate with each other via the communication bus;

the memory is used for storing a computer program;

the processor is configured to implement the method according to any one of claims 1-5 when executing a program stored on a memory.

8. One or more computer-readable media having instructions stored thereon that, when executed by one or more processors, cause the processors to perform the method of any of claims 1-5.