CN116663067B

CN116663067B - Financial user information protection method, system, terminal equipment and storage medium

Info

Publication number: CN116663067B
Application number: CN202310947455.3A
Authority: CN
Inventors: 杨雪; 郭泽华
Original assignee: Beijing Ict Tech Technology Co ltd
Current assignee: Beijing Ict Tech Technology Co ltd
Priority date: 2023-07-31
Filing date: 2023-07-31
Publication date: 2023-10-20
Anticipated expiration: 2043-07-31
Also published as: CN116663067A

Abstract

The present application relates to the field of information security technologies, and in particular, to a method, a system, a terminal device, and a storage medium for protecting information of a financial user. If the target sensitive information class exceeds the necessary information request range corresponding to the service operation request, judging whether target service association exists between the target sensitive information classes; and if the target business association exists between the target sensitive information classes, acquiring a risk business scene corresponding to the target business association as a financial user information risk feedback report, and stopping identifying the business operation request. The method, the system, the terminal equipment and the storage medium for protecting the financial user information can improve the safety of the financial user information.

Description

Financial user information protection method, system, terminal equipment and storage medium

Technical Field

The present application relates to the field of information security technologies, and in particular, to a method, a system, a terminal device, and a storage medium for protecting information of a financial user.

Background

Digital finance is a new product, new service and new state generated by applying digital technologies such as internet, blockchain, big data, artificial intelligence and the like to the financial industry, and financial institutions such as banks, insurance companies and the like apply the digital technologies to process improvement, product innovation and the like, and refer to financial industry support or service of digital economy.

Financial Business refers to Business (Banking) transacted by a financial system, and can be divided into two types according to Business complexity and site dependence: one type is traditional service, which is mainly supported by a large number of branch networks and traffic. The other is complex business such as derivative products, structural financing, leasing, introduction of strategic investors, acquisition and merger on the market, etc. With the continuous development of information technology, digital finance business is more and more, and cloud processing of finance business is more and more mature, but the problem of user information security caused by the cloud processing is not ignored.

In practice, financial institutions often need to cooperate with various third party service providers, such as payment processing, cloud services, data analysis, and the like. However, the security of these third party services may be problematic, and if they are attacked, they may cause information of the financial user to be revealed, resulting in a decrease in the security of the information of the financial user.

Disclosure of Invention

In order to improve the safety of financial user information, the application provides a financial user information protection method, a system, terminal equipment and a storage medium.

In a first aspect, the present application provides a method for protecting financial user information, including the steps of:

Acquiring qualification related information corresponding to the third party service;

if the qualification related information accords with the safety association standard of the financial institution corresponding to the user, acquiring the user authorization item corresponding to the third party service;

if the authorization information corresponding to the user authorization item accords with a preset user sensitive information identification standard, dividing the authorization information according to the preset user sensitive information identification standard, and generating a corresponding sensitive information class;

if the service operation request relates to the sensitive information class, marking a corresponding target sensitive information class in the sensitive information class according to a request parameter corresponding to the service operation request;

if the target sensitive information class does not exceed the necessary information request range corresponding to the service operation request, judging whether the authorization strategy corresponding to the target sensitive information class is in a verification passing state or not;

if the authorization strategy corresponding to the target sensitive information class is in the verification passing state, generating a corresponding financial user information usage feedback report according to a verification record corresponding to the authorization strategy and the business operation request;

if the target sensitive information class exceeds the necessary information request range corresponding to the service operation request, judging whether target service association exists between the target sensitive information classes;

And if the target business association exists between the target sensitive information classes, acquiring a risk business scene corresponding to the target business association as a financial user information risk feedback report, and stopping identifying the business operation request.

By adopting the technical scheme, the relevant safety analysis is carried out on the qualification related information of the third party service, the safety reliability of the third party service can be ensured in advance, then the user authorization item is divided according to the preset user sensitive information identification standard, the corresponding sensitive information class is generated, so that the financial sensitive information of the user is identified and processed later, whether the target sensitive information class related to the current business operation request exceeds the necessary information request range corresponding to the business operation request is judged immediately, if the target sensitive information class does not exceed the necessary information request range corresponding to the business operation request, the current business operation request is in a normal access state, in order to record the use condition of the financial user information in real time, the corresponding verification record is generated according to the authorization strategy, and the corresponding financial user information use feedback report is generated by combining the business operation request, if the target sensitive information class exceeds the authorization item, the malicious access suspicion exists, the corresponding risk business scenario prediction feedback is made according to the target business association between the target sensitive information class corresponding to the current business operation request, and the financial user information authorization and the actual situation is combined, and the safety analysis of the financial user information is improved.

Optionally, after acquiring the qualification related information corresponding to the third party service, the method further comprises the following steps:

if the qualification related information does not accord with the safety association standard of the financial institution corresponding to the user, acquiring the latest version information corresponding to the qualification related information;

if the latest version information does not accord with the preset information security verification item, acquiring a risk evaluation value corresponding to the corresponding abnormal qualification related information;

if the risk evaluation value accords with an emergency response value standard, generating a corresponding abnormal safety association feedback report according to the abnormal qualification related information and the risk evaluation corresponding to the abnormal qualification related information;

and identifying the abnormal security association feedback report and generating a pause authorization instruction corresponding to the third party service.

By adopting the technical scheme, when the qualification information of the user does not meet the safety association standard, the system can acquire the latest version of qualification information so as to ensure the accuracy and the integrity of the information, if the latest version of information still has a safety problem, the system can acquire a risk evaluation value corresponding to the abnormal qualification related information so as to evaluate the risk degree, and if the risk evaluation value meets the emergency response value standard, the system can generate an abnormal safety association feedback report so as to remind the financial institution user of paying attention to the safety risk, and take corresponding measures, and finally, the system can identify the abnormal safety association feedback report and generate a pause authorization instruction of a third party service so as to protect the information safety of the financial user, thereby improving the safety of the financial user information.

Optionally, if the latest version information does not conform to the preset information security verification item, the method further includes the following steps after obtaining the risk evaluation value corresponding to the corresponding abnormal qualification related information:

acquiring potential safety hazard items corresponding to the abnormal qualification related information;

if the number of the potential safety hazard items is multiple, acquiring potential safety hazard evaluation scores corresponding to the potential safety hazard items according to the risk evaluation values;

setting a sorting priority and a risk potential ratio corresponding to the potential safety hazard item according to the potential risk evaluation score;

and associating the sorting priority with the risk hidden danger ratio to form a risk prediction analysis table corresponding to the abnormal qualification related information.

By adopting the technical scheme, after the system acquires the abnormal qualification related information, the potential safety hazard items are identified, the potential safety hazard evaluation scores corresponding to the potential safety hazard items are acquired according to the risk evaluation values, then the system sets the sorting priority and the risk potential safety hazard ratio of the potential safety hazard items according to the potential safety hazard evaluation scores so as to better know the importance and the risk degree of the potential safety hazard items, finally the system can associate the sorting priority and the risk potential safety hazard ratio to form a risk prediction analysis table corresponding to the abnormal qualification related information, and the risk condition and the importance of the potential safety hazard items can be clearly known through the analysis table, so that corresponding measures are taken, and the safety of financial user information is improved.

Optionally, if the target sensitive information class does not exceed the necessary information request range corresponding to the service operation request, determining whether the authorization policy corresponding to the target sensitive information class is in the verification passing state further includes the following steps:

if the authorization policy corresponding to the target sensitive information class is in a verification freezing state, acquiring an abnormal verification request item corresponding to the authorization policy;

acquiring target verification information corresponding to the abnormal verification request item;

and if the information matching degree of the target verification information does not accord with the information matching degree verification standard corresponding to the authorization policy, associating the abnormal verification request item with the target verification information to generate a corresponding abnormal verification feedback report.

By adopting the technical scheme, when the system detects that the authorization strategy corresponding to the target sensitive information class is in the verification freezing state, the fact that the target verification information input for the first time is inconsistent with the preset verification standard is indicated, if the information matching degree of the target verification information does not accord with the information matching degree verification standard corresponding to the authorization strategy on the basis, the fact that the input target verification information has larger information deviation from the preset verification standard is indicated, the current abnormal verification request item and the target verification information are associated in time, and a corresponding abnormal verification feedback report is generated, so that the safety of financial user information is improved.

Optionally, after obtaining the target verification information corresponding to the abnormal verification request item, the method further includes the following steps:

if the information matching degree of the target verification information accords with the information matching degree verification standard corresponding to the authorization policy, releasing the verification freezing state and generating a preparation verification request corresponding to the authorization policy;

and if the preliminary verification request does not pass, executing emergency protection measures corresponding to the target sensitive information class and outputting abnormal intrusion early warning information.

By adopting the technical scheme, when the system detects that the information matching degree of the target verification information accords with the information matching degree verification standard corresponding to the authorization strategy, the fact that the currently input target verification information is inconsistent with the preset verification standard due to a small error is indicated, the verification freezing state is immediately released, a preparation verification request corresponding to the authorization strategy, namely a verification relief program, is generated, if the preparation verification request does not pass, the fact that malicious access suspicion exists at present is indicated, the system immediately executes emergency protection measures corresponding to the target sensitive information type and outputs abnormal intrusion early warning information, and therefore the safety of financial user information is improved.

Optionally, if the target service association exists between the target sensitive information classes, acquiring a risk service scenario corresponding to the target service association as a financial user information risk feedback report, and stopping identifying the service operation request includes the following steps:

if the target service association exists among the target sensitive information classes, judging whether the risk service scenes corresponding to the target service association are multiple;

if the risk service scenes corresponding to the target service association are multiple, combining risk coefficients corresponding to the risk service scenes to generate a risk prediction model corresponding to the target sensitive information class as the financial user information risk feedback report.

By adopting the technical scheme, if the target business association exists among the target sensitive information classes and the target business association corresponds to a plurality of risk business scenes, in order to carry out depth analysis on risks possibly existing in the current financial user information, the risk coefficient corresponding to each risk business scene is combined to generate a risk prediction model corresponding to the target sensitive information class, and the risk influence of different risk business scenes on the target sensitive information class can be more comprehensively estimated through the risk prediction model, so that the accuracy and the comprehensiveness of financial user data risk estimation are improved.

Optionally, if the risk service scenarios corresponding to the target service association are multiple, combining risk coefficients corresponding to the risk service scenarios, and generating a risk prediction model corresponding to the target sensitive information class as the financial user information risk feedback report includes the following steps:

if the risk service scenes corresponding to the target service association are multiple, acquiring risk indication information corresponding to the risk coefficients of the risk service scenes;

if the risk indication information comprises identity risk and property risk, generating the risk prediction model corresponding to the target sensitive information class as the financial user information risk feedback report according to risk induction probability corresponding to the identity risk and the property risk.

By adopting the technical scheme, the risk prediction model corresponding to the target sensitive information class is generated according to the risk induction probability of the identity risk and the property risk corresponding to each risk service scene, the risk influence of different risk service scenes on the target sensitive information class can be predicted more accurately, the risk conditions of different service scenes can be known better, and therefore information security strategies and measures can be formulated better, and the security of financial user information protection is improved.

In a second aspect, the present application provides a financial user information protection system comprising:

the first acquisition module is used for acquiring qualification related information corresponding to the third party service;

the second acquisition module is used for acquiring the user authorization item corresponding to the third-party service if the qualification related information accords with the security association standard of the financial institution corresponding to the user;

the dividing module is used for dividing the authorization information according to the preset user sensitive information identification standard and generating a corresponding sensitive information class if the authorization information corresponding to the user authorization item accords with the preset user sensitive information identification standard;

the calibration module is used for calibrating a corresponding target sensitive information class in the sensitive information class according to a request parameter corresponding to the service operation request if the service operation request relates to the sensitive information class;

the verification analysis module is used for judging whether the authorization strategy corresponding to the target sensitive information class is in a verification passing state or not if the target sensitive information class does not exceed the necessary information request range corresponding to the service operation request;

The first information feedback module is used for generating a corresponding financial user information use feedback report according to the verification record corresponding to the authorization policy and the service operation request if the authorization policy corresponding to the target sensitive information class is in the verification passing state;

the association analysis module is used for judging whether target business association exists between the target sensitive information classes or not if the target sensitive information classes exceed the necessary information request range corresponding to the business operation request;

and the second information feedback module is used for acquiring a risk business scene corresponding to the target business association as a financial user information risk feedback report and stopping identifying the business operation request if the target business association exists between the target sensitive information classes.

By adopting the technical scheme, the relevant safety analysis is carried out on qualification related information of the third party service, the safety reliability of the third party service can be ensured in advance, then the user authorization item is divided and corresponding sensitive information classes are generated through the dividing module according to preset user sensitive information identification standards so as to identify and process financial sensitive information of a user later, whether target sensitive information classes related to the current service operation request exceed the necessary information request range corresponding to the service operation request or not is judged through the verification analysis module immediately, if the target sensitive information classes are not exceeded, the current service operation request is in a normal access state, in order to record the use condition of financial user information in real time so as to improve the use safety of the financial user information, a corresponding financial user information use feedback report is generated through the first information feedback module according to an authorization strategy, if the target sensitive information classes exceed the service operation request, in order to further accurately and effectively judge the malicious access suspicion, the correlation analysis module and the second information feedback module correspondingly judge the target service operation association between the target sensitive information classes according to the malicious access suspicion, and the corresponding service safety information is predicted according to the specific service feedback situation, and the actual safety of the financial user information is predicted, and the use safety of the current user is predicted, and the safety is improved.

In a third aspect, the present application provides a terminal device, which adopts the following technical scheme:

the terminal equipment comprises a memory and a processor, wherein the memory stores computer instructions capable of running on the processor, and the processor adopts the financial user information protection method when loading and executing the computer instructions.

By adopting the technical scheme, the computer instruction is generated by the financial user information protection method and is stored in the memory to be loaded and executed by the processor, so that the terminal equipment is manufactured according to the memory and the processor, and the use is convenient.

In a fourth aspect, the present application provides a computer readable storage medium, which adopts the following technical scheme:

a computer readable storage medium having stored therein computer instructions which, when loaded and executed by a processor, employ a financial user information protection method as described above.

By adopting the technical scheme, the computer instruction is generated by the financial user information protection method and is stored in the computer readable storage medium to be loaded and executed by the processor, and the computer instruction is convenient to read and store by the computer readable storage medium.

In summary, the present application includes at least one of the following beneficial technical effects: the relevant security analysis is carried out on qualification related information of the third party service, the security reliability of the third party service can be ensured in advance, then the user authorization item is divided according to preset user sensitive information identification standards, corresponding sensitive information classes are generated, so that the user financial sensitive information is identified and processed later, whether the target sensitive information class related to the current service operation request exceeds the necessary information request range corresponding to the service operation request is judged immediately, if the target sensitive information class does not exceed the necessary information request range corresponding to the service operation request, the current service operation request is indicated to be in a normal access state, in order to record the use condition of financial user information in real time, the use security of the financial user information is improved, the verification record corresponding to an authorization strategy is obtained, and a corresponding financial user information use feedback report is generated by combining with the service operation request, if the target sensitive information class exceeds the target sensitive information class, in order to further accurately and effectively pre-judge the malicious access suspicion, the corresponding risk service scene prediction feedback is carried out according to the target service association between the target sensitive information classes corresponding to the current service operation request, and the corresponding security analysis and the financial user information is carried out according to the authorization of the current service operation request and the actual situation of the current application scene, and the use security analysis of the financial user information is improved accordingly.

Drawings

Fig. 1 is a flowchart of steps S101 to S108 in a method for protecting financial user information according to the present application.

Fig. 2 is a flowchart illustrating steps S201 to S204 in the method for protecting financial user information according to the present application.

Fig. 3 is a flowchart illustrating steps S301 to S304 in the method for protecting financial user information according to the present application.

Fig. 4 is a flowchart illustrating steps S401 to S403 in the method for protecting financial user information according to the present application.

Fig. 5 is a flowchart illustrating steps S501 to S502 in the method for protecting financial user information according to the present application.

Fig. 6 is a flowchart illustrating steps S601 to S602 in the method for protecting financial user information according to the present application.

Fig. 7 is a flowchart illustrating steps S701 to S702 in a method for protecting financial user information according to the present application.

FIG. 8 is a block diagram of a financial user information protection system according to the present application.

Reference numerals illustrate:

1. a first acquisition module; 2. a first acquisition module; 3. dividing the module; 4. a calibration module; 5. a verification analysis module; 6. a first information feedback module; 7. a correlation analysis module; 8. and the second information feedback module.

Detailed Description

The application is described in further detail below with reference to fig. 1-8.

The embodiment of the application discloses a financial user information protection method, as shown in fig. 1, comprising the following steps:

s101, acquiring qualification related information corresponding to a third party service;

s102, if the qualification related information accords with the safety association standard of the financial institution corresponding to the user, acquiring a user authorization item corresponding to the third party service;

s103, if the authorization information corresponding to the user authorization item accords with the preset user sensitive information identification standard, dividing the authorization information according to the preset user sensitive information identification standard, and generating a corresponding sensitive information class;

s104, if the service operation request relates to the sensitive information class, marking a corresponding target sensitive information class in the sensitive information class according to a request parameter corresponding to the service operation request;

s105, if the target sensitive information class does not exceed the necessary information request range corresponding to the service operation request, judging whether the authorization strategy corresponding to the target sensitive information class is in a verification passing state or not;

s106, if the authorization strategy corresponding to the target sensitive information class is in a verification passing state, generating a corresponding financial user information use feedback report according to a verification record corresponding to the authorization strategy and a service operation request;

S107, if the target sensitive information classes exceed the necessary information request range corresponding to the service operation request, judging whether target service association exists between the target sensitive information classes;

s108, if target service association exists between the target sensitive information classes, acquiring a risk service scene corresponding to the target service association as a financial user information risk feedback report, and stopping identifying the service operation request.

In steps S101 to S102, the third party service is a mechanism that provides support and services for a financial institution or a financial product independently of a service provider other than the financial institution. These third party service institutions often have specialized technology, resources and experience that can provide more efficient, convenient, and safe services to financial institutions, while also providing more diverse, personalized financial products and services to users.

For example, payment services: third party payment mechanisms such as payment treasures, weChat payment, unionpay online and the like provide online payment, account transfer, recharging and other services for users; credit investigation service: and the third-party credit investigation institutions such as the pedestrian credit investigation center, the hundred-degree credit investigation and the vacation credit investigation provide personal credit record inquiry, evaluation and other services for the financial institutions.

The qualification related information corresponding to the third party service refers to related qualification and authentication information which the third party service organization needs to have for providing the specific service, and is used for proving that the third party service organization has the capability and legality of providing the corresponding service. For example, the qualification-related information includes a license, an authentication, and a qualification certificate, and a web site formula.

Secondly, the security association standard of the user corresponding to the financial institution refers to the security standard and specification formulated by the financial institution for ensuring the information security and rights of the user and cooperating with the third party service institution. These standards and specifications are typically self-established by the financial institution or referenced to related industry standards for ensuring that third party service institutions meet the financial institution's safety and compliance requirements when acquiring user information.

For example, if the qualification-related information of a third party service entity meets the security association criteria of the user's corresponding financial entity, the user may choose to authorize the third party service entity to obtain its related information at the financial entity, such as account balance, transaction records, etc., on an authorization page of the financial entity. After the user is authorized, the third-party service mechanism can acquire the related information of the user in the financial mechanism through interfaces and the like so as to provide better service.

In step S103, the preset user sensitive information identification standard refers to a sensitive information standard and specification related to the user authorization information formulated by the financial institution for guaranteeing the user information security and rights.

Specifically, the preset user-sensitive information identification criteria generally include the following aspects: the sensitive information category, preset user sensitive information identification standard need to define different sensitive information categories, such as personal identity information, financial information, transaction information and the like; the sensitive information identification standard is preset, and the standard and method for explicitly identifying the sensitive information are required for the user sensitive information identification standard, for example, identification is performed according to the content, format, source and the like of the information; the sensitive information protection measures, namely presetting user sensitive information identification standards, require protection measures for defining different sensitive information categories, such as encryption storage, access control, audit monitoring and the like; the sensitive information management specification, the preset user sensitive information identification standard needs to define the management specification of the sensitive information, such as authorization management, access audit, data backup and the like.

Secondly, the sensitive information class refers to classifying the user authorization information into different sensitive information classes according to preset user sensitive information identification standards. Different classes of sensitive information require different protective measures to be taken to ensure the security and integrity of the user's sensitive information.

For example, the user authorization information may be classified into different sensitive information classes according to the preset user sensitive information identification criteria. Such as personal identification information, financial information, transaction information, and the like. For different sensitive information categories, different protection measures may be taken. Such as encryption storage, access control, audit monitoring, etc., to ensure the security and integrity of user sensitive information. It should be noted that the preset user sensitive information identification standard needs to be formulated and adjusted according to the actual situation so as to adapt to different service scenes and risk levels.

In step S104, the service operation request refers to a sensitive information class that needs to be used when the service system executes the corresponding specific service operation, and the target sensitive information class refers to a sensitive information class corresponding to the specific request parameter corresponding to the service operation request.

For example, when evaluating the assets of a financial user, it is necessary to use the asset status information of the user, that is, the corresponding sensitive information class is an asset information class, and specifically, it is necessary to use the annual asset profit and loss, the asset fluctuation period, and the asset usage condition, that is, the target sensitive information class corresponding to the current asset information class, in the asset status information.

In steps S105 to S106, in order to ensure the security of the target sensitive information class during use, authorization management is required for accessing and using the sensitive information, and only authorized users or systems can access and use the sensitive information.

The authorization policy is an authorization rule formulated by a pointer for a certain sensitive information category, and comprises an authorization object, an authorization mode, an authorization time and the like. The verification passing state of the authorization policy indicates that the authorization policy has been verified, and the authorization object conforms to the authorization rule and can access and use sensitive information. For example, the current business operation request requires the total asset status information of the user, and then the corresponding authorization policy is face verification.

Therefore, if the target sensitive information class does not exceed the necessary information request range corresponding to the service operation request, it is indicated that the target sensitive information class corresponding to the current service operation request belongs to the normal verification flow rule, and in order to perform real-time security monitoring on access and use of the target sensitive information class, it is determined whether the authorization policy corresponding to the target sensitive information class is in a verification passing state.

Further, if the authorization policy is verified, the service operation request can be continuously processed, that is, after the service system processes a service operation request, whether the request meets the authorization specification can be judged according to the sensitive information category related to the request and the corresponding authorization policy. If the information is in accordance with the authorization policy, the use condition of the request, including information such as use time, use personnel, use purpose and the like, can be recorded according to the verification record corresponding to the authorization policy. Meanwhile, according to the result of the business operation request, a financial user information use feedback report can be generated, and the processing result and the use condition of the request are fed back to related personnel.

Furthermore, if the authorization policy verification is not passed, the service operation request needs to be refused, so that the sensitive information is prevented from being accessed and used by unauthorized users or systems, and the security and confidentiality of the sensitive information are ensured.

In steps S107 to S108, if the target sensitive information class exceeds the necessary information request range required by the service operation request, it is indicated that there is a malicious access suspicion currently. For example, if the current business operation request is to access the identity information of the financial user, and the actually corresponding target sensitive information class includes the home address, the family member information, the personal identity information and the asset storage mechanism of the financial user, it may be determined that the current target sensitive information class exceeds the necessary information request range corresponding to the business operation request.

Further, in order to perform risk assessment on the information security possibly caused by the above situation, it is determined whether there is a target service association between the target sensitive information classes, where the target service association refers to a service risk association existing between the target sensitive information classes. For example, the target sensitive information is personal identity information and an asset storage mechanism, and the risk of leakage occurs in the personal identity information and the asset storage mechanism simultaneously, which may cause the risk of losing funds of the financial users.

And secondly, if business association exists, acquiring a corresponding risk business scene as a financial user information risk feedback report. The method aims to timely find and correct possible risks and potential safety hazards and guarantee the safety and confidentiality of financial user information. Meanwhile, in order to reduce the risk and potential safety hazard which may exist, the identification business operation request needs to be stopped so as to ensure the safety and confidentiality of the financial user information. Therefore, the leakage and abuse of sensitive information can be effectively prevented, and the safety and confidentiality of the information of the financial user are ensured.

According to the financial user information protection method, relevant safety analysis is carried out on qualification related information of the third-party service, the safety reliability of the third-party service can be ensured in advance, then a user authorization item is divided according to preset user sensitive information identification standards, corresponding sensitive information classes are generated, so that financial sensitive information of a user can be identified and processed later, whether target sensitive information classes related to a current business operation request exceed the range of necessary information requests corresponding to the business operation request is judged immediately, if the target sensitive information classes are not exceeded, the current business operation request is in a normal access state, in order to record the use condition of financial user information in real time to improve the use safety of the financial user information, verification records corresponding to authorization strategies are generated according to the authorization strategies, and a corresponding financial user information use feedback report is generated according to the business operation request, if the target sensitive information classes are exceeded, the current business operation request is subjected to malicious access suspicion, corresponding risk scene prediction feedback is made according to target business association among the target sensitive information classes corresponding to the current business operation request, and the actual safety analysis and the financial user safety is improved due to the fact that authorization of the user information is combined with the authorization condition of the current business operation request and the current application scene.

In one implementation manner of this embodiment, as shown in fig. 2, after step S101, that is, after acquiring the qualification related information corresponding to the third party service, the method further includes the following steps:

s201, if the qualification related information does not accord with the safety association standard of the financial institution corresponding to the user, acquiring the latest version information corresponding to the qualification related information;

s202, if the latest version information does not accord with a preset information security verification item, acquiring a risk evaluation value corresponding to the corresponding abnormal qualification related information;

s203, if the risk evaluation value accords with the emergency response value standard, generating a corresponding abnormal safety association feedback report according to the abnormal qualification related information and the risk evaluation corresponding to the abnormal qualification related information;

s204, identifying an abnormal security association feedback report, and generating a pause authorization instruction corresponding to the third party service.

In step S201 to step S202, if the qualification related information does not meet the security association standard of the financial institution corresponding to the user, it is indicated that the update of the qualification related information of the current third party service may not be timely and the identification may fail.

Further, the latest version information corresponding to the qualification related information is obtained, so that the compared and analyzed qualification information can be ensured to be latest, and the use of outdated or wrong information is reduced, thereby improving the accuracy and reliability of the information.

The preset information security verification items refer to some preset security verification items aiming at information security management of the third party service when the financial institution cooperates with the third party service, and the preset information security verification items are used for verifying whether the third party service meets security requirements. If the latest version information corresponding to the current qualification related information does not meet the preset information security verification item, the fact that the corresponding qualification information of the current third party service does not meet the security association standard corresponding to the financial institution is indicated, and in order to perform risk assessment on the abnormal qualification related information, which does not meet the security association standard, of the third party, a risk assessment value corresponding to the corresponding abnormal qualification related information is obtained. The risk evaluation value is obtained by evaluating and analyzing qualification information of the third-party service provider.

For example, failure of a data center or server of a third party service to meet security requirements of a financial institution, i.e., security association standards, such as physical security, network security, etc., may easily result in leakage or attack of financial user information.

For another example, the risk evaluation value corresponding to the data center or the server may be calculated by: determining an evaluation index, and determining the evaluation index such as physical security, network security and the like according to the security association standard; the weight of each evaluation index is determined according to the importance and the influence degree of the evaluation index; the evaluation index score is used for scoring each evaluation index according to the actual situation of a data center or a server of the third-party service provider to obtain the score of each evaluation index; the weighted score is obtained by multiplying the score of each evaluation index by the corresponding weight of the evaluation index; the total score is obtained by adding the weighted scores of all the evaluation indexes, and the total score of the third party service business data center or the server is obtained; risk assessment values, the risk assessment values of the data center or server of the third party service are classified into different levels, such as high risk, medium risk, low risk, etc., according to the total score.

In steps S203 to S204, the emergency response value standard refers to a set of emergency response levels and corresponding emergency response measures formulated according to the severity and the scope of influence of the event, when the information security event occurs, that is, the risk evaluation value corresponding to the abnormal qualification related information exceeds the preset risk response threshold.

The emergency response measures can be that corresponding abnormal safety association feedback reports are generated according to the abnormal qualification related information and risk evaluation corresponding to the abnormal qualification related information to provide corresponding safety suggestions and measures for financial institutions so as to ensure the safety and confidentiality of user information. The risk evaluation is performed by a pointer on the abnormal qualification related information. For example, risk assessment is a detailed description of abnormal qualification related information, such as expiration of a certificate, illegal certificate, etc.

Further, in order to timely secure the current financial user information, after the system identifies the abnormal security association feedback report, a pause authorization instruction corresponding to the third party service is generated, namely, the association of authorization information between the history and the third party service is interrupted.

According to the financial user information protection method provided by the embodiment, after the system acquires the abnormal qualification related information, the potential safety hazard items are identified, the potential safety hazard evaluation scores corresponding to the potential safety hazard items are acquired according to the risk evaluation values, then the system sets the sorting priority and the risk potential duty ratio of the potential safety hazard items according to the potential safety hazard evaluation scores so as to better know the importance and the risk degree of the potential safety hazard items, finally the system can associate the sorting priority and the risk potential duty ratio to form a risk prediction analysis table corresponding to the abnormal qualification related information, and through the analysis table, the risk condition and the importance of the potential safety hazard items can be clearly known, so that corresponding measures are taken, and the safety of financial user information is improved.

In one implementation manner of this embodiment, as shown in fig. 3, in step S201, if the qualification related information does not meet the security association standard of the financial institution corresponding to the user, the method further includes the following steps after obtaining the latest version information corresponding to the qualification related information:

s301, acquiring potential safety hazard items corresponding to abnormal qualification related information;

s302, if the number of potential safety hazard items is multiple, acquiring potential safety hazard evaluation scores corresponding to the potential safety hazard items according to the risk evaluation values;

s303, setting the sorting priority and the risk potential ratio of corresponding potential safety hazard items according to the potential risk evaluation score;

s304, associating the sorting priority and the risk hidden danger ratio to form a risk prediction analysis table corresponding to the abnormal qualification related information.

In steps S301 to S302, the term of safety hazard refers to that a safety problem or a potential safety risk is found when safety evaluation is performed on abnormal qualification. For example, security policies are improper: the security policy in the system is improperly set, such as insufficient password strength, relaxed authority control and the like, which easily causes security problems.

Further, if the number of the current potential safety hazard items is multiple, in order to analyze the multiple potential safety hazard items more intuitively, potential safety hazard evaluation scores corresponding to the potential safety hazard items are obtained according to the risk evaluation values.

The risk evaluation value refers to a comprehensive evaluation value obtained after performing risk evaluation on the abnormal qualification, and is used for evaluating the safety risk degree of the abnormal qualification. And according to the risk evaluation value, each potential safety hazard item can be scored to obtain a corresponding potential safety hazard evaluation score so as to determine the risk degree and priority of each potential safety hazard item. For example, security evaluation is performed on a network system of an enterprise, and a plurality of potential safety hazard items such as system loopholes, improper security policies, data leakage and the like are found. And (3) scoring each potential safety hazard item according to the risk evaluation value to obtain a system vulnerability potential safety hazard evaluation score of 80 points, a potential safety hazard evaluation score of 70 points due to improper safety strategies and a potential data leakage potential safety hazard evaluation score of 90 points. According to the scoring result, the data leakage can be determined to be the most serious potential safety hazard item, and the potential safety hazard item needs to be preferentially solved.

In step S303 to step S304, the sorting priority refers to sorting the potential safety hazard items according to the potential safety hazard evaluation scores, and determining the priority resolution order of the potential safety hazard items. The risk potential ratio refers to the risk potential ratio of each safety potential item to the whole abnormal qualification, and is used for evaluating the importance and influence degree of each safety potential item.

For example, the security evaluation is performed on the network system of an enterprise, and the system vulnerability score is 80 points, the security policy misscore is 70 points and the data leakage score is 90 points are obtained according to the hidden danger evaluation score. According to the scoring result, the sorting priority can be set as follows: the data leakage is larger than the system loophole, and the system loophole is larger than the improper security policy. Meanwhile, the risk hidden danger ratio of each potential safety hazard item can be calculated, the data leakage accounts for 40% of the total risk hidden danger, the system loopholes account for 35% of the total risk hidden danger, and the security policy is improper and accounts for 25% of the total risk hidden danger. According to the sorting priority and the risk hidden danger ratio, a risk prediction analysis table corresponding to the abnormal qualification related information can be formed. The risk prediction analysis table can be used for evaluating the safety risk degree of abnormal qualification and determining the priority resolution sequence and importance of each potential safety hazard item.

In one implementation manner of this embodiment, as shown in fig. 4, in step S105, if the target sensitive information class does not exceed the necessary information request range corresponding to the service operation request, the determining whether the authorization policy corresponding to the target sensitive information class is in the verification passing state further includes the following steps:

s401, if the authorization policy corresponding to the target sensitive information class is in a verification freezing state, acquiring an abnormal verification request item corresponding to the authorization policy;

s402, acquiring target verification information corresponding to an abnormal verification request item;

s403, if the information matching degree of the target verification information does not accord with the information matching degree verification standard corresponding to the authorization strategy, associating the abnormal verification request item with the target verification information, and generating a corresponding abnormal verification feedback report.

In step S401 to step S402, if the authorization policy corresponding to the target sensitive information class is in the verification frozen state, in order to perform record analysis on the current abnormal verification process, the target verification information in the abnormal verification request item corresponding to the current authorization policy is obtained, and analysis is performed on the current target verification information to determine whether the information matching degree meets the information matching degree verification standard corresponding to the authorization policy.

The target verification information corresponding to the abnormal verification request item refers to target information of the request for authorization verification, which is proposed by the user when normal authorization verification cannot be performed. Such target information may include user identification information, access passwords, permissions, etc., and needs to be matched with information required by the authorization policy to ensure the security and validity of the authorization.

For example, the abnormal verification request item is an input face image, the corresponding target verification information is a face feature, then the currently input face feature and the information matching degree verification standard corresponding to the authorization policy are subjected to comparison analysis, and the current information matching degree verification standard is a preset face recognition feature standard.

In step S403, if the information matching degree of the target verification information does not meet the information matching degree verification standard corresponding to the authorization policy, in order to timely feed back the abnormal authorization verification process, the current abnormal verification request item and the target verification information are associated, and a corresponding abnormal verification feedback report is generated. For example, the abnormal verification request item is face recognition, the target verification information is face feature comparison, and the abnormal verification feedback report further includes analysis of reasons why the information matching degree of the target verification information does not meet the information matching degree verification standard corresponding to the authorization policy, for example, the face feature comparison is abnormal due to light reasons.

According to the financial user information protection method provided by the embodiment, when the system detects that the authorization strategy corresponding to the target sensitive information is in the verification freezing state, the fact that the target verification information input for the first time is inconsistent with the preset verification standard is indicated, if the information matching degree of the target verification information on the basis is inconsistent with the information matching degree verification standard corresponding to the authorization strategy, the fact that the input target verification information has larger information deviation from the preset verification standard is indicated, the current abnormal verification request item and the target verification information are associated in time, and a corresponding abnormal verification feedback report is generated, so that the safety of financial user information is improved.

In one implementation manner of the present embodiment, as shown in fig. 5, after step S402, that is, after obtaining the target verification information corresponding to the abnormal verification request item, the method further includes the following steps:

s501, if the information matching degree of the target verification information accords with the information matching degree verification standard corresponding to the authorization policy, the verification freezing state is relieved, and a preparation verification request corresponding to the authorization policy is generated;

s502, if the preliminary verification request fails, emergency protection measures corresponding to the target sensitive information class are executed, and abnormal intrusion early warning information is output.

In step S501 to step S502, if the information matching degree of the current target verification information meets the information matching degree verification standard corresponding to the authorization policy, it is indicated that the current target verification information has a slight error. For example, the information matching degree verification standard specifies that the number of input passwords matches a preset number, and then it is determined that the information matching degree of the current target verification information matches the information matching degree verification standard corresponding to the authorization policy.

In order to improve the fault tolerance of the target sensitive information class, a corresponding verification relief program is set, namely, the current verification freezing state is relieved, and a preparation verification request corresponding to the authorization strategy is generated. For example, if the number of currently input passwords matches the preset number, but the preset passwords are not completely consistent, then the frozen state of verification is released, that is, the password is allowed to be input again, and a preliminary verification request corresponding to the authorization policy is generated, that is, the input is allowed for 3 times.

And if the preliminary verification request fails, the system can execute emergency protection measures corresponding to the target sensitive information, such as locking a user account, prohibiting user access and the like, and output abnormal intrusion early warning information so as to ensure the safety of the system.

According to the financial user information protection method provided by the embodiment, when the system detects that the information matching degree of the target verification information accords with the information matching degree verification standard corresponding to the authorization strategy, the fact that the currently input target verification information is inconsistent with the preset verification standard due to a small error is indicated, the verification freezing state is immediately released, a preparation verification request corresponding to the authorization strategy, namely a verification relief program, is generated, if the preparation verification request does not pass, the fact that malicious access suspicion exists at present is indicated, emergency protection measures corresponding to the target sensitive information type are immediately executed by the system, abnormal intrusion early warning information is output, and therefore the safety of the financial user information is improved.

In one implementation manner of the present embodiment, as shown in fig. 6, step S108, that is, if there is a target service association between target sensitive information classes, acquires a risk service scenario corresponding to the target service association as a financial user information risk feedback report, and stops identifying a service operation request includes the following steps:

s601, judging whether a plurality of risk service scenes corresponding to target service association exist or not if target service association exists among target sensitive information classes;

S602, if a plurality of risk service scenes corresponding to the target service association are provided, combining risk coefficients corresponding to the risk service scenes to generate a risk prediction model corresponding to the target sensitive information class as a financial user information risk feedback report.

In steps S601 to S602, if there is a business association between the target sensitive information classes, it is indicated that there is a certain association between these information classes, which may affect risk assessment. Therefore, it is necessary to determine whether there are multiple corresponding risk service scenarios, where the risk service scenarios refer to risk consequences that may be caused by the existence of the service association target sensitive information class between the risk service scenarios.

If the current target business association is analyzed by the system to correspond to a plurality of risk business scenes, risk coefficients of all risk business scenes can be combined, and a risk prediction model corresponding to the target sensitive information class is generated to serve as a financial user information risk feedback report. The risk coefficient refers to a quantitative indicator of the risk hazard degree corresponding to the risk service scene, that is, the greater the risk coefficient is, the more serious the risk hazard degree corresponding to the risk service scene is, and the risk prediction model may be a histogram of the risk coefficient corresponding to each risk service scene.

For example, a user needs to provide sensitive information such as personal identification number, bank card number, mobile phone number, etc. when using a certain financial product. There is a business association between this information and the bank card number and the cell phone number can be used to verify the identity of the user. When performing risk assessment, it is necessary to determine whether the corresponding risk service scenario is multiple.

Further, if a plurality of risk service scenes exist, risk coefficients of all scenes are combined, and a risk prediction model corresponding to the target sensitive information class is generated to serve as a financial user information risk feedback report. For example, if the user's bank card number and cell phone number are stolen, they may result in a loss of funds for the user, and thus the risk factor for both of these information is high.

According to the financial user information protection method provided by the embodiment, if the target business association exists among the target sensitive information classes and corresponds to a plurality of risk business scenes, in order to conduct deep analysis on risks possibly existing in the current financial user information, risk prediction models corresponding to the target sensitive information classes are generated by combining risk coefficients corresponding to the current risk business scenes, risk influences of different risk business scenes on the target sensitive information classes can be estimated more comprehensively through the risk prediction models, and therefore accuracy and comprehensiveness of financial user data risk estimation are improved.

In one implementation manner of the present embodiment, as shown in fig. 7, in step S602, if the risk service scenarios corresponding to the target service association are multiple, combining risk coefficients corresponding to each risk service scenario, and generating a risk prediction model corresponding to the target sensitive information class as a financial user information risk feedback report includes the following steps:

s701, if a plurality of risk service scenes corresponding to the target service association are obtained, risk indication information of risk coefficients corresponding to the risk service scenes is obtained;

s702, if the risk indication information comprises identity risk and property risk, a risk prediction model corresponding to target sensitive information class is generated as a financial user information risk feedback report according to risk induction probability corresponding to the identity risk and property risk.

In step S701 to step S702, if the risk service scenarios corresponding to the target service association are multiple, it is explained that the sensitive information of the user may be affected by multiple aspects, and the risk coefficients of the respective scenarios need to be comprehensively considered.

The risk indication information refers to financial user information related to a specific risk type, for example, a risk business scenario is leakage of an asset use condition, and corresponding risk indication information is asset condition information of a user in financial user information.

Secondly, if the risk indication information comprises identity risk and property risk, the current risk service scene is indicated to relate to the identity and property information security of the financial user, and a risk prediction model corresponding to the target sensitive information class can be generated as a financial user information risk feedback report according to risk induction probability corresponding to the identity risk and property risk.

For example, when a certain user uses a certain financial product, sensitive information such as a personal identification card number, a bank card number, a mobile phone number and the like needs to be provided, and it is known that business association exists between the information, that is, the bank card number and the mobile phone number can be used for verifying the identity of the user, and the theft of the identification card number of the user may cause the fund loss of the user, so that the identity risk and the property risk of the financial user are involved, and then a risk prediction model of the target sensitive information type is generated as a financial user information risk feedback report according to risk induction probability of the identity risk and the property risk.

The risk induction probability can be obtained through statistics through records of actual loss of sensitive information histories such as a current personal identification card number, a bank card number, a mobile phone number and the like when financial transaction activities are carried out, and the corresponding risk prediction model can be a cake-shaped analysis chart of the risk induction probability corresponding to each target sensitive information type.

According to the financial user information protection method provided by the embodiment, the risk prediction model corresponding to the target sensitive information class is generated according to the risk induction probability of the identity risk and the property risk corresponding to each risk service scene, so that the risk influence of different risk service scenes on the target sensitive information class can be predicted more accurately, the risk conditions of different service scenes can be known better, the information security policy and measures can be formulated better, and the security of the financial user information protection is improved.

The embodiment of the application discloses a financial user information protection system, as shown in fig. 8, comprising:

the first acquisition module 1 is used for acquiring qualification related information corresponding to the third party service;

the second acquisition module 2 is used for acquiring a user authorization item corresponding to the third party service if the qualification related information accords with the security association standard of the financial institution corresponding to the user;

the division module 3 is used for dividing the authorization information according to the preset user sensitive information identification standard and generating a corresponding sensitive information class if the authorization information corresponding to the user authorization item accords with the preset user sensitive information identification standard;

The calibration module 4 is used for calibrating a corresponding target sensitive information class in the sensitive information classes according to the request parameters corresponding to the service operation request if the service operation request relates to the sensitive information class;

the verification analysis module 5 is used for judging whether the authorization strategy corresponding to the target sensitive information class is in a verification passing state or not if the target sensitive information class does not exceed the necessary information request range corresponding to the service operation request;

the first information feedback module 6 is used for generating a corresponding financial user information use feedback report according to the verification record corresponding to the authorization strategy and the business operation request if the authorization strategy corresponding to the target sensitive information class is in the verification passing state;

the association analysis module 7 is used for judging whether target business association exists between the target sensitive information classes if the target sensitive information classes exceed the necessary information request range corresponding to the business operation request;

and the second information feedback module 8 is used for acquiring a risk business scene corresponding to the target business association as a financial user information risk feedback report and stopping identifying the business operation request if the target business association exists between the target sensitive information classes.

According to the financial user information protection system provided by the embodiment, the relevant safety analysis is carried out on the qualification related information of the third-party service, the safety reliability of the third-party service can be ensured in advance, then the user authorization item is divided and corresponding sensitive information classes are generated through the dividing module 3 according to preset user sensitive information identification standards so as to identify and process the financial sensitive information of the user later, then whether the target sensitive information class related to the current service operation request exceeds the necessary information request range corresponding to the service operation request or not is judged through the verification analysis module 5, if the target sensitive information class does not exceed the necessary information request range corresponding to the service operation request, the current service operation request is in a normal access state, in order to record the use condition of the financial user information in real time so as to improve the use safety of the financial user information, a corresponding financial user information use feedback report is generated through the first information feedback module 6 according to the verification record corresponding to an authorization strategy, if the target sensitive information class exceeds the target sensitive information class, the target sensitive information class related to the current service operation request is judged accurately and effectively, the correlation analysis module 7 and the second information feedback module 8 are used for making a specific service prediction according to the target sensitive information class corresponding to the current service operation request, and the actual service safety information is predicted, and the practical safety of the financial user information is predicted, and the current user safety is predicted due to the fact that the service information is combined.

It should be noted that, the system for protecting financial user information provided in the embodiment of the present application further includes each module and/or corresponding sub-module corresponding to the logic function or logic step of any one of the foregoing method for protecting financial user information, so that the same effect as each logic function or logic step is achieved, and detailed descriptions thereof are omitted herein.

The embodiment of the application also discloses a terminal device which comprises a memory, a processor and computer instructions stored in the memory and capable of running on the processor, wherein when the processor executes the computer instructions, any one of the financial user information protection methods in the embodiment is adopted.

The terminal device may be a computer device such as a desktop computer, a notebook computer, or a cloud server, and the terminal device includes, but is not limited to, a processor and a memory, for example, the terminal device may further include an input/output device, a network access device, a bus, and the like.

The processor may be a Central Processing Unit (CPU), or of course, according to actual use, other general purpose processors, digital Signal Processors (DSP), application Specific Integrated Circuits (ASIC), ready-made programmable gate arrays (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc., and the general purpose processor may be a microprocessor or any conventional processor, etc., which is not limited in this respect.

The memory may be an internal storage unit of the terminal device, for example, a hard disk or a memory of the terminal device, or an external storage device of the terminal device, for example, a plug-in hard disk, a Smart Memory Card (SMC), a secure digital card (SD), or a flash memory card (FC) provided on the terminal device, or the like, and may be a combination of the internal storage unit of the terminal device and the external storage device, where the memory is used to store computer instructions and other instructions and data required by the terminal device, and the memory may be used to temporarily store data that has been output or is to be output, which is not limited by the present application.

Any one of the financial user information protection methods in the embodiments is stored in the memory of the terminal device through the terminal device, and is loaded and executed on the processor of the terminal device, so that the terminal device is convenient to use.

The embodiment of the application also discloses a computer readable storage medium, and the computer readable storage medium stores computer instructions, wherein when the computer instructions are executed by a processor, any one of the financial user information protection methods in the embodiment is adopted.

The computer instructions may be stored in a computer readable medium, where the computer instructions include computer instruction codes, where the computer instruction codes may be in a source code form, an object code form, an executable file form, or some middleware form, etc., and the computer readable medium includes any entity or device capable of carrying the computer instruction codes, a recording medium, a usb disk, a mobile hard disk, a magnetic disk, an optical disk, a computer memory, a read-only memory (ROM), a Random Access Memory (RAM), an electrical carrier signal, a telecommunication signal, a software distribution medium, etc., where the computer readable medium includes but is not limited to the above components.

Any of the financial user information protection methods in the above embodiments is stored in the computer readable storage medium through the present computer readable storage medium, and is loaded and executed on a processor, so as to facilitate storage and application of the method.

The above embodiments are not intended to limit the scope of the present application, so: all equivalent changes in structure, shape and principle of the application should be covered in the scope of protection of the application.

Claims

1. The financial user information protection method is characterized by comprising the following steps of:

if the authorization policy corresponding to the target sensitive information class is in a verification freezing state, acquiring an abnormal verification request item corresponding to the authorization policy, acquiring target verification information corresponding to the abnormal verification request item, and if the information matching degree of the target verification information does not accord with the information matching degree verification standard corresponding to the authorization policy, associating the abnormal verification request item and the target verification information, and generating a corresponding abnormal verification feedback report;

2. The method for protecting financial user information according to claim 1, further comprising the steps of, after obtaining the qualification-related information corresponding to the third party service:

3. The method for protecting financial user information according to claim 2, further comprising the steps of, after obtaining a risk evaluation value corresponding to the corresponding abnormal qualification-related information if the latest version information does not conform to a preset information security verification item:

4. The method for protecting financial user information according to claim 1, further comprising the steps of, after obtaining the target verification information corresponding to the abnormal verification request item:

5. The method according to claim 1, wherein if the target service association exists between the target sensitive information classes, acquiring a risk service scenario corresponding to the target service association as a financial user information risk feedback report, and stopping identifying the service operation request includes the following steps:

6. The method of claim 5, wherein if the risk service scenarios corresponding to the target service association are plural, generating a risk prediction model corresponding to the target sensitive information class as the risk feedback report of the financial user information by combining risk coefficients corresponding to the risk service scenarios includes the following steps:

7. A financial user information protection system, comprising:

the first acquisition module (1) is used for acquiring qualification related information corresponding to the third party service;

the second acquisition module (2) is used for acquiring a user authorization item corresponding to the third-party service if the qualification related information accords with the security association standard of the financial institution corresponding to the user;

The dividing module (3) is used for dividing the authorization information according to the preset user sensitive information identification standard and generating a corresponding sensitive information class if the authorization information corresponding to the user authorization item accords with the preset user sensitive information identification standard;

the calibration module (4) is used for calibrating a corresponding target sensitive information class in the sensitive information classes according to a request parameter corresponding to the service operation request if the service operation request relates to the sensitive information class;

the verification analysis module (5) is used for judging whether the authorization strategy corresponding to the target sensitive information class is in a verification passing state or not if the target sensitive information class does not exceed the necessary information request range corresponding to the service operation request, acquiring an abnormal verification request item corresponding to the authorization strategy if the authorization strategy corresponding to the target sensitive information class is in a verification freezing state, acquiring target verification information corresponding to the abnormal verification request item, and associating the abnormal verification request item and the target verification information to generate a corresponding abnormal verification feedback report if the information matching degree of the target verification information does not accord with the information matching degree verification standard corresponding to the authorization strategy;

The first information feedback module (6) is used for generating a corresponding financial user information use feedback report according to the verification record corresponding to the authorization policy and the service operation request if the target sensitive information class is in the verification passing state corresponding to the authorization policy;

the association analysis module (7), if the target sensitive information class exceeds the necessary information request range corresponding to the service operation request, the association analysis module (7) is used for judging whether target service association exists between the target sensitive information classes;

and the second information feedback module (8) is used for acquiring a risk business scene corresponding to the target business association as a financial user information risk feedback report and stopping identifying the business operation request if the target business association exists between the target sensitive information classes.

8. A terminal device comprising a memory and a processor, wherein the memory has stored therein computer instructions executable on the processor, and wherein the processor, when loaded and executing the computer instructions, employs a financial user information protection method according to any one of claims 1 to 6.

9. A computer readable storage medium having stored therein computer instructions which, when loaded and executed by a processor, employ a method of protecting financial user information as claimed in any one of claims 1 to 6.