SG11201900533RA - Method and device for controlling service operation risk - Google Patents

Method and device for controlling service operation risk

Info

Publication number
SG11201900533RA
SG11201900533RA SG11201900533RA SG11201900533RA SG11201900533RA SG 11201900533R A SG11201900533R A SG 11201900533RA SG 11201900533R A SG11201900533R A SG 11201900533RA SG 11201900533R A SG11201900533R A SG 11201900533RA SG 11201900533R A SG11201900533R A SG 11201900533RA
Authority
SG
Singapore
Prior art keywords
service
service operation
user
offline
offline service
Prior art date
Application number
SG11201900533RA
Inventor
Jupeng Xia
Caiwei Li
Xi Gu
Bao Jiang
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Publication of SG11201900533RA publication Critical patent/SG11201900533RA/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Health & Medical Sciences (AREA)
  • Social Psychology (AREA)
  • General Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Debugging And Monitoring (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Stored Programmes (AREA)

Abstract

The present application discloses a method and device for controlling service operation risks. An application program on an end-user device monitors a service operation initiated by a user for invoking offline service information, determines whether the service operation is a risky operation based on recorded historical 5 operation data and at least one of a predetermined risk evaluation rule or risk evaluation model after the service operation is monitored; if yes, refuses to invoke the offline service information, otherwise, invokes the offline service information. Compared with the existing technologies, by using the previous method in the implementations of the present application, when a user performs an offline service, a 10 process of performing risk control processing on a service operation of the user is added in addition to identity verification of the end-user device to form a double guarantee mechanism, thereby effectively improving security in offline service environments.
SG11201900533RA 2016-07-22 2017-07-14 Method and device for controlling service operation risk SG11201900533RA (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610587509.XA CN107645482B (en) 2016-07-22 2016-07-22 Risk control method and device for business operation
PCT/CN2017/092942 WO2018014789A1 (en) 2016-07-22 2017-07-14 Method and device for controlling service operation risk

Publications (1)

Publication Number Publication Date
SG11201900533RA true SG11201900533RA (en) 2019-02-27

Family

ID=60991960

Family Applications (1)

Application Number Title Priority Date Filing Date
SG11201900533RA SG11201900533RA (en) 2016-07-22 2017-07-14 Method and device for controlling service operation risk

Country Status (8)

Country Link
US (3) US20190156342A1 (en)
EP (1) EP3490215B1 (en)
JP (1) JP6783923B2 (en)
KR (1) KR102220083B1 (en)
CN (1) CN107645482B (en)
SG (1) SG11201900533RA (en)
TW (1) TWI699720B (en)
WO (1) WO2018014789A1 (en)

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110120964B (en) * 2018-02-07 2022-07-08 北京三快在线科技有限公司 User behavior monitoring method and device and computing equipment
CN108446821A (en) * 2018-02-07 2018-08-24 中国平安人寿保险股份有限公司 Method, apparatus, storage medium and the terminal of risk monitoring and control
CN108615158B (en) * 2018-03-22 2022-09-30 平安科技(深圳)有限公司 Risk detection method and device, mobile terminal and storage medium
CN110300062B (en) * 2018-03-23 2023-05-30 阿里巴巴集团控股有限公司 Wind control implementation method and system
CN110533269B (en) * 2018-05-23 2023-05-16 阿里巴巴集团控股有限公司 Business risk prevention and control method and device
CN108875388A (en) * 2018-05-31 2018-11-23 康键信息技术(深圳)有限公司 Real-time risk control method, device and computer readable storage medium
CN109002958A (en) * 2018-06-06 2018-12-14 阿里巴巴集团控股有限公司 A kind of method of risk identification, system, device and equipment
CN109165940B (en) * 2018-06-28 2022-08-09 创新先进技术有限公司 Anti-theft method and device and electronic equipment
CN108985072A (en) 2018-07-16 2018-12-11 北京百度网讯科技有限公司 Operate defence method, device, equipment and computer-readable medium
CN110798432A (en) * 2018-08-03 2020-02-14 京东数字科技控股有限公司 Security authentication method, device and system and mobile terminal
CN109359972B (en) * 2018-08-15 2020-10-30 创新先进技术有限公司 Core product pushing and core method and system
CN108876600B (en) * 2018-08-20 2023-09-05 平安科技(深圳)有限公司 Early warning information pushing method, device, computer equipment and medium
CN109344583B (en) * 2018-08-22 2020-10-23 创新先进技术有限公司 Threshold determination and body verification method and device, electronic equipment and storage medium
CN109377390A (en) * 2018-09-20 2019-02-22 阿里巴巴集团控股有限公司 Endowment methods of risk assessment and device
CN109471782A (en) * 2018-11-20 2019-03-15 北京芯盾时代科技有限公司 A kind of risk detecting system and risk checking method
CN109327473B (en) * 2018-12-03 2021-10-01 北京工业大学 Identity authentication system based on block chain technology
CN109859030A (en) * 2019-01-16 2019-06-07 深圳壹账通智能科技有限公司 Methods of risk assessment, device, storage medium and server based on user behavior
CN111490964B (en) * 2019-01-28 2023-09-05 北京京东尚科信息技术有限公司 Security authentication method, device and terminal
JP7234699B2 (en) * 2019-03-05 2023-03-08 ブラザー工業株式会社 Application program and information processing device
JP7215234B2 (en) 2019-03-05 2023-01-31 ブラザー工業株式会社 Application program and information processing device
CN110263530B (en) * 2019-05-30 2023-12-08 创新先进技术有限公司 Authentication method and device for password reset request
CN110427971A (en) * 2019-07-05 2019-11-08 五八有限公司 Recognition methods, device, server and the storage medium of user and IP
CN112418259B (en) * 2019-08-22 2023-05-26 上海哔哩哔哩科技有限公司 Real-time rule configuration method based on user behavior in live broadcast process, computer equipment and readable storage medium
CN110633915A (en) * 2019-09-24 2019-12-31 北京明略软件系统有限公司 High-risk place identification method and device
CN110647738B (en) * 2019-09-29 2021-09-03 武汉极意网络科技有限公司 Service wind control adaptation method, device, equipment and storage medium
CN111047423A (en) * 2019-11-01 2020-04-21 支付宝(杭州)信息技术有限公司 Risk determination method and device and electronic equipment
CN111786936A (en) * 2019-11-27 2020-10-16 北京沃东天骏信息技术有限公司 Method and device for authentication
CN111400168B (en) * 2020-02-21 2023-10-20 中国平安财产保险股份有限公司 Intelligent software wind control method, electronic device and computer readable storage medium
US11914719B1 (en) 2020-04-15 2024-02-27 Wells Fargo Bank, N.A. Systems and methods for cyberthreat-risk education and awareness
CN111581061A (en) * 2020-05-15 2020-08-25 海信集团有限公司 Service offline method, device and equipment
CN111639318A (en) * 2020-05-26 2020-09-08 深圳壹账通智能科技有限公司 Wind control method based on gesture monitoring on mobile terminal and related device
CN112232811B (en) * 2020-10-12 2023-10-24 中钞信用卡产业发展有限公司 Method and system for reducing offline payment risk
CN113162912A (en) * 2021-03-12 2021-07-23 中航智能建设(深圳)有限公司 Network security protection method, system and storage device based on big data
CN112966243B (en) * 2021-03-30 2022-09-09 支付宝(杭州)信息技术有限公司 Privacy-protecting core-body verification processing method and device
CN112948824B (en) * 2021-03-31 2022-04-26 支付宝(杭州)信息技术有限公司 Program communication method, device and equipment based on privacy protection
CN113409051B (en) * 2021-05-20 2022-05-24 支付宝(杭州)信息技术有限公司 Risk identification method and device for target service
CN114971116B (en) * 2021-05-24 2023-08-18 中移互联网有限公司 Method and device for tracking risk terminal
CN113627208B (en) * 2021-08-17 2024-04-05 上海源慧信息科技股份有限公司 Code scanning login early warning method and device, computer equipment and storage medium
CN114615034B (en) * 2022-03-01 2023-09-29 中铁第四勘察设计院集团有限公司 Control method, device, processing equipment and storage medium for service transmission
CN116232720B (en) * 2023-03-02 2024-01-16 国网河南省电力公司信息通信分公司 API (application program interface) encryption authentication method and storage device
CN116881956B (en) * 2023-09-08 2024-01-09 国网信息通信产业集团有限公司 Permission management method and device oriented to multi-cloud resource management

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020086695A (en) * 2000-03-24 2002-11-18 알티코 인크. System and method for detecting fraudulent transactions
JP2004030176A (en) * 2002-06-25 2004-01-29 Nec Infrontia Corp System, method, and program for settlement by using fingerprint
WO2004066159A1 (en) * 2003-01-20 2004-08-05 Fujitsu Limited Authentication information processing method
JP2004240645A (en) * 2003-02-05 2004-08-26 Ufj Bank Ltd Personal identification system and method
US7908645B2 (en) * 2005-04-29 2011-03-15 Oracle International Corporation System and method for fraud monitoring, detection, and tiered user authentication
JP4820593B2 (en) * 2005-07-11 2011-11-24 株式会社みずほ銀行 User authentication method and user authentication system
US20120204257A1 (en) * 2006-04-10 2012-08-09 International Business Machines Corporation Detecting fraud using touchscreen interaction behavior
US8739278B2 (en) * 2006-04-28 2014-05-27 Oracle International Corporation Techniques for fraud monitoring and detection using application fingerprinting
US20090164373A1 (en) * 2007-12-21 2009-06-25 Mastercard International, Inc. System and Method of Preventing Password Theft
US8595834B2 (en) * 2008-02-04 2013-11-26 Samsung Electronics Co., Ltd Detecting unauthorized use of computing devices based on behavioral patterns
JP5084712B2 (en) * 2008-12-24 2012-11-28 日立オムロンターミナルソリューションズ株式会社 User authentication terminal, authentication system, user authentication method, and user authentication program
US8590021B2 (en) * 2009-01-23 2013-11-19 Microsoft Corporation Passive security enforcement
US9824199B2 (en) * 2011-08-25 2017-11-21 T-Mobile Usa, Inc. Multi-factor profile and security fingerprint analysis
WO2013082190A1 (en) * 2011-11-28 2013-06-06 Visa International Service Association Transaction security graduated seasoning and risk shifting apparatuses, methods and systems
US20130304677A1 (en) * 2012-05-14 2013-11-14 Qualcomm Incorporated Architecture for Client-Cloud Behavior Analyzer
CN103279883B (en) * 2013-05-02 2016-06-08 上海携程商务有限公司 Electronic-payment transaction risk control method and system
CN103745397A (en) * 2014-01-27 2014-04-23 上海坤士合生信息科技有限公司 System and method for realizing electronic transaction risk control based on position scene identification
US9684787B2 (en) * 2014-04-08 2017-06-20 Qualcomm Incorporated Method and system for inferring application states by performing behavioral analysis operations in a mobile device
WO2015179637A1 (en) * 2014-05-21 2015-11-26 Visa International Service Association Offline authentication
CN104318138B (en) * 2014-09-30 2018-05-08 杭州同盾科技有限公司 A kind of method and apparatus for verifying user identity
CN105592014B (en) * 2014-10-24 2019-02-15 阿里巴巴集团控股有限公司 A kind of trusted terminal verification method, device
CN104794616A (en) * 2015-05-11 2015-07-22 易联支付有限公司 Safety verification method for mobile phone payment
CN105279405B (en) * 2015-10-28 2018-06-26 同济大学 Touchscreen user button behavior pattern is built and analysis system and its personal identification method
CN106878236A (en) * 2015-12-11 2017-06-20 阿里巴巴集团控股有限公司 A kind of user's request processing method and equipment
CN105512938A (en) * 2016-02-03 2016-04-20 宜人恒业科技发展(北京)有限公司 Online credit risk assessment method based on long-term using behavior of user
EP3208759B1 (en) * 2016-02-18 2020-01-29 AO Kaspersky Lab System and method of detecting fraudulent user transactions

Also Published As

Publication number Publication date
EP3490215A4 (en) 2019-07-31
JP2019521455A (en) 2019-07-25
US20190156342A1 (en) 2019-05-23
KR102220083B1 (en) 2021-03-02
EP3490215A1 (en) 2019-05-29
CN107645482A (en) 2018-01-30
JP6783923B2 (en) 2020-11-11
TW201804397A (en) 2018-02-01
US20200134630A1 (en) 2020-04-30
TWI699720B (en) 2020-07-21
EP3490215B1 (en) 2021-09-22
WO2018014789A1 (en) 2018-01-25
CN107645482B (en) 2020-08-07
US20200242614A1 (en) 2020-07-30
KR20190031545A (en) 2019-03-26

Similar Documents

Publication Publication Date Title
SG11201900533RA (en) Method and device for controlling service operation risk
MX2018000954A (en) Methods and systems for automatically generating a remedial action in an industrial facility.
SG11201803693VA (en) Information processing network based on uniform code issuance, method therefor, and sensing access device
SG10201900964QA (en) Cloud-based transactions methods and systems
WO2016019060A3 (en) Automated password generation and change
WO2016196435A3 (en) Segmentation techniques for learning user patterns to suggest applications responsive to an event on a device
SG10201610585WA (en) Passsword management system and process
WO2016040204A3 (en) Preserving data protection with policy
WO2014151157A3 (en) Secure query processing over encrypted data
WO2016036752A3 (en) Systems and methods for creating and modifying access control lists
SG10201903580QA (en) Method and device for verifying a trusted terminal
WO2014209894A3 (en) Systems and methods for enterprise content curation
MY184710A (en) System and method for information security threat disruption via a border gateway
WO2013130561A3 (en) Method of operating a computing device, computing device and computer program
SG11201809981QA (en) Processing method for preventing copy attack, and server and client
IN2015CH03327A (en)
PH12020500145A1 (en) Method for setting operating record viewing right based on time period
SG11201805866UA (en) Permission management and resource control method and apparatus
IN2013CH01206A (en)
PH12017500687A1 (en) Verification method and apparatus
WO2019070467A3 (en) Disaggregating latent causes for computer system optimization
PH12020500142A1 (en) Method for authorizing permission to operate content of mailbox account and instant messaging account in system
IN2013DE02920A (en)
WO2015130378A3 (en) Obfuscating in memory encryption keys
PH12019500762A1 (en) Method and apparatus for implementing accessibility function in applications