WO2024027199A1

WO2024027199A1 - Risk identification method and electronic device

Info

Publication number: WO2024027199A1
Application number: PCT/CN2023/088202
Authority: WO
Inventors: 赵晓娜
Original assignee: 荣耀终端有限公司
Priority date: 2022-08-02
Filing date: 2023-04-13
Publication date: 2024-02-08
Also published as: CN117544717A

Abstract

The present application relates to the field of information security, and discloses a risk identification method and an electronic device. The method comprises: when the electronic device receives an operation for a user to set a specific scenario, for example, to set call forwarding, to set a do-not-disturb mode, or to set an airplane mode, acquiring first information, performing risk identification according to the first information, and outputting risk early warning information when it is determined that there is a risk operation, wherein the first information comprises at least one of phone number information and environmental information in the specific scenario. The electronic device may face or is experiencing problems such as a network risk operation, property loss, information leakage when the specific scenario is set. In the present solution, when the user sets the specific scenario, the electronic device acquires the phone number information and/or environmental information in the specific scenario to perform risk identification to determine whether there is the risk operation when the specific scenario is set, and then risk early warning is performed in time when it is determined that there is the risk operation, thereby improving the security of using the electronic device by the user.

Description

Risk identification methods and electronic equipment

This application claims priority to the Chinese patent application filed with the State Intellectual Property Office on August 2, 2022, with application number 202210922242.0 and the invention name "Risk Identification Method and Electronic Device", the entire content of which is incorporated into this application by reference. .

Technical field

This application relates to the field of information security, and in particular to risk identification methods and electronic devices.

Background technique

Communication electronic devices, such as mobile phones, usually provide a call transfer function. After the user successfully sets the call transfer function on the electronic device, it can meet the user's normal answering needs in certain specific scenarios. For example, when the mobile phone has no network or is turned off, the user can still Answer calls by calling a forwarding number.

With the development of Internet technology, shortcomings in the security of user terminals have gradually been exposed, and there have been scenarios where certain users pose a threat to user terminal information security. For example, as telecom network fraud methods continue to be upgraded and renovated, functions on electronic devices that originally provided convenience to users may be exploited by fraudsters, making the fraud more smoothly possible. Optionally, a specific person, such as a fraudster, can induce or manipulate the user to transfer calls to the terminal settings to a specific number, or turn on the terminal's Do Not Disturb mode, etc., so that the user terminal cannot communicate normally with the outside world. The above scenarios will cause the user terminal to temporarily lose normal contact, posing a threat to the information security and property security of the user terminal. Moreover, in the case where some early warning staff need to talk to the user terminal for risk warning, the above scenarios also hinder risk warning. The work proceeds normally.

In the process of implementing the present invention, the inventor found that the electronic devices in the prior art did not carry out risk identification and early warning for the above risk scenarios.

Contents of the invention

Embodiments of the present application provide risk identification methods and electronic devices, which can perform risk identification and risk reminders for current operations when the electronic device is triggered and set to some functions or modes that temporarily lose normal contact in the above scenarios, thereby improving the user terminal's security. Information security and property security, and optimize user experience. In order to achieve the above objectives, the embodiments of the present application adopt the following technical solutions.

In a first aspect, this embodiment provides a risk identification method, applied to a terminal. The method includes: an electronic device receives an operation of a user setting a specific scene, obtains first information, and after obtaining the first information, the electronic device performs the following steps according to the first The information is used to identify risks, and if it is determined that a risk exists, risk warning information is output.

Among them, specific scenarios may include scenarios where the electronic device is temporarily unable to make normal calls. Specific scenarios include but are not limited to call transfer, do not disturb mode or airplane mode. The first information includes at least one of phone number information and environmental information involved in the specific scene. Among them, in some specific scenarios, such as the scenario of setting up call transfer, the phone number information may include the local number and the call transfer number; optionally, the phone number information may also include the terminal identification associated with the local number and the call transfer number. Number. Environmental information may include phone call events, application running events and/or function running events, application download events or application installation events, application interaction events, etc. Among them, the phone call event refers to the behavior of the electronic device making a call. Application running events and/or function running events refer to the behavior of an electronic device running an application, and/or the behavior of a specific function being run. Application download matters A software or application installation event refers to an electronic device having application downloading behavior or application installation behavior. Application interaction events refer to receiving prompt messages sent by the application, etc.

In this embodiment, when the electronic device detects that a specific scene is triggered, it can obtain the first information generated in the specific scene. The first information includes the environmental information and phone number information involved in the specific scene, thereby The electronic device may determine whether there is a risky operation in the current environment based on the first information. When it is determined that a risky operation exists, risk warning information is output in a timely manner and the setting operation of a specific scenario is suspended. This achieves effective identification and risk warning of risky operations in specific scenarios, provides users with effective risk reminders, and reduces the risk to a certain extent. It increases the probability of users performing risky operations and enhances users’ information security and property security. At the same time, it prevents the conduct of risky operations and avoids the occurrence of risky operations. It also avoids to a certain extent the situation where the electronic equipment used by users is used by specific users, and prevents specific users from using the electronic equipment used by users to hinder or interfere with the work of staff. Issues with early warning work.

Combined with the first aspect, in a possible design approach, in a specific scenario where the call transfer is performed, the phone number information at least includes the call transfer number, and the electronic device performs risk identification based on the first information, including: if the call transfer number is determined If it is not a safe number, then there is definitely a risk.

Combined with the first aspect, in a possible design approach, the judgment conditions for determining that the call forwarding number is a secure number include one or more of the following: determining that the call forwarding number is the local SIM card number; determining that the call forwarding number is in local communication is being recorded; make sure the call forwarding number is in the preset white list; make sure the owner information of the call forwarding number is the same as the owner information of the local number.

In this embodiment, if it is determined that the call forwarding number satisfies at least one of the above judgment conditions, it is determined that the call forwarding number is a security number; otherwise, it is determined that the call forwarding number is not a security number.

Among them, the electronic device can send a query request to the server to obtain the owner information of the local number and the owner information of the call forwarding number to determine that the owner information of the call forwarding number is the same as the owner information of the local number.

In conjunction with the first aspect, in one possible design approach, determining that the owner information of the call forwarding number is the same as the owner information of the local number includes: sending a first query request carrying the first identifier and the call forwarding number to the server. ; The first identification is used to indicate the local number of the terminal; the first query request is used to instruct the server to query the local owner information and the call transfer owner information based on the first identification and the call transfer number; receive the local ownership returned by the server; The first query response between the owner information and the call transfer owner information; if it is determined that the owner information of the local machine matches the call transfer owner information successfully, it is determined that the owner information of the call transfer number is the same as the owner information of the local number.

Alternatively, the electronic device can also directly obtain the matching result from the server to determine that the owner information of the call forwarding number is the same as the owner information of the local number.

In conjunction with the first aspect, in one possible design approach, determining that the owner information of the call forwarding number is the same as the owner information of the local number includes: sending a second query request carrying the first identifier and the call forwarding number to the server. ; The first identifier is used to indicate the local number of the terminal; the second query request is used to instruct the server to determine the matching result of the owner information of the local number and the owner information of the call forwarding number; the third query request carrying the matching result returned by the receiving server 2. Query response; if the matching result is determined to be successful, it is determined that the owner information of the call forwarding number is the same as the owner information of the local number.

Optionally, the first identification may be an Internet protocol address (IP address) of the terminal, an international mobile subscriber identity (IMSI) of the terminal, or other identification that can be associated with the local number. It should be noted that the information fields corresponding to the first identifier are different. must be included in the above setting request. The server may directly extract the identification corresponding to the electronic device, such as the IP address, when establishing a network layer connection with the electronic device. The server can determine the local number associated with the first identification according to the first identification.

In this embodiment, for the call transfer scenario, the electronic device performs risk identification from the perspective of determining whether the call transfer number is a safe number. Through one or more of the above methods, the risk identification judgment of the call transfer number is determined from the security aspect. , can more accurately and effectively determine the risk of call forwarding numbers.

Combined with the first aspect, in a possible design approach, in a specific scenario where the call transfer is performed, the phone number information at least includes the call transfer number, and the electronic device performs risk identification based on the first information, including: if the call transfer number is determined is a risk number, it is determined that there is a risk.

Combined with the first aspect, in one possible design approach, determining that the call transfer number is a risk number includes: determining that the call transfer number is in a preset blacklist; or, determining that the call transfer number is by querying a third-party risk identification platform The numbers are those that have been marked as risky.

Optionally, the risk-marked number may be a risk-marked number locally on the electronic device, or may be a risk-marked number obtained by the electronic device from a third-party risk identification platform. Optionally, the electronic device can also obtain the risk query result of querying the call forwarding number from the third-party risk identification platform, and determine whether the call forwarding number is a number that has been marked with risk based on the risk query result.

In this embodiment, for the call transfer scenario, the electronic device performs risk identification from the perspective of determining whether the call transfer number is a risk number. Through one or more of the above methods, the risk identification judgment of the call transfer number is determined from the risk aspect. , can more accurately and effectively determine the risk of call forwarding numbers.

Combined with the first aspect, in a possible design approach, in a specific scenario where the call transfer is performed, the phone number information at least includes the call transfer number, and the electronic device performs risk identification based on the first information, including: if the call transfer number is determined It is not a safe number, and if it is determined that the call forwarding number is a risk number, it is determined that there is a risk.

In this embodiment, for the call transfer scenario, considering that some specific numbers may not be safe numbers or risk numbers, based on this situation, the electronic device can judge from the two dimensions of security and risk. More accurately and effectively determine the risk of call forwarding numbers.

In conjunction with the first aspect, in a possible design approach, the risk warning information includes content instructing the user to cancel the setting of a specific scenario or to confirm the setting of a specific scenario. Based on this, the risk identification method also includes: after the electronic device outputs the risk warning information, the electronic device obtains the setting operation triggered by the user, and when the setting operation is to cancel the setting of a specific scene, output a prompt message indicating that the setting failed. To confirm the setting of a specific scene, a prompt message indicating successful setting is output.

In this embodiment, while outputting the risk warning information, the electronic device can output to the user the content of a secondary determination of setting a specific scene, perform a secondary determination of the current specific scene setting operation, and while warning the user, also allow the user to continue or cancel. Set specific scenarios to improve user information security while optimizing user experience.

Combined with the first aspect, in one possible design approach, when the specific scenario is call transfer, before the above-mentioned electronic device outputs a prompt message indicating that the setting is successful, the electronic device also needs to send a call transfer setting request to the server. The setting request carries a first identifier and a call transfer number. The first identifier is used to indicate the local number of the terminal. The setting request is used to instruct the server to transfer the call of the local number to the terminal based on the local number and the call transfer number. Call the forwarding number and return a setup response to the electronic device after setup is completed. After receiving the setting response returned by the server, the electronic device outputs a prompt message indicating that the setting is successful.

Optionally, the first identifier may be the terminal's Internet protocol address (IP address), the terminal's International Mobile Subscriber Identity (IMSI), or other identifier that can be associated with the local number. It should be noted that the information field corresponding to the first identification is not necessarily included in the above-mentioned setting request. The server may directly extract the identification corresponding to the electronic device, such as the IP address, when establishing a network layer connection with the electronic device. The server may determine the local number associated with the first identification according to the first identification.

In this embodiment, for the scenario of setting call forwarding, the electronic device needs to communicate with the server so that the server can perform the call forwarding setting operation based on the local number and the call forwarding number. After receiving the setting response returned by the server, Output a prompt message indicating that the setting is successful so that the user can clearly know that the call transfer has been set up successfully and optimize the user experience.

Combined with the first aspect, in one possible design approach, performing risk identification based on the first information includes: determining whether there is a risky operation at the first moment or within a preset time period before the first moment based on the environmental information. The first moment is the moment when the user's operation to set a specific scene is received.

Optionally, the preset time period before the first time may be 5 minutes, 10 minutes, 30 minutes, etc. before the first time.

In this embodiment, if the electronic device determines that a risky operation exists at the first moment based on the environmental information, or determines that a risky operation exists within a preset time period before the first moment, then the electronic device determines that a risk exists. Based on the different contents included in the environmental information, the risk operations for electronic equipment to identify risks are also different.

In a possible design approach, the environmental information is a phone call event, and the risk operation includes whether the call number of the phone call event is a risk number, and/or whether the call number of the phone call event is a safe number.

Considering that electronic devices can be induced to operate by a specific user through phone calls, in this case, the environmental information is a phone call event, and the electronic device performs risk identification based on the call number involved in the phone call event. For example, the first aspect can be combined to determine whether the call number is a safe number, and whether the call number is a risk number. When it is determined that the call number is not a safe number, and/or it is determined that the call number is a risk number, it is determined that a risky operation exists.

In this embodiment, when the environmental information is a phone call event, performing risk identification on the call number is the simplest and most effective risk identification method. If the electronic device determines that the call number is a risk number, or determines that the call number is not a safe number, or determines that the call number is not a safe number and is a risk number, it directly determines that a risky operation exists in the current environment.

Combined with the first aspect, in a possible design approach, the environment information is an application running event and/or a function running event; the risk operation includes running a specific application and/or running a specific function of a specific application.

The specific application may be an application with screen sharing or remote control mode, and the corresponding specific function may be enabled in sharing or remote control mode. Alternatively, the specific application may also be a payment application, and the corresponding specific function may be the execution of payment or transfer activities.

For example, if the electronic device can determine that a specific application is running based on the environment information; or determine that a specific function of a specific application is running, it is determined that a risky operation exists.

For example, if the electronic device determines that an application in sharing screen mode is running, it determines that a risky operation exists; or if the electronic device determines that it is currently in sharing mode, it determines that a risky operation exists; or if the electronic device determines that an application in sharing screen mode is running And if you are currently in screen sharing mode, it is determined that there is a risky operation. For example, if the electronic device determines that a payment application is running, it is determined that a risky operation exists; or if the electronic device determines that a certain payment operation is being performed, it is determined that a risky operation exists; or if the electronic device determines that a payment application is running and If a certain payment operation is being performed, it is determined that there is a risky operation.

Optionally, the electronic device may determine whether to execute the application within a preset time period before the first time based on the execution start time and execution end time of the specific application and/or its specific function. For example, the preset time period before the first moment is 30 minutes before the first moment. If the electronic device determines that the running start time and the running end time of the payment application are both within 30 minutes before the first moment, it is determined that there is a risky operation. Alternatively, the electronic device can directly query the process to determine whether a specific application and/or its specific function is executed at the current moment. For example, if the electronic device directly queries the process and determines that a payment application is running at the current moment, it is determined that a risky operation exists.

In this embodiment, the electronic device may be remotely controlled and operated by a specific user, or may be induced by a specific user to perform payment operations. In this case, the electronic device performs risk identification based on application and/or function running events, which can be done through Determine that a specific application is running and/or a specific function of a specific application is executed at the current moment, or that a specific application has been run and/or a specific function of a specific application has been executed within a preset time period before the first moment, to determine that there is a risk in the current operation, consider The identification of environmental information based on the operational vulnerabilities of electronic equipment is more accurate.

Combined with the first aspect, in a possible design method, the environmental information is an application download event, and the risk operation includes the behavior of downloading the risky application; the environmental information is the application installation event, and the risk operation includes the behavior of installing the risky application.

Among them, the risk application may be a risk-marked application determined by the electronic device through querying the third-party risk identification platform; it may also be a risk-marked application stored in the electronic device in advance. Considering that a specific user may perform risky operations by inducing the user to install a risky application on an electronic device, the electronic device can determine whether the risky application has been downloaded based on the application download event for risk identification; or the electronic device can determine whether to install the risky application based on the application installation event. Risk applications are used for risk identification. Optionally, the electronic device may determine whether there is an application download or installation behavior at the first moment or within a preset time period before the first moment based on the download start time, download completion time, installation start time, and installation completion time of the application. Alternatively, the electronic device may also query the current process to determine whether there is an application download or installation behavior at the first moment. If it is determined that there is an application downloading behavior or an application installation behavior at the first moment or within the preset time period before the first moment, it is determined based on the risk-marked applications whether the application is a risky application. When the existing application is determined to be a risky application, it is determined that there is a risky operation.

In this embodiment, scenarios where risks exist in electronic devices will most likely result in the downloading and installation of risky applications. Therefore, in the event of application downloading or application installation behavior, determining whether the application is a risky application can be quickly and effectively It can accurately determine the risk of application installation in the current scenario, so that the risk identification of the current operation from this perspective is more direct and effective.

Combined with the first aspect, in a possible design approach, the environment information is an application interaction event, and the risk operation includes receiving a risk reminder message sent by a specific application.

Optionally, the specific application here refers to an application that can identify risks and generate risk prompts. For example, the specific application can be an application with a payment function and a risk identification reminder. If the application detects a risk during the payment process, it will generate risk reminder information and transmit the risk reminder information to the risk identification module of the electronic device. For example, the electronic device can also determine from historical interaction events whether risk prompt information is generated within a preset time period before the first time. If it is determined that risk prompt information is generated within a preset time period before the first time, it is determined that a risky operation exists. Alternatively, if the electronic device receives the risk prompt information generated by the specific application at the first moment, it determines that there is a risky operation.

In this embodiment, in scenarios where risks exist in electronic devices, they may be sensitively identified by other specific applications. Therefore, risk identification based on specific application interaction information can quickly and effectively determine whether electronic devices have risks.

Optionally, the environmental information includes one or more of the above events, and the electronic device can identify risky operations based on a combination of multiple environmental information. In this embodiment, the electronic device identifies risky operations based on a variety of environmental information. The identification can be combined from one or more dimensions such as the application dimension, the system dimension, the call dimension, and the interactive information dimension. Considering that the electronic device may be in Complex environments enable more accurate risk identification of current operations.

Combined with the first aspect, in one possible design method, risk identification is carried out based on the first information, including:

If the risk identification is based on the phone number information and it is determined that there is a risk, and/or if the risk identification is based on the environmental information and it is determined that there is a risk, then it is determined that there is a risk; if the risk identification is based on the phone number and it is determined that there is no risk, and, the risk is based on the environmental information If it is determined that there is no risk, then it is determined that there is no risk.

Optionally, the electronic device can also perform combined risk identification based on the phone number information and environmental information. Only when it is determined that there is currently no risk based on the phone number information and that there is currently no risk based on the environment information, it is finally determined that there is currently no risk. ; In the case where the current risk is determined based on the phone number information and/or the current risk is determined based on the environmental information, the risk is ultimately determined to exist.

In this embodiment, the risk identification judgment is based on the combination of telephone number information and environmental information, making risk identification more secure and further improving the effectiveness of risk identification.

In a second aspect, an electronic device is provided, the electronic device including a processor and a display screen;

The processor is used to receive the user's operation of setting a specific scene and obtain the first information; perform risk identification based on the first information; if it is determined that there is a risk, output the risk warning information to the display screen; the display screen is used to display the risk warning information.

Among them, specific scenarios may include scenarios where the electronic device is temporarily unable to make normal calls. Specific scenarios include but are not limited to setting call transfer, setting do not disturb mode, and setting airplane mode. The first information includes but is not limited to number information and environmental information involved in a specific scenario. The number information generally includes a call forwarding number; optionally, the telephone number information may also include a first identifier and a call forwarding number used to indicate the local number. Environmental information may include phone call events, application running events and/or function running events, application download events or application installation events, application interaction events, etc. Among them, the phone call event refers to the behavior of the electronic device making a call. Application running events and/or function running events refer to the behavior of an electronic device running an application, and/or the behavior of a specific function being run. An application download event or an application installation event refers to an electronic device having application downloading behavior or application installation behavior. Application interaction events refer to receiving prompt messages sent by the application, etc.

In this embodiment, when the electronic device detects that a specific scene is triggered, it can obtain the first information generated in the specific scene. The first information includes the environmental information and number information involved in the specific scene, thereby The electronic device can determine whether there is a risky operation in the current environment based on the first information, and if it is determined that there is a risky operation, timely output the risk warning information and stop the setting operation of the specific scenario, achieving effective identification and identification of risky operations in the specific scenario. Risk warning provides users with effective risk tips, reduces the probability of users performing risky operations to a certain extent, and enhances users' information security and property security. At the same time, it prevents the conduct of risky operations and avoids the occurrence of risky operations. It also avoids to a certain extent the situation where the electronic equipment used by users is used by specific users, and prevents specific users from using the electronic equipment used by users to hinder or interfere with the work of staff. Early warning issues.

Combined with the second aspect, in a possible design approach, when the specific scenario is call transfer, the phone number information at least includes the call transfer number, and the processor is configured to determine that the call transfer number is not a safe number if it is determined that there is risk.

Combined with the second aspect, in a possible design method, the judgment conditions for determining that the call forwarding number is a safe number include one or more of the following: determining that the call forwarding number is the local SIM card number; determining that the call forwarding number is in local communication is being recorded; make sure the call forwarding number is in the preset white list; make sure the owner information of the call forwarding number is the same as the owner information of the local number.

The electronic device can send a query request to the server to obtain the owner information of the local number and the owner information of the call forwarding number to determine that the owner information of the call forwarding number is the same as the owner information of the local number. Based on this, the above electronic device Also includes communication module.

Combined with the second aspect, in a possible design manner, the communication module is configured to send a first query request carrying a first identifier and a call transfer number to the server; the first identifier is used to indicate the local number of the terminal; The query request is used to instruct the server to query the owner information of the local machine and the call transfer owner information based on the local number and the call transfer number; receive the first query response returned by the server carrying the owner information of the local machine and the call transfer owner information; if If it is determined that the owner information of the local phone and the call forwarding owner information match successfully, it is determined that the owner information of the call forwarding number is the same as the owner information of the local number.

In conjunction with the second aspect, in a possible design manner, the communication module is configured to send a second query request carrying the first identifier and the call transfer number to the server; the second query request is used to instruct the server to determine the attribute of the local number. The matching result between the main information and the owner information of the call forwarding number; receiving the second query response carrying the matching result returned by the server; if it is determined that the matching result is successful, then determining the owner information of the call forwarding number and the ownership of the local number The main information is the same.

Combined with the second aspect, in a possible design approach, in a specific scenario of call forwarding, the phone number information at least includes the call forwarding number, and the processor is configured to determine if the call forwarding number is a risk number, risk.

Combined with the second aspect, in one possible design approach, determining that the call transfer number is a risk number includes: determining that the call transfer number is in a preset blacklist; or, determining the call transfer number by querying a third-party risk identification platform It is a number that has been marked as a risk.

Combined with the second aspect, in a possible design approach, in a specific scenario of call forwarding, the phone number information at least includes the call forwarding number, and the processor is configured to determine that the call forwarding number is not a safe number and determine that the call If the transfer number is a risk number, it is determined that there is a risk.

In this embodiment, for the call transfer scenario, considering that some specific numbers may not be safe numbers, It may not be a risk case number. In this case, the electronic device can judge the risk of the call forwarding number more accurately and effectively from the two dimensions of safety and risk.

Combined with the second aspect, in a possible design approach, the risk warning information includes content instructing the user to cancel the setting of a specific scenario or to confirm the setting of a specific scenario. Based on this, the processor is used to obtain the setting operation triggered by the user. When the setting operation is to cancel the setting of a specific scene, output a prompt message of setting failure to the display screen. When the setting operation is to confirm the setting of a specific scene, send a message to the display screen. The display screen outputs a prompt message indicating that the setting is successful.

The display screen is used to display a prompt message indicating that the setting fails, or to display a prompt message indicating that the setting is successful.

Combined with the second aspect, in one possible design approach, the communication module is also used to send a call transfer setting request to the server; receive a setting response returned by the server, and feed the setting response back to the processor.

The processor is configured to output a prompt message indicating successful setting to the display screen based on the feedback response.

The display screen is used to display a prompt message indicating that the setting is successful.

Optionally, the setting request carries a first identifier and a call forwarding number. The first identifier is used to indicate the terminal's local number. The setting request is used to instruct the server to call the local number based on the local number and the call forwarding number. Transfer to the call forwarding number and return a setup answer to the electronic device after setup is complete. After receiving the setting response returned by the server, the electronic device outputs a prompt message indicating that the setting is successful.

Combined with the second aspect, in one possible design approach, the processor is configured to determine whether there is a risky operation at the first moment or within a preset time period before the first moment based on the environmental information. The first moment is the moment when the user's operation to set a specific scene is received.

Combined with the second aspect, in one possible design approach, the environmental information is a phone call event, and the risk operation includes that the call number of the phone call event is a risk number, and/or the call number of the phone call event is not a safe number.

Combined with the first aspect, in a possible design approach, the environment information is an application running event and/or a function running event; the risk operation includes the running of a specific application and/or the running of a specific function of a specific application.

In this embodiment, the electronic device may be remotely controlled and operated by a specific user, or may be induced by a specific user to perform payment operations. In this case, the electronic device performs risk identification based on application and/or function running events, which can be done through Determine whether a specific application is running and/or a specific function of a specific application is executed at the current moment, or a specific application has been running and/or a specific function of a specific application has been executed within a preset time period before the first moment, to determine the current There are risks in operation, and the identification of environmental information that takes into account the operational vulnerabilities of electronic equipment is more accurate.

Combined with the first aspect, in a possible design method, the environmental information is an application download event, and the risk operation includes the behavior of downloading and installing risky applications; the environmental information is an application installation event, and the risk operation includes the behavior of installing risky applications.

In this embodiment, there is a high probability that risky applications will be downloaded and installed in scenarios where electronic devices have risks. Therefore, when an application is downloaded or installed, it can be quickly and effectively determined whether the application is a risky application. Determine the risk of application installation in the current scenario, so that the risk identification of the current operation from this perspective is more direct and effective.

Combined with the first aspect, in a possible design approach, when the environment information is an application interaction event, the risk operation includes receiving a risk reminder message sent by a specific application.

Combined with the second aspect, in a possible design approach, the processor is configured to determine that a risk exists if it is determined that a risk exists based on the phone number information, and/or if a risk is determined to exist based on the environmental information, and/or it is determined that a risk exists; If the risk identification based on the phone number determines that there is no risk, and the risk identification based on the environmental information determines that there is no risk, then it is determined that there is no risk.

Optionally, the electronic device can also perform combined risk identification based on the phone number information and environmental information. Only when it is determined that there is currently no risk based on the phone number information and that there is currently no risk based on the environment information, it is finally determined that there is currently no risk. ; In the case where the current risk is determined based on the phone number information, and/or the current risk is determined based on the environmental information, the risk is finally determined to exist.

In a third aspect, an electronic device is provided. The electronic device includes a memory, a display screen, and one or more processors; the memory, the display screen, and the processor are coupled; and a computer program is stored in the memory. Code, the computer program code includes computer instructions, which when executed by the processor, cause the electronic device to perform the method according to any one of the above first aspects.

In a fourth aspect, a computer-readable storage medium is provided. Instructions are stored in the computer-readable storage medium. When the computer-readable storage medium is run on an electronic device, the electronic device can execute any one of the above-mentioned first aspects. method.

A fifth aspect provides a computer program product containing instructions that, when run on an electronic device, enables the electronic device to execute the method described in any one of the above first aspects.

It can be understood that the electronic device described in the second aspect, the third aspect and any possible design manner provided above, the computer readable storage medium described in the fourth aspect, and the computer program product described in the fifth aspect The beneficial effects that can be achieved can be referred to the first aspect and the beneficial effects in any possible design method, here No longer.

Description of drawings

Figure 1 is a schematic diagram of a scenario in which a specific user sets a call transfer to a specific number in a risk warning scenario provided by an embodiment of the present application;

Figure 2A is a schematic diagram of an interface for setting call transfer based on an electronic device interactive interface provided by an embodiment of the present application;

Figure 2B is a schematic diagram of an interface for setting call transfer based on dialing according to an embodiment of the present application;

Figure 3 is a schematic diagram of the application environment of a risk identification method provided by the embodiment of the present application;

Figure 4A is a schematic diagram of the hardware structure of an electronic device provided by an embodiment of the present application;

Figure 4B is a system software architecture diagram of an electronic device provided by an embodiment of the present application;

Figure 5 is a flow chart of a risk identification method provided by an embodiment of the present application;

Figure 6 is a schematic diagram of a display interface of another electronic device provided by an embodiment of the present application;

Figure 7 is a flow chart of another risk identification method provided by an embodiment of the present application;

Figure 8 is a flow chart of another risk identification method provided by an embodiment of the present application;

Figure 9 is a flow chart of another risk identification method provided by an embodiment of the present application;

FIG. 10 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.

Detailed ways

Hereinafter, the terms “first” and “second” are used for descriptive purposes only and cannot be understood as indicating or implying relative importance or implicitly indicating the quantity of indicated technical features. Therefore, features defined as "first" and "second" may explicitly or implicitly include one or more of these features. In the description of this embodiment, unless otherwise specified, "plurality" means two or more.

During the research process, the inventor found that in some risky scenarios, for example, in the scenario of Internet telecommunications fraud, specific users may induce ordinary users to set their mobile phones to certain settings during or after communication with ordinary users. Specific modes or setting specific functions to interfere with or hinder staff's risk warning work for ordinary users. Among them, specific users can be understood as fraudsters who intend to carry out risky operations such as property transfer and information theft of ordinary users. Referring to FIG. 1 , electronic device 1 is an electronic device used by ordinary users, electronic device 2 is an electronic device used by specific users, and electronic device 3 is an electronic device used by staff. Optionally, the electronic device 1, the electronic device 2, and the electronic device 3 can each be a smart phone, a tablet computer, a notebook computer, a desktop computer, etc.

Taking the electronic device as a mobile phone as an example to illustrate, the specific user inducing the ordinary user to set the mobile phone to some specific modes or setting specific functions may include inducing the ordinary user to set the electronic device 1 to transfer the call to a specific number (electronic device 2). The specific number used), so that when the staff makes a phone warning to an ordinary user, the call is transferred to the specific number, and the specific user pretends to be an ordinary user to respond to the alert; or the specific user induces the ordinary user to set the electronic device 1 to do not disturb mode, or induce ordinary users to set the electronic device 1 to the mode of rejecting unknown numbers, etc., so that the staff cannot effectively contact ordinary users and hinder the staff's risk warning work for ordinary users.

Among them, for example, the call forwarding function refers to transferring incoming calls to a set call forwarding number in certain specific scenarios such as being unable to answer the phone or unwilling to answer the phone. Call transfer functions include unconditional call transfer, busy call transfer, no-answer call transfer, user unreachable call transfer, etc. Common call forwarding settings Including: the first one is to set through the menu provided by the mobile phone interactive interface, please refer to Figure 2A, the user can transfer the call based on different conditions set in the interactive interface 10; the second one is to input human-machine input through the dial pad of the phone application The interface (man-machine-interface, MMI) code is used to perform call transfer settings. Refer to Figure 2B. The user can perform dial-up call transfer settings based on the dial pad interface 20 of the phone application. For example, the dialing mode setting call transfer includes the following. Way:

Method 1: Unconditional call transfer, dial **21*called number#.

Method 2: To transfer the call when busy, dial **67*called number#.

Method 3: To transfer calls without response, dial **61*called number#.

Method 4: If the user cannot reach the call transfer, dial **62*called number#.

Method 5: Cancel the call forwarding setting and dial ##002#.

For example, during the process of dialing for unconditional call forwarding settings, when the mobile phone detects that the user inputs **21*137******** and ends with "#", it triggers the dial pad interface 20 A prompt information interface 21 is displayed. As shown in FIG. 2B , the reminder information interface may include relevant content indicating whether to prompt the user to unconditionally transfer the call to 137********, and the reminder information interface may include The function controls for confirming the setting of call transfer and canceling the setting of call transfer are shown in the reference interface 21 and include two function button controls of "OK" and "Cancel" to enable the user to confirm the setting call transfer operation or cancel the call transfer operation.

It is understandable that users can also set up call forwarding in other ways. The embodiments of this application will not be described again in detail.

It should be understood that no matter which of the above methods is used to set call transfer, after the mobile phone detects the confirmation setting call transfer operation, it sends a call transfer setting request carrying the local number and call transfer number to the operator (server). After the operator (server) responds, the call forwarding setting operation is completed.

In view of the above situation where specific users induce ordinary users to set their mobile phones to certain specific scenarios, there is no corresponding technical solution in the existing technology to identify and provide early warning for possible risky operations in these scenarios. As a result, specific users can take advantage of this specific scenario. Conducting risky operations in this scenario poses a certain threat to the information security and property security of ordinary users, and interferes with or hinders the risk warning work of staff. This embodiment provides a risk identification method to achieve effective identification and user reminders of the above risk operations, thereby avoiding specific users from interfering or hindering the staff's early warning work, thereby improving the information security and property security of ordinary users. This embodiment The risk identification method provided by the embodiment is applied in the implementation environment shown in Figure 3. Please refer to Figure 3. The implementation environment includes: an electronic device 100 and a server 101. The electronic device 100 and the server 101 communicate through a network.

The electronic device 100 can be understood as a device used by ordinary users. In some risky scenarios, the electronic device 100 can also be understood as a device used by the victim. The electronic device 100 can be a smart phone, a tablet computer, a notebook computer, a desktop computer, or other electronic device that has communication functions, call transfer settings, do not disturb settings, payment functions, etc. The embodiment of the present disclosure does not specify the product type of the electronic device 100 limitations. The server 101 can be a server corresponding to an operator that communicates with electronic devices. The server 101 can be an independent server, a server cluster, or a cloud server. The embodiment of the present disclosure does not make any changes to the product type of the server 101. Specific limitations. It should be noted that the server 101 can provide the electronic device 100 with functions such as telephone number information query and telephone number function setting.

For example, the electronic device 100 may send a call forwarding setting request carrying the local number and the call forwarding number to the server 101. In response to the call forwarding setting request, the server 101 performs call forwarding settings based on the local number and the call forwarding number, and Return a setting response to the electronic device 100, and the electronic device 100 receives After the setting is answered, prompt information indicating successful call transfer setting is displayed to the user based on the interactive interface.

Optionally, the electronic device 100 can also send an owner query request carrying the local number and the call forwarding number to the server 101. The server 101 obtains the local owner information corresponding to the local number and the call forwarding number based on its own database. transfer the owner information, thereby returning a query response carrying the local owner information and the transferred owner information to the electronic device 100. After receiving the query response, the electronic device 100 displays the local owner information and the transferred owner information to the user based on the interactive interface. Transfer owner information, etc. Among them, the owner information refers to the user's personal information corresponding to the phone number, such as the user's name, the location of the phone number, etc.

The electronic device 100 in the embodiment of the present application may be an electronic device installed with a phone application and may be installed with other functional applications. Among them, other functional applications may include applications with payment functions, applications with communication functions, applications with functions of managing electronic device systems, applications with functions of remote control of electronic devices, etc. Illustratively, the electronic device can be a portable computer (such as a mobile phone), a tablet computer, a notebook computer, a personal computer (PC), a wearable electronic device (such as a smart watch), augmented reality (AR)\virtual Reality (virtual reality, VR) equipment, vehicle-mounted computers, etc. The following embodiments do not place special restrictions on the specific forms of the electronic equipment.

Please refer to FIG. 4A , which shows a structural block diagram of an electronic device (such as the electronic device 100) provided by an embodiment of the present application. The electronic device 100 may include a processor 310, an external memory interface 320, an internal memory 321, a universal serial bus (USB) interface 330, a charging management module 340, a power management module 341, a battery 342, and an antenna 1, Antenna 2, radio frequency module 350, communication module 360, audio module 370, speaker 370A, receiver 370B, microphone 370C, headphone interface 370D, sensor module 380, button 390, motor 391, indicator 392, camera 393, display screen 394, and Subscriber identification module (SIM) card interface 395, etc. The sensor module 380 may include a pressure sensor 380A, a gyro sensor 380B, an air pressure sensor 380C, a magnetic sensor 380D, an acceleration sensor 380E, a distance sensor 380F, a proximity light sensor 380G, a fingerprint sensor 380H, a temperature sensor 380J, a touch sensor 380K, and ambient light. Sensor 380L, bone conduction sensor 380M, etc.

The structure illustrated in the embodiment of the present invention does not constitute a limitation on the electronic device 100 . More or fewer components may be included than shown, or some components may be combined, or some components may be separated, or may be arranged differently. The components illustrated may be implemented in hardware, software, or a combination of software and hardware.

Processor 310 may include one or more processing units. For example, the processor 310 may include an application processor (application processor, AP), a modem processor, a graphics processing unit (GPU), an image signal processor (image signal processor, ISP), a controller, and a memory. , video codec, digital signal processor (DSP), baseband processor, and/or neural network processor (neural-network processing unit, NPU), etc. Among them, different processing units can be independent devices or integrated in one or more processors.

The above-mentioned controller may be a decision-maker that directs various components of the electronic device 100 to work in coordination according to instructions. It is the nerve center and command center of the electronic device 100. The controller generates operation control signals based on the instruction operation code and timing signals to complete the control of fetching and executing instructions.

The processor 310 may also be provided with a memory for storing instructions and data. In some embodiments, the memory in the processor 310 is a cache memory that can save instructions or data that have just been used or recycled by the processor 310 . If processor 310 needs to use the instructions or data again, it can be called directly from the memory. Repeated access is avoided and the waiting time of the processor 310 is reduced, thus improving the efficiency of the system.

In some embodiments, processor 310 may include an interface. Interfaces may include integrated circuit (inter-integrated circuit, I2C) interface, integrated circuit built-in audio (inter-integrated circuit sound, I2S) interface, pulse code modulation (pulse code modulation, PCM) interface, universal asynchronous receiver and transmitter (universal asynchronous receiver/transmitter (UART) interface, mobile industry processor interface (MIPI), general-purpose input/output (GPIO) interface, SIM interface, and/or USB interface, etc.

The USB interface 330 can be a Mini USB interface, a Micro USB interface, a USB Type C interface, etc. The USB interface 330 can be used to connect a charger to charge the electronic device 100, and can also be used to transmit data between the electronic device 100 and peripheral devices. It can also be used to connect headphones to play audio through them. It can also be used to connect other electronic devices, such as AR devices, etc.

The interface connection relationships between the modules illustrated in the embodiment of the present invention are only schematic illustrations and do not constitute a structural limitation on the electronic device 100 . The electronic device 100 may adopt different interface connection methods in the embodiment of the present invention, or a combination of multiple interface connection methods.

The charge management module 340 is used to receive charging input from the charger. Among them, the charger can be a wireless charger or a wired charger. In some wired charging embodiments, the charging management module 340 may receive charging input from the wired charger through the USB interface 330 . In some wireless charging embodiments, the charging management module 340 may receive wireless charging input through the wireless charging coil of the electronic device 100 . While the charging management module 340 charges the battery 342, it can also provide power to the electronic device 100 through the power management module 341.

The power management module 341 is used to connect the battery 342, the charging management module 340 and the processor 310. The power management module 341 receives input from the battery 342 and/or the charging management module 340, and supplies power to the processor 310, the internal memory 321, the external memory interface 320, the display screen 394, the camera 393, the communication module 360, and the like. The power management module 341 can also be used to monitor battery capacity, battery cycle times, battery health status (leakage, impedance) and other parameters. In some embodiments, the power management module 341 may also be provided in the processor 310. In some embodiments, the power management module 341 and the charging management module 340 can also be provided in the same device.

The wireless communication function of the electronic device 100 can be implemented through the antenna 1, the antenna 2, the radio frequency module 350, the communication module 360, the modem, the baseband processor, and the like.

Antenna 1 and Antenna 2 are used to transmit and receive electromagnetic wave signals. Each antenna in electronic device 100 may be used to cover a single or multiple communication frequency bands. Different antennas can also be reused to improve antenna utilization. For example: a cellular network antenna can be reused as a wireless LAN diversity antenna. In some embodiments, antennas may be used in conjunction with tuning switches.

The radio frequency module 350 may provide a communication processing module including solutions for wireless communication such as 2G/3G/4G/5G applied on the electronic device 100 . The radio frequency module 350 may include at least one filter, switch, power amplifier, low noise amplifier (LNA), etc. The radio frequency module 350 receives electromagnetic waves from the antenna 1, performs filtering, amplification and other processing on the received electromagnetic waves, and transmits them to the modem for demodulation. The radio frequency module 350 can also amplify the signal modulated by the modem and convert it into electromagnetic waves through the antenna 1 for radiation. In some embodiments, at least part of the functional modules of the radio frequency module 350 may be disposed in the processor 310 . In some embodiments, at least part of the functional modules of the radio frequency module 350 and at least part of the modules of the processor 310 may be provided in the same device.

A modem may include a modulator and a demodulator. The modulator is used to modulate the low-frequency baseband signal to be transmitted into a medium-high frequency signal. The demodulator is used to demodulate the received electromagnetic wave signal into a low-frequency baseband signal. The demodulator then transmits the demodulated low-frequency baseband signal to the baseband processor for processing. After the low-frequency baseband signal is processed by the baseband processor, it is passed to the application processor. The application processor outputs sound signals through audio devices (not limited to speaker 370A, receiver 370B, etc.), or displays images or videos through display screen 394. In some embodiments, the modem may be a stand-alone device. In some embodiments, the modem may be independent of the processor 310 and may be provided in the same device as the radio frequency module 350 or other functional modules.

The communication module 360 can provide applications on the electronic device 100 including wireless local area networks (WLAN) (such as wireless fidelity (Wi-Fi) network), Bluetooth (blue tooth, BT), and global navigation satellites. Communication processing module for wireless communication solutions such as global navigation satellite system (GNSS), frequency modulation (FM), near field communication (NFC), infrared technology (infrared, IR). The communication module 360 may be one or more devices integrating at least one communication processing module. The communication module 360 receives electromagnetic waves via the antenna 2 , frequency modulates and filters the electromagnetic wave signals, and sends the processed signals to the processor 310 . The communication module 360 can also receive the signal to be sent from the processor 310, frequency modulate it, amplify it, and convert it into electromagnetic waves through the antenna 2 for radiation.

In some embodiments, the antenna 1 of the electronic device 100 is coupled to the radio frequency module 350, and the antenna 2 is coupled to the communication module 360, so that the electronic device 100 can communicate with the network and other devices through wireless communication technology. The wireless communication technology may include global system for mobile communications (GSM), general packet radio service (GPRS), code division multiple access (CDMA), broadband Code division multiple access (wideband code division multiple access, WCDMA), time division code division multiple access (time-division code division multiple access, TD-SCDMA), long term evolution (long term evolution, LTE), BT, GNSS, WLAN, NFC , FM, and/or IR technology, etc. The GNSS may include global satellite positioning system (satellite based augmentation systems, SBAS), global navigation satellite system (global navigation satellite system, GLONASS), Beidou navigation satellite system (BeiDou navigation satellite system, BDS), quasi-zenith satellite system ( Quasi-Zenith satellite system (QZSS) and/or satellite based augmentation systems (SBAS).

The electronic device 100 implements display functions through a GPU, a display screen 394, an application processor, and the like. The GPU is an image processing microprocessor and is connected to the display screen 394 and the application processor. GPUs are used to perform mathematical and geometric calculations for graphics rendering. Processor 310 may include one or more GPUs that execute program instructions to generate or alter display information.

The display screen 394 is used to display images, videos, etc. For example, the display screen 394 can display an incoming call reminder interface and a voice call interface. In this embodiment of the present application, if the electronic device 100 receives an in-application call request initiated by the peer in the first application, the display screen 394 of the electronic device 100 may display a voice call interface including the business information of the first application. Display 394 includes a display panel. The display panel can use a liquid crystal display (LCD), an organic light-emitting diode (OLED), an active matrix organic light emitting diode or an active matrix organic light emitting diode (active-matrix organic light). emitting diode (AMOLED), flexible light-emitting diode (flex light-emitting diode (FLED), Miniled, MicroLed, Micro-oLed, quantum dot light emitting diodes (QLED), etc. In some embodiments, the electronic device 100 may include 1 or N display screens 394, where N is a positive integer greater than 1.

The electronic device 100 can implement the shooting function through an ISP, camera 393, video codec, GPU, display screen, application processor, etc.

The ISP is used to process the data fed back by the camera 393. For example, when taking a photo, the shutter is opened, the light is transmitted to the camera sensor through the lens, the optical signal is converted into an electrical signal, and the camera sensor passes the electrical signal to the ISP for processing, and converts it into an image visible to the naked eye. ISP can also perform algorithm optimization on image noise, brightness, and skin color. ISP can also optimize the exposure, color temperature and other parameters of the shooting scene. In some embodiments, the ISP may be provided in the camera 393.

Camera 393 is used to capture still images or video. The object passes through the lens to produce an optical image that is projected onto the photosensitive element. The photosensitive element can be a charge coupled device (CCD) or a complementary metal-oxide-semiconductor (CMOS) phototransistor. The photosensitive element converts the optical signal into an electrical signal, and then passes the electrical signal to the ISP to convert it into a digital image signal. ISP outputs digital image signals to DSP for processing. DSP converts digital image signals into standard RGB, YUV and other format image signals. In some embodiments, the electronic device 100 may include 1 or N cameras 393, where N is a positive integer greater than 1.

Digital signal processors are used to process digital signals. In addition to digital image signals, they can also process other digital signals. For example, when the electronic device 100 selects a frequency point, the digital signal processor is used to perform Fourier transform on the frequency point energy.

Video codecs are used to compress or decompress digital video. Electronic device 100 may support one or more video codecs. In this way, the electronic device 100 can play or record videos in multiple encoding formats, such as moving picture experts group (MPEG) 1, MPEG2, MPEG3, MPEG4, etc.

NPU is a neural network (NN) computing processor. By drawing on the structure of biological neural networks, such as the transmission mode between neurons in the human brain, it can quickly process input information and can continuously learn by itself. Intelligent cognitive applications of the electronic device 100 can be implemented through the NPU, such as image recognition, face recognition, speech recognition, text understanding, etc.

The external memory interface 320 can be used to connect an external memory card, such as a Micro SD card, to expand the storage capacity of the electronic device 100. The external memory card communicates with the processor 310 through the external memory interface 320 to implement the data storage function. Such as saving music, videos, etc. files in external memory card.

Internal memory 321 may be used to store computer executable program code, which includes instructions. The processor 310 executes instructions stored in the internal memory 321 to execute various functional applications and data processing of the electronic device 100 . The memory 121 may include a program storage area and a data storage area. Among them, the stored program area can store an operating system, at least one application program required for a function (such as a sound playback function, an image playback function, etc.). The storage data area may store data created during use of the electronic device 100 (such as audio data, phone book, etc.). In addition, the memory 121 may include high-speed random access memory, and may also include non-volatile memory, such as at least one disk storage device, a flash memory device, other volatile solid-state storage devices, universal flash storage (UFS), etc. .

The electronic device 100 can use the audio module 370, the speaker 370A, the receiver 370B, the microphone 370C, Headphone interface 370D, and application processor implement audio functions. Such as music playback, recording, etc.

The audio module 370 is used to convert digital audio information into analog audio signal output, and is also used to convert analog audio input into digital audio signals. Audio module 370 may also be used to encode and decode audio signals. In some embodiments, the audio module 370 may be provided in the processor 310 , or some functional modules of the audio module 370 may be provided in the processor 310 .

Speaker 370A, also called "speaker", is used to convert audio electrical signals into sound signals. Electronic device 100 can listen to music through speaker 370A, or listen to hands-free calls.

Receiver 370B, also called "earpiece", is used to convert audio electrical signals into sound signals. When the electronic device 100 answers a call or a voice message, the voice can be heard by bringing the receiver 370B close to the human ear.

Microphone 370C, also known as "microphone" and "microphone", is used to convert sound signals into audio electrical signals. When making a call or sending a voice message, the user can speak close to the microphone 370C with the human mouth and input the sound signal to the microphone 370C. The electronic device 100 may be provided with at least one microphone 370C. In some embodiments, the electronic device 100 may be provided with two microphones 370C, which in addition to collecting sound signals, may also implement a noise reduction function. In some embodiments, the electronic device 100 can also be equipped with three, four or more microphones 370C to collect sound signals, reduce noise, identify sound sources, and implement directional recording functions, etc.

The headphone interface 370D is used to connect wired headphones. The headphone interface 370D can be a USB interface 330, or a 3.5mm open mobile terminal platform (OMTP) standard interface, or a Cellular Telecommunications Industry Association of the USA (CTIA) standard interface.

The buttons 390 include a power button, a volume button, etc. Key 390 may be a mechanical key. It can also be a touch button. The electronic device 100 receives key 390 input and generates key signal input related to user settings and function control of the electronic device 100 .

Motor 391 can produce vibration prompts. Motor 391 can be used for vibration prompts for incoming calls and can also be used for touch vibration feedback. For example, touch operations for different applications (such as taking pictures, audio playback, etc.) can correspond to different vibration feedback effects. Touch operations acting on different areas of the display screen 394 may also correspond to different vibration feedback effects. Different application scenarios (such as time reminders, receiving information, alarm clocks, games, etc.) can also correspond to different vibration feedback effects. The touch vibration feedback effect can also be customized.

The indicator 392 may be an indicator light, which may be used to indicate charging status, power changes, or may be used to indicate messages, missed calls, notifications, etc.

SIM card interface 395 is used to connect SIM. The SIM card can be connected to or separated from the electronic device 100 by inserting it into the SIM card interface 395 or pulling it out from the SIM card interface 395 . The electronic device 100 can support 1 or N SIM card interfaces, where N is a positive integer greater than 1. SIM card interface 395 can support Nano SIM card, Micro SIM card, SIM card, etc. The same SIM card interface 395 can insert multiple cards at the same time. The types of the plurality of cards may be the same or different. The SIM card interface 395 is also compatible with different types of SIM cards. The SIM card interface 395 is also compatible with external memory cards. The electronic device 100 interacts with the network through the SIM card to implement functions such as calls and data communications. In some embodiments, the electronic device 100 employs an eSIM, an embedded SIM card. The eSIM card can be embedded in the electronic device 100 and cannot be separated from the electronic device 100 .

The software system of the electronic device 100 may adopt a layered architecture, an event-driven architecture, a microkernel architecture, a microservice architecture, or a cloud architecture. The embodiment of the present invention takes the Android system with a layered architecture as an example to illustrate the electronic device Prepare the software structure of 100.

FIG. 4B is a software structure block diagram of the electronic device 100 according to the embodiment of the present invention. The layered architecture divides the software into several layers, and each layer has clear roles and division of labor. The layers communicate through software interfaces. In some embodiments, the Android system is divided into four layers, from top to bottom: application layer, application framework layer, Android runtime and system libraries, and kernel layer.

The application layer can include a series of application packages.

As shown in Figure 4B, the application package may include applications such as camera, gallery, calendar, phone (i.e., the "phone" application in the embodiment of this application), map, navigation, WLAN, Bluetooth, music, video, short message, etc.

The application framework layer provides an application programming interface (API) and programming framework for applications in the application layer. The application framework layer includes some predefined functions.

As shown in Figure 4B, the application framework layer may include a window manager, a content provider, a view system, a phone manager, a resource manager, a notification manager, and a risk identification module.

The risk identification module can implement the risk identification method provided in this embodiment by interacting with other modules in the application framework layer, applications in the application layer, databases in the system library, and drivers in the kernel layer. It should be noted that this implementation takes the risk identification module arranged at the application framework layer as an example for explanation. In other embodiments, the risk identification module can be deployed in other layers or implemented by other modules. For example, the function of the risk identification module described in the embodiment of this application can be implemented by a "phone" application or as an independent application. In order to facilitate the description of the overall solution, the following embodiment is introduced by taking the execution subject as the electronic device 100 as an example.

A window manager is used to manage window programs. The window manager can obtain the display size, determine whether there is a status bar, lock the screen, capture the screen, etc. Content providers are used to store and retrieve data and make this data accessible to applications. Said data can include videos, images, audio, calls made and received, browsing history and bookmarks, phone books, etc. The view system includes visual controls, such as controls that display text, controls that display pictures, etc. A view system can be used to build applications. The display interface can be composed of one or more views. For example, the dial pad interface 20 and the prompt information interface 21 are shown in Figure 2B. For example, the dial pad interface 20 can display a "dial pad", a view of the called number, a "dial" icon, and other functionalities. The view of the control.

The phone manager is used to provide communication functions of the electronic device 100 . For example, call status management (including connected, hung up, etc.). The resource manager provides various resources to applications, such as localized strings, icons, pictures, layout files, video files, etc. The notification manager allows applications to display notification information in the status bar, which can be used to convey notification-type messages and can automatically disappear after a short stay without user interaction. For example, the notification manager is used to notify download completion, message reminders, etc. The notification manager can also be notifications that appear in the status bar at the top of the system in the form of charts or scroll bar text, such as notifications for applications running in the background, or notifications that appear on the screen in the form of conversation windows. For example, text information is prompted in the status bar, a beep sounds, the electronic device vibrates, the indicator light flashes, etc.

Android runtime includes core libraries and virtual machines. Android runtime is responsible for the scheduling and management of the Android system. The core library contains two parts: one is the functional functions that need to be called by the Java language, and the other is the core library of Android.

The application layer and application framework layer run in virtual machines. The virtual machine combines the application layer and application The java files of the framework layer are executed as binary files. The virtual machine is used to perform object life cycle management, stack management, thread management, security and exception management, and garbage collection and other functions.

System libraries can include multiple functional modules. For example: surface manager (surface manager), media libraries (media libraries), 3D graphics processing libraries (for example: openGL ES), 2D graphics engines (for example: SGL), etc.

The surface manager is used to manage the display subsystem and provides the fusion of 2D and 3D layers for multiple applications. The media library supports playback and recording of a variety of commonly used audio and video formats, as well as static image files, etc. The media library can support a variety of audio and video encoding formats, such as: MPEG4, H.264, MP3, AAC, AMR, JPG, PNG, etc. The 3D graphics processing library is used to implement 3D graphics drawing, image rendering, composition, and layer processing. 2D Graphics Engine is a drawing engine for 2D drawing.

The kernel layer is the layer between hardware and software. The kernel layer contains at least display driver, camera driver, audio driver, and sensor driver.

Based on the application environment shown in Figure 3 and the hardware structure and software architecture of the electronic device shown in Figures 4A and 4B, taking the electronic device 100 executing the embodiment of the present disclosure as an example, the embodiment of the present disclosure provides a risk For the identification method, see Figure 5. The method flow provided by the embodiment of the present disclosure includes:

S501. When the electronic device 100 detects that a specific scene is triggered, obtain the first information generated by the electronic device 100.

The specific scenario can be understood as a scenario in which the electronic device 100 is temporarily unable to make a communication connection. For example, the specific scenario may include that the electronic device 100 is in a do not disturb mode, the electronic device 100 is set to call forwarding, and the electronic device 100 is set to reject unknown calls. Then, the electronic device 100 is set to airplane mode, etc. The electronic device 100 can detect whether a specific scene is triggered by monitoring the application process or monitoring the interactive interface. For example, referring to FIG. 2A , the user can set call transfer based on the call transfer menu interactive interface 10, and the electronic device 100 can detect whether the specific scene is triggered by monitoring the user interface. Based on the operation of the interactive interface 10, it is detected whether the setting call transfer operation occurs. For another example, the user can set whether to turn on the Do Not Disturb mode based on the menu setting interactive interface, and the electronic device 100 can detect whether the operation of turning on the Do Not Disturb mode occurs by monitoring the operation of the menu setting interactive interface.

The first information may be information generated by the electronic device 100 when the first moment is detected or within a preset time period before the first moment. The first moment here refers to the moment when a specific scene is triggered. For example, before the first moment The preset time period can be 5 minutes before the first time, 10 minutes before the first time, etc. It should be noted that the first information, the number information in the first information, and the environmental information in the first information involved in this embodiment all refer to the first moment or the preset time period before the first moment. The embodiment does not limit this.

The first information includes information related to a specific environment. For example, the first information includes number information generated when the specific environment is a call transfer scenario. The first information may also include environmental information generated when the specific environment is setting call transfer, do not disturb mode, etc. The environmental information may be a phone call event, an application running event and/or a function running event, an application download event or an application installation event. , application interaction events, etc. It should be noted that environmental information can be generated in any specific environment, such as setting call forwarding, setting do not disturb mode, setting flight mode, setting rejection of unknown calls, etc.; number information is generated in a specific environment involving number settings. , for example, set up call forwarding, etc.

Optionally, the phone call event refers to the call application of the electronic device 100 being running at the first moment or running within a preset time period before the first moment. If it is determined that the call application is running, the electronic device 100 obtains the call application The generated current call number is used; if it is determined that the call application has been run within the preset time period before the first moment, the electronic device 100 obtains the historical call number generated by the call application. Among them, the historical call numbers can be all the peer call numbers within the preset time (such as 10 minutes) before the first moment.

Optionally, the above-mentioned application running event and/or function running event refers to the current running or running of the application in the electronic device 100, and the current running or running of the function corresponding to the application. For example, application A is running at the first moment, or application A has been run within the preset time period before the first moment, or the function corresponding to application A is running at the first moment, or preset before the first moment Assume that the function corresponding to application A has been run within the duration. In this embodiment, the electronic device 100 can determine whether an application is running or is in a certain functional mode by querying the current process. Optionally, the electronic device can also determine whether the application has been run or the electronic device 100 has been in a certain functional mode within a preset time period before the first time based on information such as the running start time and running end time of the application or function. For example, the last running start time of application A is 17:38 on June 16, 2022, its last running end time is 17:50 on June 16, 2022, and the first time is 17:52 on June 16, 2022 , the default duration before the first moment is 30 minutes before the first moment. Obviously, application A ran 30 minutes before the first moment. It should be noted that if an application only has the last running start time but no last running end time, it can also mean that the application is running. Optionally, the app can run in the foreground, and the app can also run in the background. Optionally, the electronic device 100 can also obtain application and/or function running events from the log corresponding to each application. Alternatively, an interaction strategy between each application and the risk identification module of the electronic device 100 can also be agreed upon. The interaction strategy is specifically expressed as sending a request to the risk identification module when the application starts running or ends running, and/or when the function of the application is turned on or off. The corresponding operation time and operation type of the operation are sent, so that the risk identification module summarizes and obtains application running events and/or function running events based on this information.

Optionally, the above-mentioned application download event or application installation event refers to that the application in the electronic device 100 is being downloaded or installed, or that the application has completed downloading or installation. Alternatively, the electronic device 100 may determine whether an application is being downloaded or installed by querying the current process. Alternatively, the electronic device may determine whether an application is being downloaded or installed based on the download start time and end time, and the installation start time and end time of the application. Alternatively, the electronic device may determine whether an application has been downloaded or installed within a preset time period before the first time based on the download start time and end time, and the installation start time and end time of the application.

Optionally, the above-mentioned application interaction event refers to the interaction generated by the application feeding back information to the risk identification module of the electronic device 100. For example, an application with risk identification and reminder can generate risk prompt information and send it to In the risk identification module of electronic equipment. The electronic device 100 can detect in real time whether interaction information with the application is generated, and thereby identify risky operations based on the interaction information.

Optionally, in a specific scenario where call forwarding is set, the first information may include a call forwarding number, or the first signal may include the local number and the call forwarding number, or the first information may include a number indicating the local number. The first identification and call forwarding number. The first identifier may be the terminal's IP address, IMSI, or other identifier that can be associated with the local number. For example, the electronic device 100 can send a call forwarding setting request carrying a first identification and a call forwarding number to the server. In this case, the server can determine the local number of the electronic device 100 based on the first identification, thereby based on the local number. The number and call forwarding number set the call forwarding function of the local number in the electronic device 100 . That is, the first identification is used to enable the server to determine the number associated with it. For example, the first information in the setting request sent by the electronic device 100 to the server only contains the call forwarding number. At this time, the server can directly extract the identification corresponding to the electronic device, such as the IP address, when establishing a network layer connection with the electronic device. To determine the corresponding local number. Optionally, the first information may also include other information that can provide risk identification for the electronic device 100, which is not limited in this embodiment.

S502. The electronic device 100 performs risk identification of the current operation based on the first information, and determines whether the electronic device 100 has a risky operation.

According to the obtained different first information, the risk identification of the current operation performed by the electronic device 100 based on the first information includes multiple aspects:

Aspect 1: In a specific scenario where the electronic device 100 detects a call forwarding setting operation, the obtained first information at least includes a call forwarding number. The electronic device 100 can determine whether the call forwarding number is a security number. Here, the security number can be understood as a number in a preset white list in the electronic device 100, or a number in the address book of the electronic device 100, or a number in the electronic device 100. Another local SIM card number, or a number whose owner information is the same as the owner information of this phone number. If the electronic device 100 determines that the call forwarding number is a safe number based on the above conditions, it determines that the current operation does not involve a risky operation; if it determines that the call forwarding number is not a safe number, it determines that the current operation involves a risky operation. For another example, the electronic device 100 can also determine whether the call forwarding number is a risk number. The risk number may include a number in a blacklist in the electronic device 100 or a risk number marked by a third-party risk identification platform. If the electronic device 100 determines that the call forwarding number is a risk number based on the above conditions, it determines that the current operation involves a risky operation; if it determines that the call forwarding number is not a risk number, it determines that the current operation does not involve a risky operation.

Optionally, the first information may include a call forwarding number, or a local number and a call forwarding number, or a first identification associated with the local number and a call forwarding number. In the above situation where the electronic device 100 determines whether the owner information of the call forwarding number is consistent with the owner information of the local number, the electronic device 100 may send an owner information query request carrying the first information to the server, so that the server can query the owner information based on the first information. After acquiring the owner information of the local number and the call forwarding number, a query response carrying the owner information of the local number and the call forwarding number is returned to the electronic device 100 . The electronic device 100 compares the received owner information of the local number and the owner information of the call forwarding number. If the two are consistent, it is determined that there is no risky operation in the current operation; if the two are inconsistent, it is determined that the current operation exists. Risky operations. Alternatively, the electronic device 100 may also send a comparison result query request carrying the first information to the server, so that the server obtains the owner information of the local number and the owner information of the call forwarding number based on the first information and performs comparison. After obtaining the comparison result of whether the owner information of the local number and the call forwarding number are consistent, a query response carrying the comparison result is returned to the electronic device 100 . If the electronic device 100 determines that the received comparison result indicates that the two are consistent, it determines that the current operation does not include a risky operation; if the comparison result indicates that the two are inconsistent, it determines that the current operation includes a risky operation. Optionally, the electronic device 100 can also make a comprehensive judgment based on the above multiple types of information to determine whether the current operation involves a risky operation.

Aspect 2: The electronic device 100 may be in any of the above specific scenarios, and the first information it obtains includes environmental information. The electronic device 100 determines whether the current operation is a risky operation based on the environmental information in step S501.

Optionally, in one case, the environmental information is a phone call event, and its corresponding risk operation is that the call number is a risk number, and/or the call number is not a safe number. If the electronic device 100 determines that a phone call event is generated, it means that the call application is running, or that the call application has been run within a preset time period before the first moment is detected. In this case, taking the call application as "phone" as an example, the electronic device 100 can obtain "phone" The call number of the application. For example, if the "Phone" application is running, the current call number is obtained; if the "Phone" application has been run within the preset time period before the first moment, the historical call number is obtained, or by requesting the "Phone" application. "The application obtains its historical call records to determine whether historical calls have occurred within the preset time period before the first moment, so as to obtain the corresponding historical call number. The electronic device 100 performs risk operation identification based on the current call number and/or the historical call number, including determining whether the current call number is a safe number or a risk number, and determining whether the historical call number is a safe number or a risk number. The specific determination is The method is the same as the above one: determine whether the call forwarding number is a safe number or a risk number. When the electronic device 100 determines that the historical call number is a safe number, or determines that the historical call number is not a risk number, or determines that the historical call number is both a safe number and not a risk number, it is determined that there is no risky operation. After it is determined that the historical call number is not a safe number, or it is determined that the historical call number is a risk number, or it is determined that the historical call number is both a safe number and a risk number, it is determined whether the current operation contains a risky operation.

Optionally, the electronic device 100 can also obtain the risk identification result of the call application. For example, the call application has the function of risk identification based on the call number. After determining that a phone call event occurs, the electronic device 100 sends a query history call number to the call application. Or to request whether the current call number is risky, the call application performs risk identification on the call number and returns the identification result to the electronic device 100, so that the electronic device 100 determines whether the call number is risky based on the identification result.

Optionally, in another case, the environment information is an application running event and/or a function running event, and the corresponding risk operation refers to the existence of a specific application running, or the existence of a specific application preset before the first moment. has been run within the time period, or there is a specific function of a specific application that is running, or there is a specific function of a specific application that has been run within the preset time period before the first moment. The specific application here can be an application with screen sharing or remote control mode, and its corresponding specific function can be enabled by screen sharing or remote control mode. Optionally, the specific application can also be a payment application, and the corresponding specific function can be the execution of payment or transfer activities. Optionally, the specific function may also be a functional mode of the electronic device, for example, the electronic device is in the system do not disturb mode, the system shared desktop mode, or the system remote control mode.

The electronic device 100 can determine whether there is a specific application and/or function running event by querying the current process. For example, by querying the current process, the electronic device 100 determines that the electronic device is in the sharing mode through a specific application A with a sharing function, and then determines that the current operation involves a risky operation. For another example, the electronic device 100 determines that a specific application B with a payment function is running by querying the current process, and then determines that the current operation involves a risky operation. Optionally, the electronic device 100 can also determine whether the specific application has been run within the preset time period before the first time based on the running start time and the running end time of the specific application. If it is determined that the specific application has been run within the preset time period before the first time, If it has been run, it is determined that the current operation contains risky operations.

Optionally, in another case, the environment information is an application download event or an application installation event, and the corresponding risky operation refers to the behavior of downloading or installing a risky application. In this embodiment, the electronic device 100 can determine whether the application is a risk application based on the results of real-time query to the three-party risk identification platform; or, the electronic device 100 can also directly obtain the risk application list from the three-party risk identification platform and determine based on the risk application list. Whether the application is a risk application; alternatively, the electronic device can also determine whether the application is a risk application based on a pre-stored locally risk application list. For example, the electronic device 100 can determine whether there is a download or installation of an application at the first moment or within a preset time period before the first moment by querying the current process and the process log. If there is a downloaded or installed application, determine the application. Whether it is a risky application. If it is a risky application, determine whether the current operation exists. Risk operation; if the downloaded or installed application is not a risk application, it is determined that the current operation does not involve a risk operation.

Optionally, in another case, the environment information is an application interaction event, and the corresponding risk operation refers to receiving a risk warning message sent by a specific application. The specific application here can be an application with risk identification and risk prompts. For example, some payment applications ensure the safety of payment operations. Generally, these payment applications have risk identification of the payment environment. If the payment application detects risks in its payment environment, , then send a risk reminder message to the risk identification module; for another example, when some communication applications (such as phone calls, text messages, instant messaging software, etc.) detect that the user uses an electronic device to communicate with a risk number or account, they send a risk warning message to the risk identification module. Prompt messages; for another example, some security management applications (such as Mobile Guard, etc.) send risk prompt messages to the risk identification module when detecting specific risk behaviors on electronic devices. If the risk identification module of the electronic device 100 receives the risk reminder information sent by these specific applications at the first moment or within a preset time period before the first moment, it determines that the current operation contains a risky operation.

It should be noted that the premise for a specific application to interact with the risk identification module of the electronic device 100 is that the interaction strategy has been clearly defined between the risk identification module of the electronic device 100 and the specific application. For example, the specific application determines that there is a risky operation and generates risks. After prompting the information, the risk prompt information will be fed back to the risk identification module based on the interaction strategy, so that the risk identification module performs risk identification operations based on the risk prompt information. The specific interaction strategy can be determined according to the actual situation, and this embodiment does not limit this .

Aspect 3: Based on the number information and environmental information in the first information, the electronic device 100 performs corresponding risk identification using the methods provided by aspects 1 and 2 above, thereby determining whether there is a risky operation in the current environment. Optionally, the way in which the electronic device 100 performs risk identification based on different contents of the first information is not limited to one. The electronic device 100 can combine different risk identification ways, and perform analysis on the current environment according to a certain execution sequence or execution logic. Risk identification, if at least one of the multiple risk identification methods indicates that there is a risky operation in the current environment, it is determined that there is a risky operation in the current environment; if multiple risk identification methods all indicate that there is no risky operation in the current environment , it is determined that there are no risky operations in the current environment. It should be noted that in this embodiment, the execution logic of multiple risk identification methods is not limited. For example, multiple risk identification methods can all be executed simultaneously and in parallel; some of them can be executed simultaneously and some of them sequentially; or all of them can be executed sequentially. implement. The execution sequence is determined according to actual conditions, and is not limited in this embodiment.

S503. When it is determined that the electronic device 100 has a risky operation, output risk warning information.

Among them, the risk warning information indicates that there are risky operations in the current environment, and the purpose is to remind the user to terminate the setting operation of the current specific scenario, or to remind the user of the risk of the setting operation of the current specific scenario. In this embodiment, when the electronic device 100 determines that a risky operation exists in the current environment based on the first information, the electronic device 100 may output the risk warning information in a variety of ways.

Optionally, the electronic device 100 can display risk warning information in the current interactive interface. For example, in a specific scenario of setting the call forwarding function by dialing, the electronic device detects that setting the call forwarding function is triggered, and the electronic device 100 bases the local number and the call forwarding number 137******** in the first information on , as well as the owner information of the local number and the owner information of the call forwarding number obtained from the server, it is determined that the call forwarding number is a risk number, and the electronic device can display the risk warning information interface 22 based on the current interface 20, please refer to Figure 6 As shown in the figure, the risk warning information interface 22 includes the risk warning information that "the call transfer number 137******** is a risk number". Optionally, the risk warning information interface 22 may also include the risk warning information of "Please confirm whether to continue setting.""Calltransfer" is re-determined when the electronic device 100 detects that the user triggers the "cancel" control based on the risk warning information interface 22 In this case, the electronic device 100 cancels the operation of setting call forwarding. Optionally, the user may also choose to continue setting call forwarding. When the electronic device 100 detects that the user triggers the "OK" control based on the risk warning information interface 22, the electronic device 100 continues to perform the operation of setting call forwarding.

For another example, in a scenario where the do-not-disturb mode is set, the electronic device 100 detects that the do-not-disturb mode is triggered and obtains the first information. In this scenario, the electronic device 100 can determine the current situation based on the environmental information in the first information. If there are risky operations in the environment, the risk warning information interface can be displayed in the current interface. Here, the risk warning information interface can include the reminder "The current operation is risky, please confirm whether to continue" and the content of secondary determination. Similarly, The risk warning information interface may also include "OK" and "Cancel" controls for triggering the user to confirm and cancel operations. If the electronic device 100 detects that the "Cancel" control is triggered, the do not disturb mode is cancelled; If the electronic device 100 detects that the "OK" control is triggered, it continues to perform the operation of setting the do not disturb mode. It should be noted that the user can also directly perform the secondary confirmation or cancellation operation through voice input. This embodiment does not limit the specific implementation method of the user's secondary confirmation or cancellation operation.

Optionally, the electronic device 100 can also output risk warning information in other ways, for example, by outputting risk warning audio through audio output devices such as speakers and earpieces in the electronic device 100. The risk warning audio can be a buzzer, an alarm, etc. , which can also be audio including voice content. For example, in a specific scenario where the call forwarding function is set and the electronic device 100 determines that the call forwarding number is a risk number, the electronic device 100 outputs a risk warning audio, and the voice content of the audio may include "Call forwarding number 137*** ***** is a risk number, please confirm whether to continue setting up call forwarding". Further, the electronic device 100 can also output a prompt interface including confirmation and cancellation on the current interface for the user to confirm again. When the user selects OK or Cancel After cancellation, the risk warning audio prompt is released, and corresponding operations are performed based on the operation triggered by the user. In other specific scenarios, the risk warning audio output through the audio output device is similar, and will not be described in detail in this implementation.

Optionally, other methods may also include the electronic device 100 triggering an identity verification operation and outputting risk warning information through voice or a display interface. For example, the identity verification operation may include performing face recognition based on the current interface of the electronic device, and collecting the collected information. The facial features of the electronic device 100 are matched with the existing facial features in the electronic device 100. If the matching is passed, the risk warning information is output through the voice or display interface. Furthermore, the electronic device 100 can also output the information including confirmation, The cancellation prompt interface is used for the user to confirm again. After the user selects confirmation or cancellation, the risk warning audio prompt is released, and corresponding operations are performed based on the operation triggered by the user; if the electronic device 100 determines that the facial feature matching fails, then It is noted that the electronic device 100 may be in a lost state. At this time, the electronic device 100 may perform a lock screen operation based on the current display interface and force the user to terminate the setting operation of a specific scene.

Optionally, during the above-mentioned user re-determination process, if the electronic device 100 detects that the user triggers a cancellation operation, the electronic device 100 may further output information on the current interface that the setting of the specific scene failed. For example, in a specific scenario of setting the call transfer function, if the electronic device 100 detects that the user triggers a cancellation operation, it can output information on the current interface that the call transfer failed to be set; in a specific scenario of setting the do not disturb mode, the electronic device 100 If it is detected that the user triggers the cancellation operation, information indicating that the setting of the do-not-disturb mode failed can be output on the current interface, which is not limited in this embodiment.

Combined with the contents of the above embodiments, optionally, after the electronic device 100 outputs the risk warning information, the electronic device 100 may also perform the following steps:

S504. When the electronic device 100 detects the cancellation operation, output a prompt message indicating that the setting fails.

Optionally, the user can perform the cancellation operation by triggering the cancel control in the interactive interface. The user can also perform the cancellation operation by inputting "cancel" by voice. Alternatively, the user can also double-click the designated keys such as the "home" key and the volume key. Wait for the specified operation to perform the cancellation operation, which is not limited in this embodiment. When the electronic device 100 detects the cancellation operation, the electronic device 100 executes terminating the current specific scene while outputting the prompt message of the setting failure, or after outputting the prompt message of the setting failure, or before outputting the prompt message of the setting failure. For example, if the call forwarding is currently being set, the electronic device 100 terminates the operation of sending the call forwarding setting request to the server 101; for another example, if the do not disturb mode is currently being set, the electronic device 100 terminates the system. The electronic device 100 is set to operate in the do-not-disturb mode, that is, the electronic device 100 is prohibited from turning on the do-not-disturb mode.

S505. When the electronic device 100 detects the determination operation, output a prompt message indicating that the setting is successful.

Correspondingly, the user can perform the secondary determination operation by triggering the determination control in the interactive interface. The user can also perform the secondary determination operation by voice inputting "OK" or "Confirm" or "Continue". Alternatively, the user can also perform the secondary determination operation by Specific operations such as double-clicking on designated keys such as the "home" key and volume keys are performed to perform a secondary determination operation, which is not limited in this embodiment. When the electronic device 100 detects the determination operation, before outputting a prompt message indicating that the setting is successful, the electronic device 100 continues to perform the setting operation of the current specific scenario. For example, if the call transfer is currently being set, the electronic device 100 continues to send a message to the server. 102 sends an operation of setting a call transfer request to complete the operation of setting a call transfer; for another example, if the do-not-disturb mode is currently set, the electronic device 100 performs an operation of turning on the do-not-disturb mode.

Optionally, after successfully setting up a specific scenario, the electronic device can also continue to perform risk identification. In an optional embodiment, after the specific scene is successfully set or within a preset time period after the successful setting, if the electronic device determines that there is a risky operation based on the risk identification method, the reminder information is output, and the reminder information is used to remind The user cancels the corresponding specific scene settings.

Optionally, the electronic device can output reminder information on the current interface. For example, if the electronic device detects a risky operation within 10 minutes after the user sets the call transfer function, the electronic device will output reminder information. The reminder information is "The current scene exists." Risky operation, please cancel the setting of call forwarding function." Optionally, the electronic device can also play a voice reminder message, for example, play a voice reminder message of "There are risky operations in the current scene, please cancel the setting of the call transfer function."

This is considering that in actual situations, some risky operations may also occur after setting a specific scene. Based on this situation, after the specific scene is successfully set, the electronic device still detects whether there are risky operations, which can further improve the device security of the electronic device. , to avoid being used by fraudsters. It can be understood that the risk identification method after the electronic device is successfully set up in a specific scenario can refer to the above embodiments, and will not be described again here.

In the risk identification method provided in the above embodiments, when the electronic device 100 detects that certain specific scenarios are triggered, it can obtain the first information generated in the specific scenario. The first information includes environmental information corresponding to the specific scenario. or number information, so that the electronic device 100 can determine whether there is a risky operation in the current environment based on the first information, and if it is determined that there is a risky operation, promptly output the risk warning information, suspend the setting operation of the specific scenario, and realize the operation in the specific scenario. Effective identification of risky operations and risk early warning provide users with effective risk reminders, reduce the probability of users performing risky operations to a certain extent, and enhance users' information security and property security. At the same time, it prevents risky operations from occurring and avoids them to a certain extent. The situation where the electronic equipment used by the user is used by a specific user avoids the problem of a specific user using the electronic equipment used by the user to hinder or interfere with the staff's early warning work.

In some embodiments, in conjunction with the solution of the embodiment provided in Figure 5, when the first information includes number information, an implementation method for implementing the risk identification method is provided:

In this implementation, the electronic device 100 can perform risk identification on the target number in the number information according to a preset identification method. The preset identification method can include determining whether the target number is a safe number, or determining whether the target number is a risk number. Identification judgments in two dimensions. The safe number here refers to a number that does not have harassment marking or risk marking in the conventional sense, or a custom whitelist number, or a number that has the same owner as the user number; risk number refers to a number that is registered on the user or risk identification platform Numbers marked with risks, or numbers in the preset blacklist, etc.

For example, in a specific scenario of setting call forwarding, the target number is the call forwarding number.

The following descriptions will be made respectively from the dimensions of the electronic device 100 determining whether the target number is a safe number and whether the target number is a risk number.

Dimension 1: In a feasible solution of this embodiment, the electronic device 100 determines whether the target number is a safe number, including the following methods:

Method 1: The electronic device 100 determines whether the target number is the local SIM card number.

For example, the electronic device 100 can directly determine whether the target number is the local number. The electronic device 100 can obtain the local SIM card number information. If the target number is consistent with any number in the local SIM card number information, the target number is considered to be the same. It is a security number; if the target number is inconsistent with all the numbers in the local SIM card number information, the target number is considered not a security number.

Method 2: The electronic device 100 determines whether the target number is in the local address book.

In this embodiment, the electronic device 100 can obtain the local address book information from the local register, or the electronic device 100 can interact with the "Phone" application to obtain the local address book information. Optionally, the local address book information includes at least one known number marked with a name.

For example, after obtaining the target number, the electronic device 100 can match the target number with all known numbers in the local address book. If the matching is successful, that is, there is a known number consistent with the target number in the local address book. , the target number is considered a safe number; if the match fails, that is, there is no known number consistent with the target number in the local address book, the target number is not a safe number.

Method 3: The electronic device 100 determines whether the target number is in the white list.

The white list can be understood as a list of numbers with higher security that is pre-stored in the electronic device 100. After obtaining the target number, the electronic device 100 matches the target number with the numbers in the white list. If the matching is successful, that is , if there is a number consistent with the target number in the whitelist, the target number is considered to be a safe number; if the matching fails, that is, if there is no number consistent with the target number in the whitelist, the target number is considered not to be a safe number.

Alternatively, the whitelist may also be a list of numbers obtained by the electronic device 100 from a third-party platform. After obtaining the target number, the electronic device 100 obtains the whitelist from the third-party platform. After obtaining the whitelist, the electronic device 100 combines the target number with the whitelist. If the match is successful, that is, there is a number consistent with the target number in the white list, the target number is considered a safe number; if the match fails, that is, there is no number consistent with the target number in the white list, It is considered that the target number is not a safe number.

Method 4: The electronic device 100 determines whether the owner information of the target number is the same as the owner information of the local number.

For example, the electronic device 100 may send a query request carrying the target number to the server 102 to receive a response returned by the server 102 carrying the owner information of the target number, based on the received owner information of the target number and the owner information of the local number. Master information to determine whether the two are consistent. For example, the owner information includes a uniquely identifying number, the user's name, user ID card information and other information. If there is at least one piece of uniquely identifying information in the two owner information If the owner information of the target number is consistent, it is considered that the owner information of the target number is the same as the owner information of the local number, and the target number is a safe number; if any of the two owner information is inconsistent, the owner information of the target number is considered to be the same. Whether the owner information of this number is different from that of the local number, the target number is not a safe number. It should be noted that the owner information of the local number can be stored locally on the electronic device, or it can be received by querying the server. The latter method can be to directly carry the local number or instruction in the query request. The first identifier of the local number may also be the first identifier obtained by the server when establishing a network layer connection with the electronic device, etc. The solution of the present invention is not limited to this.

Optionally, the electronic device 100 can also send a query request carrying a first identifier and a target number used to indicate the own number to the server 102, requesting the server 102 to determine the own number based on the first identifier, and the local number and the target number based on the first identifier. The owner information is matched to receive a response carrying the owner information matching result returned by the server 102. If the received owner information matching result is a successful match, it is considered whether the owner information of the target number matches the owner information of the local number. If the main information is the same, the target number is a safe number; if the received owner information matching result is a match failure, it is considered that the owner information of the target number is different from the owner information of the local number, and the target number is not a safe number. .

It can be understood that the electronic device 100 performs the above four methods from the perspective of determining whether the target number is a safe number. The electronic device 100 can perform the four methods in combination. The execution order and execution logic of these methods are not limited and can be based on The actual situation is determined. In this embodiment, with reference to Figure 7, an implementation method for determining whether the target number is a safe number by combining four methods is provided, including:

S701. The electronic device 100 obtains the target number.

S702. The electronic device 100 determines whether the target number is the local SIM card number; if so, perform S706; if not, perform S703.

For example, the above method 1 is used to determine whether the target number is the local SIM card number.

S703. The electronic device 100 determines whether the target number is in the local address book; if so, execute S706; if not, execute S704.

For example, the above method 2 is used to determine whether the target number is in the local address book.

S704. The electronic device 100 determines whether the target number is in the white list; if so, perform S706; if not, perform S705.

For example, the above method three is used to determine whether the target number is in the white list.

S705. The electronic device 100 determines whether the owner information of the target number is the same as the owner information of the local number. If yes, S706 is executed. If not, S707 is executed.

For example, the above method 4 is used to determine whether the owner information of the target number is the same as the owner information of the local number.

S706. Confirm that the target number is a safe number.

S707. Confirm that the target number is not a safe number.

In this embodiment, the electronic device 100 first determines whether the target number is the local SIM card number. If the target number is not the local SIM card number, it is not sure whether the target number is a security number; considering that the electronic device 100 is lost, the SIM card When an unknown number is inserted into the slot, if the target number is the local SIM card number, the target number may not be a safe number, or there may not be multiple SIM cards in the electronic device, or the call forwarding number set by the user may not be a safe number. The SIM card may be inserted into other devices, etc. Therefore, the electronic device 100 can also determine the target number in the local address book and whitelist. If the target number is not in the local address book, the electronic device can continue to determine whether the target number is in the whitelist. In the list, if the target number is not in the white list, the electronic device performs a judgment on the owner information of the target number. If the owner information is determined to be the same, the target number is determined to be a safe number; otherwise, the target number is not safe. Number. If the target number is in the local address book, or the target number is in the whitelist, the target number is determined to be a safe number.

Through the judgment of the above execution sequence and execution logic, the effectiveness and accuracy of security number identification based on the target number can be further improved.

It should be noted that the execution sequence and execution logic of different judgment methods involved in the embodiment shown in Figure 7 are all examples. In this actual identification and judgment process, the execution sequence and execution logic of each method are not limited.

Dimension 2: In a feasible solution of this embodiment, the electronic device 100 determines whether the target number is a risk number, including the following methods:

Method 5: The electronic device 100 determines whether the target number is in the blacklist.

The blacklist can be understood as a list of risky or harassing harassing numbers pre-stored in the electronic device 100. After obtaining the target number, the electronic device 100 matches the target number with the harassing numbers in the blacklist. If they match, If the match is successful, that is, if there is a harassing number consistent with the target number in the blacklist, the target number is considered to be a risk number; if the match fails, that is, if there is no harassing number consistent with the target number in the blacklist, the target number is considered not to be a risk number. .

Alternatively, the blacklist may also be a list of risk numbers obtained by the electronic device 100 from a third-party platform. After obtaining the target number, the electronic device 100 obtains the blacklist from the third-party platform. After obtaining the blacklist, the electronic device 100 compares the target number with The risk number in the blacklist is matched. If the match is successful, that is, there is a risk number consistent with the target number in the blacklist, the target number is considered to be a risk number; if the match fails, that is, there is no consistent risk number with the target number in the whitelist. risk number, the target number is considered not to be a risk number.

Method 6: The electronic device 100 determines whether the target number is marked as a risk.

For example, the electronic device 100 may send a query request information carrying a target number to the server 102 or a third-party risk identification platform to receive a response information returned by the server 102 or a third-party risk identification platform carrying the target number as to whether the target number is marked for risk. Based on the received The response information received determines whether the target number is a risk-marked number. If so, the target number is considered to be a risk number; if it is determined that the target number is not marked for risk, the target number is considered not to be a risk number.

It can be understood that the electronic device 100 performs the above-mentioned method five and/or method six from the perspective of determining whether the target number is a risk number. The electronic device 100 may perform method five or method six, or may perform method five and method six in combination. , the execution sequence and execution logic of these methods are not limited and can be determined according to the actual situation.

Combined with the method for determining whether the target number is a risk number given in the above embodiment, with reference to Figure 8, an implementation method for determining whether the target number is a risk number by combining multiple methods is provided, including:

S801. The electronic device 100 obtains the target number.

S802. The electronic device 100 determines whether the target number is in the blacklist; if so, perform S805; if not, perform S803.

For example, the above method 5 is used to determine whether the target number is in the blacklist.

S803. The electronic device 100 determines whether the target number is marked as a risk; if so, perform S805; if not, perform S804.

For example, the above-mentioned method six is used to determine whether the target number is marked as a risk.

S804. Confirm that the target number is not a risk number;

S805. Determine the target number as a risk number.

In this embodiment, the electronic device 100 first determines whether the target number is in the blacklist. If the target number is in the blacklist, it means that the target number is a risk number. If the target number is not in the blacklist, in order to further determine the target number Security, the electronic device 100 can determine whether the target number is marked as a risk. If the target number is marked as a risk, it is determined that the target number is a risk number. If the target number is not marked as a risk, it means that the target number is not a risk number. .

Through the judgment of the above execution sequence and execution logic, the effectiveness and accuracy of risk number identification based on the target number can be further improved.

It should be noted that the execution sequence and execution logic of different judgment methods involved in the embodiment shown in Figure 8 are all examples. In this actual identification and judgment process, the execution sequence and execution logic of each method are not limited.

In a feasible solution of this embodiment, the electronic device 100 can determine the security of the target number by combining the two dimensions of determining whether the target number is a safe number and determining whether the target number is a risk number.

Exemplarily, the electronic device 100 can determine whether the target number is a safe number based on one or more of the above methods one to four. For example, the electronic device 100 can determine whether the target number is a safe number based on the embodiment provided in Figure 7 , if the target number is a safe number, it is determined that there is no risky operation in the current environment. If the target number is not a safe number, the electronic device 100 determines whether the target number is a risk number based on one or more of the above method five and method six, If the target number is not a risk number, it is determined that there is no risky operation in the current environment; if the target number is a risk number, it is determined that there is a risky operation in the current environment.

As another example, the electronic device 100 can determine whether the target number is a risk number based on one or more of the above-mentioned method five and method six. For example, the electronic device 100 can determine whether the target number is a risk number based on the embodiment provided in FIG. 8 , if the target number is a risk number, it is determined that a risky operation exists in the current environment. If the target number is not a risk number, the electronic device 100 can determine whether the target number is a safe number based on one or more of the above methods one to four. If If the target number is a safe number, it is determined that there is no risky operation in the current environment. If the target number is not a safe number, it is determined that there is a risky operation in the current environment.

Alternatively, the electronic device 100 may determine whether the target number is a safe number based on one or more of the above methods one to four. For example, the electronic device 100 may determine whether the target number is not a safe number based on the embodiment provided in FIG. 7 , or, The electronic device 100 can determine whether the target number is a risk number based on one or more of the above-mentioned method five and method six. For example, the electronic device 100 can determine whether the target number is a risk number based on the embodiment provided in Figure 8. After determining the target number If the number is a safe number or it is determined that the target number is not a risk number, it is determined that there is no risky operation in the current environment; if it is determined that the target number is not a safe number or it is determined If the target number is a risk number, it is determined that there is a risky operation in the current environment.

In the risk identification method given in this embodiment, the technical solution of identifying and judging whether there is a risky operation in the current environment based on the target number in the first information can be applied to specific scenarios where the electronic device 100 is set to call transfer, or other situations involving to the specific scenario of number information. In this embodiment, in a specific scenario involving number information, the target number is information that can be obtained directly, and the acquisition method is relatively convenient. The electronic device 100 performs risk identification and judgment of the current environment based on the obtained target number, which can be effective and Quickly determine whether the operations in the current environment are risky, so as to provide risk reminders when it is determined that there are risky operations in the current environment, which enhances the user's information security and optimizes the user experience.

In other embodiments, in conjunction with the solution of the embodiment provided in Figure 5, another implementation manner of implementing the risk identification method is provided. In the scenario where the first information includes environmental information, the risk identification method includes:

The electronic device 100 obtains the environment information, and determines based on the environment information whether there is a risky operation at the first moment or within a preset time period before the first moment; wherein the first moment is the moment when the user's operation to set a specific scene is received.

Optionally, the preset time period before the first time may be 5 minutes, 10 minutes, 30 minutes, etc. before the operation time of the specific scene.

Optionally, the environmental information may include different events that occur on the electronic device when the current operation occurs or within a preset time before the current operation occurs. For example, the environment information may be a phone call event, an application and/or function running event, an application download or installation event, an interaction event between the terminal and the application, etc. The electronic device 100 determines whether to preset at the first moment or before the first moment based on the environmental information. Whether there are risky operations within the time period, the following embodiment specifically describes how to identify and judge risky operations.

Based on different environmental information, determining whether the electronic device 100 has risky operations includes the following methods:

Method 7: If the environment information is an application running event and/or a function running event, the electronic device 100 determines whether there is a risky operation in the current environment based on whether the specific application and/or its corresponding specific function is run.

The specific application may be an application with screen sharing or remote control mode, and the corresponding specific function may be enabled by screen sharing or remote control mode. For example, a specific application can also be a payment application, and the corresponding specific function can be the execution of payment or transfer activities. Optionally, a specific application list may be set in the electronic device 100 in advance. The electronic device 100 can determine whether a specific application is in progress by querying the current process based on the specific application list; accordingly, the electronic device 100 can also determine whether the electronic device 100 is in a specific functional mode of a specific application by querying the current process. Optionally, the electronic device 100 may also determine whether the specific application is running or whether the specific application has been run within a preset time period before the first time based on the running start time and/or the running end time of the specific application. It should be noted that the application end time will be recorded when the application ends. If there is no end time, it means that the application should be running.

For example, if the electronic device 100 determines that the specific application A is running by querying the current process, it is determined that the current operation involves a risky operation. Alternatively, if the electronic device 100 determines that the electronic device 100 is in a specific functional mode of the specific application A by querying the current process, it is determined that the current operation involves a risky operation. Alternatively, if the electronic device 100 determines that the specific application A does not have a final execution end time, then determines that the specific application A is running, and determines that a risky operation exists in the current environment. Alternatively, if the electronic device 100 determines that the last start time of specific application A is 17:38 on June 16, 2022, the last start time is 17:50 on June 16, 2022, and the electronic device 100 detects the first The time is 17:52 on June 16, 2022. Take the preset time before the first time as 30 minutes as an example. Obviously, the specific application A has been run within 30 minutes before the first time. In this case, In this case, it is determined that the current operation contains risky operations; if the electronic device determines that the last start time of specific application A is 10:38 on June 16, 2022, and the last start time is 11:50 on June 16, 2022, obviously , if the specific application A did not run within 30 minutes before the first moment, it is determined that the current operation does not involve risky operations.

It should be understood that the above embodiment uses one specific application as an example. If there are multiple specific applications, the judgment will be made based on logic or principles. That is, if it is determined that at least one specific application exists at the first moment or the preset time period before the first moment. If the application is running or has been run before, it is determined that the current operation contains risky operations. If it is determined that no specific application is running and no specific application has been run at the first moment or within the preset time period before the first moment, it is determined that the current operation does not include a risky operation.

Optionally, the specific functions may also include system function modes of the electronic device 100, such as working mode, do not disturb mode, remote control mode, desktop sharing mode, flight mode, silent mode, conference mode, etc. of the electronic device 100. The specific functions here refer to modes that may have risks of information leakage, inability to make calls, and have remote control and communication functions. For example, if the electronic device 100 queries the current process and determines that the remote control mode has been turned on within a preset time period before the first moment, it determines that the current operation involves a risky operation. Alternatively, the electronic device 100 may also determine whether there is a risky operation based on the execution time of a specific function. For example, if it is determined that the start time of the remote control mode is 17:38 on June 16, 2022, and there is no end time, it means that it is still in the remote control mode. In this case, it can also be determined that the current operation is a risky operation. If the start time of the remote control mode is 10:38 on June 13, 2022, the end time is 11:50 on June 13, 2022, and the first time is 17:40 on June 16, 2022, the first time The first 30 minutes are used to detect risky operations. Obviously, although the remote control mode has been turned on, its start time is not within 30 minutes before the detection of a specific scenario being triggered. In this case, it is determined that the current operation does not contain risky operations.

In this embodiment, especially for specific applications with payment functions, these applications with payment functions are generally deployed with a payment software development kit (SDK). Optionally, the electronic device 100 can also be configured according to each application. The operation log is used to determine whether the payment SDK has been called. If the payment SDK is called at the first moment of detection or within the preset time period before the first moment, it is determined that the current operation is a risky operation. Here, the risk identification module of the electronic device 100 can obtain the running log of each application from the register of each application. The running log mainly records the running data of each application itself, for example, at what time the application obtained what information, and at what time What information was generated, etc.

Method 8: If the environmental information is an application download event or an application installation event, the electronic device 100 determines whether there is a risky operation based on whether the risky application is downloaded or whether the risky application is installed.

The risk application may be an application with a risk mark, and a list of applications with a risk mark may be set in the electronic device 100 in advance. The electronic device 100 may also obtain the list of applications with a risk mark from a third-party risk identification platform in real time, or , the electronic device 100 can also obtain the risk query results of the application from the third-party risk identification platform in real time, and determine whether the queried application is a risk application based on the risk query results. The electronic device 100 can determine whether an application is being downloaded or installed by querying the current process or by interacting with a specific application (such as an installer application, an application market, or other applications with application distribution functions). application, it is determined whether the application is a risky application. If it is determined to be a risky application, it is determined that the current operation contains risky operations. Alternatively, the electronic device 100 may also query the process log or other methods to determine whether there is a behavior of downloading or installing an application within a preset time period before the first moment. If there is a behavior of downloading or installing an application, it is determined whether the application is a risky application. After determining If the application is a risky application, it is determined that the current operation is risky. operate. Alternatively, the electronic device 100 may also determine whether there is a download or installation behavior for an application within a preset time period before the first time based on the download start time, download completion time, installation start time, and installation completion time of each application. For example, the first time is 17:50 on June 16, 2022, the preset time before the first time is 30 minutes before the first time, and the download start time of application C is 17:38 on June 16, 2022. The electronic device 100 determines that application C has a download behavior 30 minutes before the first time, and then performs risk application identification on application C. If application C is in the list of applications with risk marks set in the electronic device 100, or application C is in the The list of applications with risk marks obtained by the third-party risk identification platform, or the electronic device 100 obtains the risk query result of application C from the third-party risk identification platform, and the result shows that application C is a risk application. In these cases, it is determined The current operation involves risky operations.

It should be understood that the above embodiments take the behavior of downloading one risky application as an example. If it is determined that there are multiple applications downloading or installing behaviors within the first moment or within the preset time period before the first moment, then multiple applications will be downloaded or installed based on logic or principles. If at least one application is a risky application, it is determined that there is a risky operation in the current operation; if all downloaded or installed applications are not risky applications, it is determined that there is no risky operation in the current environment.

Method nine: If the environmental information is a phone call event, the electronic device 100 determines whether there is a risky operation based on the call number of the phone call event.

In this embodiment, if the electronic device 100 determines that the call application is running, it obtains the current call number, and performs risk identification on the current call number based on the above method two, three, five and six. If it is determined that the current call number is safe number, and/or, it is determined that the current call number is not a risk number, then it is determined that the current operation does not have a risk operation; if it is determined that the current call number is not a safe number, and/or, it is determined that the current call number is a risk number, then it is determined that the current operation is risky. operate. If the electronic device 100 determines that the call application has been run within the preset time period before the first time, it obtains the historical call numbers within the preset time period before the first time, and pairs them one by one based on the above-mentioned method two, method three, method five and method six. Historical call numbers are used for risk identification. If it is determined that all historical call numbers are safe numbers, and/or, it is determined that all historical call numbers are not risky numbers, then it is determined that there is no risk operation in the current operation; if it is determined that at least one historical call number is not safe number, and/or, if it is determined that at least one historical call number is a risk number, it is determined that the current operation involves a risky operation.

Method 10: The environmental information is an application interaction event, and the electronic device 100 determines whether the current operation involves a risky operation based on the specific application interaction information.

In this embodiment, the specific application can be an application with risk identification and risk prompts. The specific application identifies risky operations based on user operations. After determining that there are risky operations and generating risk prompt information, based on the interaction strategy, the specific application generates the risk prompt information. Feedback to the risk identification module. For example, if the risk identification module of the electronic device 100 determines the first moment, or receives risk reminder information sent by a specific application within a preset time period before the first moment, it determines that the current operation involves a risky operation; if the electronic device 100 If the risk identification module does not receive risk reminder information at the first moment and within the preset time period before the first moment, it is determined that there is no risky operation in the current operation.

Combined with the method for determining whether the current operation is a risky operation based on environmental information provided by methods seven to ten of the above embodiments, as shown in Figure 9, an implementation method for determining whether a risky operation exists by combining multiple methods is provided. ,include:

S901. The electronic device 100 obtains environmental information.

S902. The electronic device 100 determines that the specific application is running or has been run for a period of time before detecting that the specific scene is triggered; if so, perform S909; if not, perform S903.

For example, the above-mentioned method seven can be used to determine that a specific application is running or has been running for a period of time before detecting that a specific scenario is triggered.

S903. The electronic device 100 determines whether the call application is running or has been run for a period of time before detecting that the specific scene is triggered. If so, perform S904; if not, perform S905.

S904. The electronic device 100 determines whether the current call number or the historical call number is a safe number based on the call information generated by the call application; if so, perform S905; if not, perform S909.

For example, the above-mentioned method nine can be used to determine whether the current call number or historical call number is a safe number.

S905. The electronic device 100 determines that the risky application is being downloaded or installed, or has been downloaded or installed a period of time before detecting that the specific scene is triggered; if so, perform S909; if not, perform S906.

For example, the above-mentioned method eight can be used to determine that the risky application is being downloaded or installed, or has been downloaded or installed a period of time before it is detected that a specific scenario is triggered.

S906. The electronic device 100 determines whether the risk mode is turned on at the current moment when the specific scene is detected to be triggered or a period of time ago; if so, perform S909; if not, perform S907.

For example, the above-mentioned method seven can be used to determine whether the risk mode is turned on at the current moment or a period of time before a specific scene is detected to be triggered.

S907. Whether the electronic device 100 receives the risk reminder information of the specific application at the current moment when the specific scene is detected or a period of time ago; if so, perform S909; if not, perform S908.

For example, the above-mentioned method ten can be used to determine whether risk reminder information is received at the current moment or a period of time before a specific scene is detected to be triggered.

S908. Determine that there are no risky operations in the current environment.

S909. Determine whether there are risky operations in the current environment.

In the risk identification method given in this embodiment, the technical solution of identifying and judging whether there is a risky operation in the current environment based on the environmental information in the first information can be applied to any specific scenario setting scenario, for example, electronic equipment 100 is set to a specific scenario of call forwarding, or the electronic device 100 is set to do not disturb mode, or the electronic device 100 is set to airplane mode, or the electronic device 100 is set to reject unknown calls mode, etc., or other things that may cause the electronic device 100 to temporarily Scenario where communication capability is lost. In this embodiment, based on the environment information, the electronic device 100 successively determines whether a specific application is opened or running at the current moment or a period of time before the specific scene is detected to be triggered. If the call application is opened or running, based on The call information determines whether there is a call between the electronic device and the risk number, determines whether the risk application has been downloaded or installed, whether the risk mode is turned on in the system, and whether risk warning information is generated. Risk identification and judgment are carried out in all aspects and multiple dimensions. Determine whether there are risky operations in the current environment, and further improve the effectiveness and accuracy of risk identification based on environmental information.

It can be understood that aspect one provides a method for identifying the risk of a number based on the number information in the first information. One to method six; aspect two provides methods seven to ten for risk identification based on the environmental information in the first information from applications, system models, risk warning information and other methods.

In some other embodiments, the risk operation identification of the current environment can also be carried out through the identification method of the above-mentioned aspect three. The method provided by the aspect three is actually a combination of the above-mentioned aspects one and two for identification and judgment. For example, if the electronic device 100 can perform number risk judgment on the number information based on the combination of methods one to six in aspect one, and determine that the target number in the number information is a risk number, and, the electronic device 100 can determine the number risk based on the combination of methods seven to six in aspect two. The combination of method ten is used to identify risks in environmental information, and it is determined that there are risky operations in the current environment, and then it is finally determined that there are risky operations in the current environment; for another example, if the electronic device 100 can perform the risk identification on the number information based on the combination of methods one to six in aspect one. Number risk judgment determines that the target number in the number information is a risk number, or the electronic device 100 performs risk identification on the environmental information based on the combination of methods seven to ten in aspect two and determines that there are risky operations in the current environment, and then finally determines the current There are risky operations in the environment.

Optionally, in combining the identification methods of aspects one and two, the electronic device 100 performs the identification methods of method one to method six in aspect one, and the order of performing the identification methods of method seven to method ten of aspect two is not limited. It is understood that the identification methods of aspect one and aspect two can also be executed in parallel, and this embodiment does not limit this.

In this embodiment, the electronic device 100 performs risk identification of the target number involved in the current operation based on the number information in the first information, and performs risk identification of the environment in which the current operation is based on a variety of information in the environmental information, thereby improving The utilization rate of various information in the first information is improved, and risk identification based on different information can further improve the effectiveness and accuracy of risk identification of the current operation of the electronic device, improve the success rate of risk interception, and optimize the user experience.

FIG. 10 shows a possible structural diagram of the electronic device involved in the above embodiment. The electronic device 1000 includes: a processor 1001, a display screen 1002 and a communication module 1003.

Among them, the processor 1001 is used to control and manage the actions of the electronic device 1000 . The display screen 1002 is used to display images generated by the processor 1001. The communication module 1003 is used to support communication between the electronic device 1000 and other network entities (such as servers).

The processor 1001 is used to receive the user's operation of setting a specific scene and obtain the first information; perform risk identification based on the first information, and if it is determined that there is a risk, output the risk warning information to the display screen; the display screen 1002 is used to display the risk warning information.

In an optional embodiment, when the specific scenario is call forwarding, the phone number information at least includes the call forwarding number, and the processor 1001 is configured to determine that a risk exists if it is determined that the call forwarding number is not a safe number.

In an optional embodiment, determining that the call forwarding number is a security number includes: determining that the call forwarding number is the local SIM card number; or determining that the call forwarding number is in the local address book; or determining that the call forwarding number is in a preset in the whitelist; or, make sure that the owner information of the call forwarding number is the same as the owner information of the local number.

In an optional embodiment, the communication module 1003 is configured to send a first query request carrying the local number or the first identifier of the local number and the call transfer number to the server; the first query request is used to instruct the server to base the The number and call transfer number query the owner information of the local machine and the call transfer owner information; receive the first query response returned by the server carrying the owner information of the local machine and the call transfer owner information; if it is determined that the owner information of the local machine and the call transfer owner information are If the owner information matches successfully, it is determined that the owner information of the call forwarding number is the same as the owner information of the local number.

In an optional embodiment, the communication module 1003 is used to send a message carrying the local number or the local number to the server. The first identifier and the second query request of the call forwarding number; the second query request is used to instruct the server to determine the matching result of the owner information of the local number and the owner information of the call forwarding number; receive the matching result returned by the server Second query response; if the matching result is determined to be successful, it is determined that the owner information of the call forwarding number is the same as the owner information of the local number.

In an optional embodiment, when the specific scenario is call forwarding, the phone number information at least includes the call forwarding number, and the processor 1001 is configured to determine that a risk exists if the call forwarding number is determined to be a risk number.

In an optional embodiment, determining that the call forwarding number is a risk number includes: determining that the call forwarding number is in a preset blacklist; or determining that the call forwarding number is a number that has been marked as a risk.

In an optional embodiment, in the specific scenario of call forwarding, the phone number information at least includes the call forwarding number, and the processor 1001 is configured to determine that the call forwarding number is not a safe number and determine that the call forwarding number is a risk number. , then it is determined that there is a risk.

In an optional embodiment, the risk warning information includes content instructing the user to cancel the setting of a specific scenario or to confirm the setting of a specific scenario. Based on this, the processor 1001 is used to obtain the setting operation triggered by the user. When the setting operation is to cancel the setting of a specific scene, output a prompt message of setting failure to the display screen. When the setting operation is to confirm the setting of a specific scene, A prompt message indicating that the setting is successful is output to the display screen 1002.

The display screen 1002 is used to display a prompt message indicating that the setting fails, or to display a prompt message indicating that the setting is successful.

In an optional embodiment, the communication module 1003 is also configured to send a call transfer setting request to the server; receive a setting response returned by the server, and feed the setting response back to the processor.

The processor 1001 is configured to output a prompt message indicating that the setting is successful based on the feedback response to the display screen.

The display screen 1002 is used to display a prompt message indicating that the setting is successful.

In an optional embodiment, the processor 1001 is configured to determine whether there is a risky operation at the first moment or within a preset time period before the first moment according to the environmental information; wherein the first moment is when the operation of setting a specific scene by the user is received. moment.

In an optional embodiment, the environmental information is a phone call event, and the risk operation includes that the call number of the phone call event is a risk number, and/or the call number of the phone call event is not a safe number.

In an optional embodiment, the environment information is an application running event and/or a function running event, and the risk operation includes running a specific application and/or running a specific function of a specific application.

In an optional embodiment, the environment information is an application download event, and the risk operation includes the behavior of downloading a risky application; the environment information is an application installation event, and the risk operation includes the behavior of installing a risky application.

In an optional embodiment, the environment information is an application interaction event, and the risk operation includes receiving a risk reminder message sent by a specific application.

In an optional embodiment, the processor 1001 is configured to determine that a risk exists if the risk is identified based on the phone number information, and/or if the risk is identified based on the environmental information, then determine that the risk exists; otherwise, determine that the risk does not exist. .

The processor 1001 may be a central processing unit (CPU), a digital signal processor (DSP), an application-specific integrated circuit (ASIC), or a field programmable gate array (field programmable gate array). programmable gate array (FPGA) or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. Processors may include application processors and baseband processors. It may be implemented or performed as described in connection with the disclosure of this application various illustrative logic blocks, modules and circuits. The processor may also be a combination that implements computing functions, such as a combination of one or more microprocessors, a combination of a DSP and a microprocessor, and so on. The communication module 1003 may be a transceiver, a transceiver circuit, etc. The storage module may be a memory.

For example, the processor 1001 can be the processor 3210 as shown in Figure 4A, and the communication module 1003 includes a radio frequency module (the radio frequency module 350 as shown in Figure 4A). The communication module may also include a Wi-Fi module, a Bluetooth module, a radio frequency module 350 and other communication modules. The storage module may be a memory (internal memory 221 as shown in Figure 4A). The display screen 1002 may be a display screen 394 as shown in FIG. 4A , the display screen 394 may be a touch screen, and the touch screen may integrate a display panel and a touch panel. The terminal provided by the embodiment of the present application may be the electronic device 100 shown in Figure 4A. The above-mentioned processor, display, etc. may be connected together, for example, through a bus.

Embodiments of the present application also provide a computer-readable storage medium. The computer-readable storage medium includes computer instructions. When the computer instructions are run on the above-mentioned electronic device, the electronic device causes the electronic device to execute the electronic device 100 in the above-mentioned method embodiment. Each function or step performed.

An embodiment of the present application also provides a computer program product. When the computer program product is run on a computer, it causes the computer to perform each function or step performed by the electronic device 100 in the above method embodiment. For example, the computer may be the electronic device 100 described above.

Through the description of the above embodiments, those skilled in the art can clearly understand that for the convenience and simplicity of description, only the division of the above functional modules is used as an example. In practical applications, the above functions can be allocated according to needs. Different functional modules are completed, that is, the internal structure of the device is divided into different functional modules to complete all or part of the functions described above.

In the several embodiments provided in this application, it should be understood that the disclosed devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of modules or units is only a logical function division. In actual implementation, there may be other division methods, for example, multiple units or components may be The combination can either be integrated into another device, or some features can be omitted, or not implemented. On the other hand, the coupling or direct coupling or communication connection between each other shown or discussed may be through some interfaces, and the indirect coupling or communication connection of the devices or units may be in electrical, mechanical or other forms.

The units described as separate components may or may not be physically separated. The components shown as units may be one physical unit or multiple physical units, that is, they may be located in one place, or they may be distributed to multiple different places. . Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application can be integrated into one processing unit, each unit can exist physically alone, or two or more units can be integrated into one unit. The above integrated units can be implemented in the form of hardware or software functional units.

If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a readable storage medium. Based on this understanding, the technical solutions of the embodiments of the present application are essentially or contribute to the existing technology, or all or part of the technical solution can be embodied in the form of a software product, and the software product is stored in a storage medium , including several instructions to cause a device (which can be a microcontroller, a chip, etc.) or a processor to execute all or part of the steps of the methods described in various embodiments of this application. The aforementioned storage media include: U disk, mobile hard disk, read only memory (ROM), random access memory (RAM), magnetic disk or optical disk, etc. Various media that can store program code.

The above contents are only specific implementation modes of the present application, but the protection scope of the present application is not limited thereto. Any changes or substitutions within the technical scope disclosed in the present application shall be covered by the protection scope of the present application. Therefore, the protection scope of this application should be subject to the protection scope of the claims.

Claims

A risk identification method, characterized in that it is applied to a terminal, and the method includes:

Receive the user's operation to set a specific scene and obtain the first information; the specific scene includes call transfer, do not disturb mode or airplane mode; the first information includes at least one of the phone number information and environmental information involved in the specific scene;

Perform risk identification based on the first information;

If it is determined that a risk exists, risk warning information is output.
The method according to claim 1, wherein the specific scenario is call transfer, the phone number information includes a call transfer number, and the risk identification based on the first information includes:

If it is determined that the call forwarding number is not a safe number, and/or if it is determined that the call forwarding number is a risk number, it is determined that a risk exists.
The method according to claim 2, characterized in that the judgment conditions for determining that the call forwarding number is a security number include one or more of the following:

Determine that the call forwarding number is the local SIM card number;

Confirm that the call forwarding number is in the local address book;

Determine that the call forwarding number is in a preset white list;

It is determined that the owner information of the call forwarding number is the same as the owner information of the local number.
The method according to claim 3, characterized in that determining that the owner information of the call forwarding number is the same as the owner information of the local number includes:

Send a first query request carrying a first identification and the call transfer number to the server; the first identification is used to indicate the local number of the terminal; the first query request is used to indicate the server based on the The first identifier and the call forwarding number query the owner information of the local machine and the call forwarding owner information;

Receive the first query response returned by the server carrying the local owner information and the call transfer owner information;

If it is determined that the owner information of the local phone and the call forwarding owner information match successfully, it is determined that the owner information of the call forwarding number is the same as the owner information of the local number.
The method according to claim 3, characterized in that determining that the owner information of the call forwarding number is the same as the owner information of the local number includes:

Send a second query request carrying a first identifier and the call transfer number to the server; the first identifier is used to indicate the local number of the terminal; the second query request is used to instruct the server to determine the The matching result between the owner information of the local number and the owner information of the call forwarding number;

Receive a second query response carrying a matching result returned by the server;

If it is determined that the matching result is successful, it is determined that the owner information of the call forwarding number is the same as the owner information of the local number.
The method according to claim 2, wherein determining that the call forwarding number is a risk number includes:

Determine that the call forwarding number is in a preset blacklist; or,

By querying the third-party risk identification platform, it is determined that the call forwarding number is a number that has been marked with risk.
The method of claim 2, further comprising:

If it is determined that there is no risk, send a setting request to set call forwarding to the server;

Receive the setting response returned by the server, and output a prompt message indicating that the setting is successful;

Wherein, the setting request carries a first identifier and a call transfer number, and the first identifier is used to indicate the local number of the terminal; the setting request is used to instruct the server to use the local number and the call forwarding number according to the local number and the call transfer number. The call forwarding number is used to forward calls from the local number to the call forwarding number.
The method according to claim 1, wherein the risk identification based on the first information includes:

It is determined based on the environmental information whether there is a risky operation at the first moment or within a preset time period before the first moment; wherein the first moment is the moment when the user's operation to set a specific scene is received.
The method according to claim 8, characterized in that the environmental information is a telephone call event,

The risky operations include:

The call number of the phone call event is a risk number, and/or the call number of the phone call event is not a safe number.
The method according to claim 8, characterized in that the environmental information is an application running event and/or a function running event;

The risk operations include running a specific application and/or running a specific function of the specific application.
The method according to claim 8, wherein the environmental information is an application download event, and the risky operation includes the behavior of downloading a risky application; or the environmental information is an application installation event, and the risky operation includes There is a behavior of installing risky applications.
The method according to claim 8, wherein the environmental information is an application interaction event, and the risk operation includes receiving a risk reminder message sent by a specific application.
The method according to any one of claims 1-12, characterized in that the risk identification based on the first information includes:

If risk identification is performed based on the telephone number information and it is determined that a risk exists, and/or risk identification is performed based on the environmental information and a risk is determined to exist, then it is determined that a risk exists.
The method according to any one of claims 1-12, characterized in that the risk identification based on the first information includes:

If risk identification is performed based on the phone number and it is determined that there is no risk, and/or risk identification is performed based on the environmental information and it is determined that there is no risk, then it is determined that there is no risk.
An electronic device, characterized in that the electronic device includes a memory, a display screen and one or more processors; the memory, the display screen and the processor are coupled; computer program code is stored in the memory , the computer program code includes computer instructions, which when executed by the processor, cause the electronic device to perform the method according to any one of claims 1-14.
A computer-readable storage medium, characterized by comprising computer instructions, which when the computer instructions are run on an electronic device, cause the electronic device to perform the method according to any one of claims 1-14.