1. A risk identification method aiming at target service, the target service corresponds to a plurality of user authentication stages, including a first stage based on core-body verification and a second stage based on risk identification, the method is applied to a risk prediction system, and comprises the following steps:

receiving a risk prediction request for a user from a business system, wherein the risk prediction request comprises a user identification of the user, and the risk prediction request is sent by the business system before or when the first-stage core-identity verification is carried out on the user;

acquiring first information which corresponds to the user and is used for risk prediction;

according to the first information, risk prediction is carried out on the user to obtain a risk prediction result corresponding to the first stage;

correspondingly storing the user identification and risk prediction information, wherein the risk prediction information comprises a risk prediction result; so that the wind control system takes the risk prediction result as the risk identification result of the second stage in response to the risk prediction result being available after the user passes the core-body verification of the first stage.

2. The method of claim 1, wherein said predicting a risk of the user based on the first information comprises:

and predicting the risk of the user according to the first information by using a risk prediction model.

3. The method of claim 1, wherein after said receiving a risk prediction request for a user from a business system, further comprising:

acquiring second information corresponding to the user, wherein the second information comprises first behavior information of the user and/or current first environment information;

encrypting the second information by using a preset encryption algorithm to obtain first ciphertext information; and

the risk prediction information further includes the first ciphertext information, so that the first ciphertext information is used for information comparison by the wind control system when determining whether the risk prediction result is available.

4. The method of claim 3, wherein the first context information comprises at least one of the following for a device currently used by the user: equipment identification, equipment model, IP address and position information.

5. The method of claim 3, wherein the encryption algorithm comprises a non-reversible encryption algorithm.

6. The method of claim 3, wherein the first behavior information corresponds to a first score; and

the risk prediction information further includes the first score, such that the wind control system uses the first score for information comparison when determining whether the risk prediction result is available.

7. The method of any of claims 1-6, wherein the risk prediction information further includes the first information, such that the wind control system uses the first information for information comparison when determining whether the risk prediction result is available.

8. The method of claim 1 or 2, wherein the first information comprises at least one of the following for the user: the first behavior information, the payment channel and the current first environment information.

9. The method of claim 1, wherein the target traffic comprises any one of: payment service, account registration service, and account login service.

10. The method of claim 1, wherein the target service comprises a payment service; and

the obtaining of the first information for risk prediction corresponding to the user includes:

and acquiring the payment channel preferred by the user and classifying the payment channel into the first information.

11. The method of claim 1, wherein said storing the user identification and risk prediction information in correspondence comprises:

and correspondingly caching the user identification and the risk prediction information.

12. A risk identification method aiming at target service, wherein the target service corresponds to a plurality of user authentication stages, including a first stage based on core-body verification and a second stage based on risk identification, the method is applied to a wind control system and comprises the following steps:

receiving a risk identification request aiming at a user from a business system, wherein the risk identification request comprises a user identifier of the user, and the risk identification request is sent by the business system after the user passes the first-stage core-body verification;

according to the user identification, risk prediction information which is correspondingly stored by a risk prediction system aiming at the user is obtained, wherein the risk prediction information comprises a risk prediction result corresponding to the first stage, and the risk prediction result is obtained by performing risk prediction on the user by the risk prediction system before or when a business system performs core verification of the first stage aiming at the user;

acquiring third information of the user, and determining whether the risk prediction result is available according to the third information;

if the result is determined to be yes, taking the risk prediction result as a risk identification result of the second stage;

and if the determination result is negative, executing risk identification operation aiming at the user.

13. The method of claim 12, wherein,

the risk prediction information further comprises at least one of:

first information corresponding to the user and used for risk prediction;

the first ciphertext information is obtained by encrypting second information corresponding to the user by using a preset encryption algorithm, and the second information comprises first behavior information and/or first environment information of the user in risk prediction;

a first score corresponding to the first behavior information;

the third information includes the first information, the first ciphertext information, and/or the first score.

14. The method of claim 12, wherein the obtaining third information of the user comprises:

acquiring the current second environment information of the user, and classifying the current second environment information into the third information; and

the determining whether the risk prediction result is available according to the third information includes:

determining whether the user is in a trusted environment according to the second environment information;

if the user is determined to be in a trusted environment, determining that the risk prediction result is available;

determining that the risk prediction result is unavailable if it is determined that the user is not in a trusted environment.

15. The method according to claim 12, wherein the risk prediction information further includes first ciphertext information obtained by encrypting second information corresponding to the user by using a preset encryption algorithm, the second information including first behavior information and/or first environment information of the user at risk prediction;

the obtaining of the third information of the user includes:

acquiring second behavior information of the user and/or current second environment information, encrypting by using the encryption algorithm to obtain second ciphertext information, and classifying the second ciphertext information into the third information;

the determining whether the risk prediction result is available according to the third information includes:

calculating a first similarity of the first ciphertext information and the second ciphertext information;

if the first similarity reaches a first similarity threshold, determining that the risk prediction result is available;

and if the first similarity does not reach a first similarity threshold, determining that the risk prediction result is unavailable.

16. The method of claim 12, wherein the risk prediction information further includes first information corresponding to the user for risk prediction;

the obtaining of the third information of the user includes:

acquiring fourth information which corresponds to the user and is used for risk identification, and classifying the fourth information into the third information, wherein the fourth information and the first information adopt the same composition structure;

the determining whether the risk prediction result is available according to the third information includes:

calculating a second similarity of the first information and the fourth information;

determining that the risk prediction result is available if the second similarity reaches a second similarity threshold;

and if the second similarity does not reach a second similarity threshold, determining that the risk prediction result is unavailable.

17. The method of claim 12, wherein the risk prediction information further comprises a first score corresponding to first behavior information of the user in risk prediction;

the obtaining of the third information of the user includes:

acquiring a second score corresponding to second behavior information of the user, and classifying the second score into the third information;

the determining whether the risk prediction result is available according to the third information includes:

calculating a difference between the first score and the second score;

if the difference does not exceed a preset value, determining that the risk prediction result is available;

and if the difference exceeds a preset value, determining that the risk prediction result is unavailable.

18. The method of claim 12, wherein the third information comprises a plurality of information elements; and

the determining whether the risk prediction result is available according to the third information includes:

determining whether the risk prediction outcome is available based on at least one of the plurality of information elements.

19. A risk identification device for a target service, wherein the target service corresponds to a plurality of user authentication stages, including a first stage based on core-identity verification and a second stage based on risk identification, the device is applied to a risk prediction system, and comprises:

a receiving unit configured to receive a risk prediction request for a user from a business system, wherein the risk prediction request includes a user identifier of the user, and the risk prediction request is sent by the business system before or during the first-stage core-identity verification for the user;

an obtaining unit configured to obtain first information for risk prediction corresponding to the user;

the risk prediction unit is configured to carry out risk prediction on the user according to the first information to obtain a risk prediction result corresponding to the first stage;

a storage unit configured to correspondingly store the user identifier and risk prediction information, wherein the risk prediction information includes the risk prediction result; so that the wind control system takes the risk prediction result as the risk identification result of the second stage in response to the risk prediction result being available after the user passes the core-body verification of the first stage.

20. A risk identification device for a target service, wherein the target service corresponds to a plurality of user authentication stages, including a first stage based on core verification and a second stage based on risk identification, and the device is applied to a wind control system and comprises:

a receiving unit configured to receive a risk identification request for a user from a service system, wherein the risk identification request includes a user identifier of the user, and the risk identification request is sent by the service system after the user passes the first-stage core-body verification;

an obtaining unit, configured to obtain, according to the user identifier, risk prediction information that is correspondingly stored by a risk prediction system for the user, where the risk prediction information includes a risk prediction result corresponding to the first stage, and the risk prediction result is obtained by performing risk prediction on the user by the risk prediction system before or during performing core verification of the first stage on the user by a business system;

a determination unit configured to acquire third information of the user and determine whether the risk prediction result is available according to the third information;

a first processing unit configured to take the risk prediction result as the risk identification result of the second stage if the determination result of the determination unit is yes;

a second processing unit configured to perform a risk identification operation for the user if the determination result of the determining unit is no.

21. A computer-readable storage medium, on which a computer program is stored, wherein the computer program causes a computer to carry out the method of any one of claims 1-18 when the computer program is carried out in the computer.

22. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code that when executed by the processor implements the method of any of claims 1-18.

Background

At present, in a plurality of service scenes which need to perform core verification and risk identification on a user, such as a payment scene, an account login scene, an account registration scene, and the like, a wind control system for performing risk identification needs to calculate a large number of indexes, so that the overall time consumption is greatly influenced, and the problems of risk leakage and the like caused by user waiting or overtime calculation are easily caused. In practice, the user experience is affected by causing the user to wait, and the risk is leaked, so that the investment loss is easily caused.

Therefore, a reasonable and reliable scheme is urgently needed, and time consumption of the wind control system is reduced as much as possible under the condition that risk identification accuracy of the wind control system is ensured.

Disclosure of Invention

The embodiment of the specification provides a risk identification method and device for a target service, which can reduce time consumption of a wind control system as much as possible under the condition of ensuring the risk identification accuracy of the wind control system.

In a first aspect, an embodiment of the present disclosure provides a risk identification method for a target service, where the target service corresponds to multiple user authentication stages, where the target service includes a first stage based on a core verification and a second stage based on risk identification, and the method is applied to a risk prediction system, and includes: receiving a risk prediction request for a user from a business system, wherein the risk prediction request comprises a user identification of the user, and the risk prediction request is sent by the business system before or when the first-stage core-identity verification is carried out on the user; acquiring first information which corresponds to the user and is used for risk prediction; according to the first information, risk prediction is carried out on the user to obtain a risk prediction result corresponding to the first stage; correspondingly storing the user identification and risk prediction information, wherein the risk prediction information comprises a risk prediction result; so that the wind control system takes the risk prediction result as the risk identification result of the second stage in response to the risk prediction result being available after the user passes the core-body verification of the first stage.

In some embodiments, said performing risk prediction for said user based on said first information comprises: and predicting the risk of the user according to the first information by using a risk prediction model.

In some embodiments, after said receiving a risk prediction request for a user from a business system, further comprising: acquiring second information corresponding to the user, wherein the second information comprises first behavior information of the user and/or current first environment information; encrypting the second information by using a preset encryption algorithm to obtain first ciphertext information; and the risk prediction information further comprises the first ciphertext information, so that the first ciphertext information is used for information comparison when the wind control system determines whether the risk prediction result is available.

In some embodiments, the first context information comprises at least one of the following for a device currently used by the user: equipment identification, equipment model, IP address and position information.

In some embodiments, the encryption algorithm comprises a non-reversible encryption algorithm.

In some embodiments, the first behavior information corresponds to a first score; and the risk prediction information further comprises the first score, so that the wind control system uses the first score for information comparison when determining whether the risk prediction result is available.

In some embodiments, the risk prediction information further includes the first information, such that the wind control system uses the first information for information comparison when determining whether the risk prediction result is available.

In some embodiments, the first information comprises at least one of the following for the user: the first behavior information, the payment channel and the current first environment information.

In some embodiments, the target traffic comprises any one of: payment service, account registration service, and account login service.

In some embodiments, the target service comprises a payment service; and the acquiring of the first information for risk prediction corresponding to the user comprises: and acquiring the payment channel preferred by the user and classifying the payment channel into the first information.

In some embodiments, the correspondingly storing the user identifier and the risk prediction information includes: and correspondingly caching the user identification and the risk prediction information.

In a second aspect, an embodiment of the present specification provides a risk identification method for a target service, where the target service corresponds to multiple user authentication phases, where the target service includes a first phase based on core verification and a second phase based on risk identification, and the method is applied to a wind control system, and includes: receiving a risk identification request aiming at a user from a business system, wherein the risk identification request comprises a user identifier of the user, and the risk identification request is sent by the business system after the user passes the first-stage core-body verification; according to the user identification, risk prediction information which is correspondingly stored by a risk prediction system aiming at the user is obtained, wherein the risk prediction information comprises a risk prediction result corresponding to the first stage, and the risk prediction result is obtained by performing risk prediction on the user by the risk prediction system before or when a business system performs core verification of the first stage aiming at the user; acquiring third information of the user, and determining whether the risk prediction result is available according to the third information; if the result is determined to be yes, taking the risk prediction result as a risk identification result of the second stage; and if the determination result is negative, executing risk identification operation aiming at the user.

In some embodiments, the risk prediction information further comprises at least one of: first information corresponding to the user and used for risk prediction; the first ciphertext information is obtained by encrypting second information corresponding to the user by using a preset encryption algorithm, and the second information comprises first behavior information and/or first environment information of the user in risk prediction; a first score corresponding to the first behavior information; the third information includes the first information, the first ciphertext information, and/or the first score.

In some embodiments, the obtaining third information of the user includes: acquiring the current second environment information of the user, and classifying the current second environment information into the third information; and said determining whether said risk prediction result is available based on said third information comprises: determining whether the user is in a trusted environment according to the second environment information; if the user is determined to be in a trusted environment, determining that the risk prediction result is available; determining that the risk prediction result is unavailable if it is determined that the user is not in a trusted environment.

In some embodiments, the risk prediction information further includes first ciphertext information obtained by encrypting second information corresponding to the user by using a preset encryption algorithm, where the second information includes first behavior information and/or first environment information of the user in risk prediction; the obtaining of the third information of the user includes: acquiring second behavior information of the user and/or current second environment information, encrypting by using the encryption algorithm to obtain second ciphertext information, and classifying the second ciphertext information into the third information; the determining whether the risk prediction result is available according to the third information includes: calculating a first similarity of the first ciphertext information and the second ciphertext information; if the first similarity reaches a first similarity threshold, determining that the risk prediction result is available; and if the first similarity does not reach a first similarity threshold, determining that the risk prediction result is unavailable.

In some embodiments, the risk prediction information further includes first information corresponding to the user for risk prediction; the obtaining of the third information of the user includes: acquiring fourth information which corresponds to the user and is used for risk identification, and classifying the fourth information into the third information, wherein the fourth information and the first information adopt the same composition structure; the determining whether the risk prediction result is available according to the third information includes: calculating a second similarity of the first information and the fourth information; determining that the risk prediction result is available if the second similarity reaches a second similarity threshold; and if the second similarity does not reach a second similarity threshold, determining that the risk prediction result is unavailable.

In some embodiments, the risk prediction information further includes a first score corresponding to first behavior information of the user in risk prediction; the obtaining of the third information of the user includes: acquiring a second score corresponding to second behavior information of the user, and classifying the second score into the third information; the determining whether the risk prediction result is available according to the third information includes: calculating a difference between the first score and the second score; if the difference does not exceed a preset value, determining that the risk prediction result is available; and if the difference exceeds a preset value, determining that the risk prediction result is unavailable.

In some embodiments, the third information comprises a plurality of information elements; and said determining whether said risk prediction result is available based on said third information comprises: determining whether the risk prediction outcome is available based on at least one of the plurality of information elements.

In a third aspect, an embodiment of the present disclosure provides a risk identification apparatus for a target service, where the target service corresponds to multiple user authentication stages, where the target service includes a first stage based on a core verification and a second stage based on risk identification, and the apparatus is applied to a risk prediction system, and includes: a receiving unit configured to receive a risk prediction request for a user from a business system, wherein the risk prediction request includes a user identifier of the user, and the risk prediction request is sent by the business system before or during the first-stage core-identity verification for the user; an obtaining unit configured to obtain first information for risk prediction corresponding to the user; the risk prediction unit is configured to carry out risk prediction on the user according to the first information to obtain a risk prediction result corresponding to the first stage; a storage unit configured to correspondingly store the user identifier and risk prediction information, wherein the risk prediction information includes the risk prediction result; so that the wind control system takes the risk prediction result as the risk identification result of the second stage in response to the risk prediction result being available after the user passes the core-body verification of the first stage.

In a fourth aspect, an embodiment of the present specification provides a risk identification apparatus for a target service, where the target service corresponds to multiple user authentication phases, where the target service includes a first phase based on core verification and a second phase based on risk identification, and the apparatus is applied to a wind control system, and includes: a receiving unit configured to receive a risk identification request for a user from a service system, wherein the risk identification request includes a user identifier of the user, and the risk identification request is sent by the service system after the user passes the first-stage core-body verification; an obtaining unit, configured to obtain, according to the user identifier, risk prediction information that is correspondingly stored by a risk prediction system for the user, where the risk prediction information includes a risk prediction result corresponding to the first stage, and the risk prediction result is obtained by performing risk prediction on the user by the risk prediction system before or during performing core verification of the first stage on the user by a business system; a determination unit configured to acquire third information of the user and determine whether the risk prediction result is available according to the third information; a first processing unit configured to take the risk prediction result as the risk identification result of the second stage if the determination result of the determination unit is yes; a second processing unit configured to perform a risk identification operation for the user if the determination result of the determining unit is no.

In a fifth aspect, the present specification provides a computer-readable storage medium on which a computer program is stored, wherein when the computer program is executed in a computer, the computer is caused to execute the method described in any implementation manner of the first aspect and the second aspect.

In a sixth aspect, the present specification provides a computing device, including a memory and a processor, where the memory stores executable code, and the processor executes the executable code to implement the method described in any one of the implementation manners of the first aspect and the second aspect.

In a seventh aspect, the present specification provides a computer program, wherein when the computer program is executed in a computer, the computer is caused to execute the method described in any implementation manner of the first aspect and the second aspect.

In the method and the device for identifying risk of a target service provided in the above embodiments of the present specification, before or when a service system performs a first-stage core verification on a user, a risk prediction result corresponding to a first stage is obtained by performing risk prediction on the user by using a risk prediction system, so that after the user passes the first-stage core verification, a wind control system makes the risk prediction result available as a second-stage risk identification result in response to the risk prediction result, or performs a risk identification operation on the user in response to the risk prediction result being unavailable. In this way, the time consumption of the wind control system can be reduced as much as possible while ensuring the risk identification accuracy of the wind control system. Therefore, the waiting time of the user for executing the target service can be reduced, and the problems caused by overtime can be reduced.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments disclosed in the present specification, the drawings needed to be used in the description of the embodiments will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments disclosed in the present specification, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.

FIG. 1 is an exemplary system architecture diagram to which some embodiments of the present description may be applied;

FIG. 2 is a flow diagram of one embodiment of a risk identification method for a target business in accordance with the present description;

FIG. 3 is a schematic structural diagram of a risk identification device for a target business according to the present specification;

fig. 4 is a schematic structural diagram of a risk identification device for a target business according to the present specification.

Detailed Description

The present specification will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. The described embodiments are only a subset of the embodiments described herein and not all embodiments described herein. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step are within the scope of the present application.

It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings. The embodiments and features of the embodiments in the present description may be combined with each other without conflict. In addition, the terms "first", "second", "third", and the like in the present specification are used only for information distinction and do not play any limiting role.

As described above, the wind control system needs to calculate a large number of indexes, which greatly affects the overall time consumption, and is easy to cause problems such as user waiting or risk omission caused by calculation overtime.

Based on this, some embodiments of the present description provide a risk identification method for a target business, by which time consumption of a wind control system can be reduced as much as possible while ensuring accuracy of risk identification of the wind control system. In particular, FIG. 1 illustrates an exemplary system architecture diagram suitable for use with these embodiments.

As shown in fig. 1, the system architecture may include a business system, a risk prediction system, and a wind control system. The business system is connected with the risk prediction system and the wind control system. The risk prediction system and the wind control system can be independent of each other. Further, the risk prediction system and the pneumatic system may be in communication.

The business system may be a system that provides a target business and has a core verification requirement and a risk identification requirement for a user. The single target service may include, for example, a payment service, an account login service, or an account registration service, etc. The single business system may include, for example, a data management system, an item management system, or a payment system as shown in fig. 1, or the like.

The target service corresponds to a plurality of user authentication stages, wherein the user authentication stages comprise a first stage based on core verification and a second stage based on risk identification. In practice, the business system may perform a first-stage verification of its user. Specifically, the business system may include a client and a server, and the business system may perform the first-stage verification of the user by using the client or the server in response to the user executing the target business. The specific verification method adopted in the first stage may include, for example, password verification, verification code verification, biometric verification (for example, face verification or fingerprint verification), and the like, and is not limited specifically herein. In addition, after the user passes the core verification of the first stage, the business system can call the wind control system to perform the risk identification of the second stage on the user.

In order to reduce the time consumption of the wind control system in the second stage as much as possible, the business system can call the risk prediction system to perform risk prediction on the user in advance before or when the user is subjected to the first-stage core-body verification. Specifically, the business system may send a risk prediction request for the user to the risk prediction system before or during the first-stage core-identity verification for the user. The risk prediction system may respond to the risk prediction request, perform a corresponding risk prediction operation for the user, obtain a risk prediction result corresponding to the first stage, and correspondingly store the user identifier of the user and risk prediction information, where the risk prediction information includes the risk prediction result. After the user passes the first-stage core verification, the business system may send a risk identification request for the user to the wind control system. The wind control system may acquire the risk prediction information in response to the risk identification request, and may take the risk prediction result as the risk identification result of the second stage in response to the risk prediction result in the risk prediction information being available, or perform a risk identification operation for the user in response to the risk prediction result being unavailable.

Further description is made to the system architecture, taking user a and the payment system providing payment services as an example.

As shown in fig. 1, the payment system may send a risk prediction request for user a, which may include the user identification of user a, to the risk prediction system before or while performing the first stage of the verification for user a. Then, the risk prediction system may obtain first information (e.g., behavior information, payment channel, and/or current environmental information of the user a shown in fig. 1) corresponding to the user a for risk prediction in response to the risk prediction request.

The behavior information may include information generated in the service execution process. The payment channel may include a payment channel currently used by user a, or a payment channel preferred by user a. The current environment information may include a device identification, a device model, an IP (Internet Protocol) address and/or location information of a device currently used by the user a, and the like. The device may be a personal device of the user a, such as a smart phone, a tablet computer, a notebook computer, or a desktop computer, or may also be an IOT (Internet of Things) device for use by multiple people, which is not limited herein.

After the behavior information, the payment channel, and/or the current environmental information of the user a as shown in fig. 1 are acquired, the risk prediction system may perform risk prediction on the user a according to the acquired information, so as to obtain a risk prediction result corresponding to the first stage. Then, the risk prediction system may correspondingly store the user identifier of the user a and the risk prediction information including the risk prediction result, for example, to the target storage location shown in fig. 1. The target storage location may be a local storage location of the risk prediction system, such as a hard disk or a memory, or may be a remote database that can be accessed by both the risk prediction system and the wind control system, which is not specifically limited herein.

After the user a passes the first stage of the core verification, the payment system may send a risk identification request for the user a to the wind control system, where the risk identification request includes a user identifier of the user a. The wind control system can respond to the risk identification request and acquire risk prediction information, which is correspondingly stored by the risk prediction system for the user A, from the target storage position according to the user identification. Thereafter, the wind control system may obtain third information of the user a, such as the current environmental information of the user a shown in fig. 1. The wind control system can determine whether the risk prediction result in the risk prediction information is available according to the current environmental information of the user A.

For example, the wind control system may determine whether user a is in a trusted environment based on the current environmental information of user a. And if the user A is determined to be in the trusted environment, determining that the risk prediction result is available. If the user A is determined not to be in the trusted environment, determining that the risk prediction result is unavailable. When determining whether the user A is in the trusted environment, determining whether the current environment information of the user A is matched with the historical environment information of the user A, and if determining that the current environment information of the user A is matched with the historical environment information of the user A, determining that the user A is in the trusted environment; otherwise, it may be determined that user a is not in a trusted environment.

If the risk prediction result is determined to be available, the wind control system can take the risk prediction result as a risk identification result of the second stage; if it is determined that the risk prediction result is not available, the wind control system may perform a risk identification operation for the user a. After the risk prediction result is used as the risk identification result of the second stage, or after the risk identification operation is performed for the user a and the risk identification result is obtained, the wind control system may return the risk identification result to the payment system.

Therefore, the risk prediction system can be used for predicting the risk of the user A in advance, and the obtained risk prediction result can be used as the risk identification result of the wind control system in the second stage, so that the time consumption of the wind control system can be reduced as much as possible under the condition of ensuring the risk identification accuracy of the wind control system, and therefore, the waiting time of the user A during payment business execution can be reduced, and the problems caused by overtime can be reduced.

The following describes specific implementation steps of the above method with reference to specific examples. In order to distinguish the behavior information and the environment information respectively acquired by the risk prediction system and the wind control system, the behavior information and the environment information acquired by the risk prediction system are referred to as first behavior information and first environment information, and the behavior information and the environment information acquired by the wind control system are referred to as second behavior information and second environment information.

Referring to fig. 2, a schematic diagram of an embodiment of a risk identification method for a target service is shown. The target service corresponds to a plurality of user authentication stages, wherein the user authentication stages comprise a first stage based on core verification and a second stage based on risk identification. The method comprises the following steps:

step 202, the risk prediction system receives a risk prediction request aiming at a user from a business system, wherein the risk prediction request comprises a user identifier of the user, and the risk prediction request is sent by the business system before or during the first-stage core verification aiming at the user;

step 204, the risk prediction system acquires first information which corresponds to the user and is used for risk prediction;

step 206, the risk prediction system carries out risk prediction on the user according to the first information to obtain a risk prediction result corresponding to the first stage;

step 208, the risk prediction system correspondingly stores the user identification and risk prediction information, wherein the risk prediction information comprises a risk prediction result;

step 210, the wind control system receives a risk identification request aiming at a user from the service system, wherein the risk identification request comprises a user identifier of the user, and the risk identification request is sent by the service system after the user passes the first-stage core-body verification;

step 212, the wind control system acquires risk prediction information, which is correspondingly stored by the risk prediction system for the user according to the user identification, wherein the risk prediction information includes a risk prediction result corresponding to the first stage;

step 214, the wind control system acquires third information of the user;

step 216, the wind control system determines whether a risk prediction result is available according to the third information;

step 218, if the determination result is yes, the wind control system takes the risk prediction result as a risk identification result of the second stage;

and step 220, if the determination result is negative, the wind control system executes risk identification operation for the user.

The above steps are further explained below.

In step 202, before or while the business system performs the first stage of core-identity verification for the user, the risk prediction system may receive a risk prediction request for the user from the business system, including the user identification of the user. Here, for the explanation of the service system, reference may be made to the related description in the foregoing, and details are not repeated here.

Next, in step 204, the risk prediction system may obtain first information corresponding to the user for risk prediction. Specifically, the risk prediction system may obtain the first information from the service system or a database server corresponding to the service system according to the user identifier of the user. Optionally, the risk prediction request may further include the first information, and the risk prediction system may obtain the first information from the risk prediction request.

The first information may include, for example, first behavior information of the user, a payment channel, current first environment information, and/or the like. The first behavior information may include information produced by the user in the service execution process. The payment channel may include a payment channel currently used by the user, or a payment channel preferred by the user. The current first environment information may include a device identification, a device model, an IP address, and/or location information of a device currently used by the user, and the like.

Taking the target service including the payment service as an example, if the risk prediction request is sent by the service system before the first-stage verification is performed on the user, that is, the service system is sent before the user executes the payment service, the risk prediction system may obtain a payment channel preferred by the user, and classify the payment channel into the first information. If the risk prediction request is sent by the service system when the first-stage verification is performed on the user, that is, the service system is sent when the user executes the payment service, the risk prediction system may obtain a payment channel currently used by the user and classify the payment channel into the first information.

Next, in step 206, the risk prediction system may perform risk prediction on the user according to the first information to obtain a risk prediction result corresponding to the first stage.

In practice, the risk prediction system may perform risk prediction for the user in various ways.

For example, a risk prediction policy may be preset in the risk prediction system, and the risk prediction policy may be utilized to perform risk prediction on the user according to the first information. The risk prediction policy may include one or more rules for risk prediction that are empirically written by a technician.

For another example, a risk prediction model may be preset in the risk prediction system, and the risk prediction system may perform risk prediction on the user according to the first information by using the risk prediction model. The risk prediction model may be various machine learning models suitable for risk prediction, and may include, for example, a Convolutional Neural Network (CNN), a Gradient Boost Decision Tree (GBDT), or the like.

Next, in step 208, the risk prediction system may correspondingly store the user identifier and the risk prediction information, where the risk prediction information includes a risk prediction result, so that the wind control system may use the risk prediction result as a risk identification result of the second stage in response to the availability of the risk prediction result after the user passes the core-body verification of the first stage. In practice, the risk prediction system may store the user identification and the risk prediction information in correspondence to the target storage location as described above.

In some embodiments, the first behavior information may correspond to a first score. In practice, a behavior scoring model may be deployed on a device currently used by the user, and the first score may be obtained by the device scoring the first behavior information by using the behavior scoring model. In order to enrich data on which the wind control system is based when determining whether the risk prediction result is available and ensure the risk identification accuracy of the wind control system, the risk prediction information may further include a first score and/or first information, so that the wind control system uses the first score and/or the first information for information comparison when determining whether the risk prediction result is available.

In some embodiments, in order to enrich data on which the wind control system determines whether the risk prediction result is available and ensure the risk identification accuracy of the wind control system, after step 202, the risk prediction system may further obtain second information corresponding to the user, wherein the second information includes the first behavior information of the user and/or the current first environment information. Then, the risk prediction system may encrypt the second information by using a preset encryption algorithm to obtain the first ciphertext information. Based on this, the risk prediction information may further include first ciphertext information, so that the wind control system uses the first ciphertext information for information comparison when determining whether the risk prediction result is available.

The preset encryption Algorithm may include, but is not limited to, an irreversible encryption Algorithm, which may include, for example, an MD5 encryption Algorithm, or a Secure Hash Algorithm (SHA).

It should be understood that the risk prediction information may include the first information, the first score, and/or the first ciphertext information as described above, in addition to the risk prediction result.

In some embodiments, if the risk prediction system adopts a local storage manner, in order to save a storage space of the risk prediction system, in step 208, the risk prediction system may correspondingly cache the user identifier of the user and the risk prediction information.

And under the condition that the service system passes the verification of the user core, the service system can send a risk identification request aiming at the user to the wind control system. Based on this, in step 210, the wind control system may receive the risk identification request from the business system after the user passes the first stage of the core verification. Wherein the risk identification request may include a user identification of the user.

Next, in step 212, the wind control system may obtain risk prediction information, which is stored by the risk prediction system for the user, according to the user identifier. Risk prediction information is obtained from the target storage location as previously described, for example, based on the user identification. The risk prediction information comprises a risk identification result corresponding to the first stage, and the risk identification result is obtained by performing risk prediction on the user by the risk prediction system before or when the business system performs the first-stage core verification on the user. It should be appreciated that the risk prediction information herein is stored by the risk prediction system by performing step 208.

Next, in step 214, the wind control system may obtain third information of the user.

Specifically, the wind control system may obtain the current second environmental information of the user, and include the current second environmental information as the third information. The wind control system may obtain the second environment information from the service system or a database server corresponding to the service system, for example. Optionally, the second environmental information may also be included in the risk identification request, and thus the wind control system may obtain the second environmental information from the risk identification request. The second environment information may include a device identifier, a device model, an IP address, and/or location information of a device currently used by the user. It should be understood that the second environment information and the first environment information described above may have the same composition structure.

Optionally, the risk prediction information obtained by the wind control system may further include the first information, the first score, and/or the first ciphertext information as described above. Based on this, the third information may include the first information, the first score, and/or the first ciphertext information.

Optionally, if the risk prediction information includes the first ciphertext information, the wind control system may obtain the second behavior information of the user and/or the current second environment information, encrypt the second behavior information and/or the current second environment information by using the encryption algorithm, obtain the second ciphertext information, and classify the second ciphertext information into the third information. It should be noted that the user data (e.g., the second behavior information and/or the second environment information) for generating the second ciphertext information and the second information for generating the first ciphertext information may have the same composition structure.

If the risk prediction information includes first information for risk prediction corresponding to the user, the wind control system may acquire fourth information for risk identification corresponding to the user, and classify the fourth information into the third information. Note that the fourth information and the first information in the foregoing adopt the same composition structure.

If the risk prediction information includes a first score corresponding to the first behavior information of the user during risk prediction, the wind control system may obtain a second score corresponding to the second behavior information of the user, and classify the second score into the third information.

Next, in step 216, the wind control system may determine whether a risk prediction result is available based on the third information.

As an implementation manner, if the wind control system obtains the current second environment information of the user in step 214 and includes the current second environment information as the third information, in step 216, the wind control system may determine whether the user is in the trusted environment according to the second environment information. And if the user is determined to be in the trusted environment, determining that the risk prediction result is available. If the user is determined not to be in a trusted environment, determining that the risk prediction result is unavailable. Here, for further explanation of the implementation, reference may be made to the related description in the foregoing, and details are not repeated here.

As another implementation, if the wind control system includes the second ciphertext information into the third information in step 214, the wind control system may calculate a first similarity between the first ciphertext information and the second ciphertext information in step 216. For example, the first similarity of the first ciphertext information and the second ciphertext information is calculated using any text similarity calculation algorithm. If the first similarity reaches a first similarity threshold, the wind control system may determine that the risk prediction result is available. If it is determined that the first similarity does not reach the first similarity threshold, the wind control system may determine that the risk prediction result is unavailable.

It should be noted that, by encrypting the second information corresponding to the user and the user data respectively, the security of the private data of the user can be ensured. In addition, by performing similarity calculation on the first ciphertext information and the second ciphertext information, compared with the method of directly performing similarity calculation on the second information and the user data, the calculation amount of the wind control system can be effectively reduced, and therefore the time consumed by risk identification of the wind control system can be reduced.

As another implementation manner, if the wind control system includes fourth information for risk identification corresponding to the user in the third information in step 214, the wind control system may calculate a second similarity between the first information and the fourth information in step 216. If the second similarity reaches a second similarity threshold, the wind control system may determine that the risk prediction result is available. If the second similarity does not reach the second similarity threshold, the wind control system may determine that the risk prediction result is unavailable.

As another implementation manner, if the wind control system classifies the second score corresponding to the second behavior information of the user into the third information in step 214, the wind control system may calculate a difference between the first score and the second score in step 216. If the difference does not exceed the preset value, the wind control system may determine that the risk prediction result is available. If the difference exceeds a preset value, the wind control system may determine that the risk prediction result is unavailable.

It should be noted that the first similarity threshold, the second similarity threshold, and the preset value may be set according to actual requirements, and are not specifically limited herein.

In practice, since a certain time difference exists between the first stage and the second stage, in order to prevent the network from being attacked by the black birth and the utilization of the time difference, the user related information of the first stage and the second stage needs to be compared. For example, the last three implementation manners described with respect to step 216 are adopted to compare the first ciphertext information with the second ciphertext information, compare the first information with the fourth information, and/or compare the first score with the second score.

In some embodiments, the third information may include a plurality of information elements including, for example, a plurality of items of environmental information, ciphertext information, score, information for risk assessment. The environment information specifically includes second environment information, the ciphertext information specifically includes first ciphertext information and/or second ciphertext information, the score specifically includes a first score and/or a second score, and the risk assessment information specifically includes first information and/or fourth information. In step 216, the wind control system may determine whether a risk prediction result is available based on at least one of the plurality of information elements.

For example, the wind control system may randomly select one of the plurality of information elements and determine whether a risk prediction result is available based on the information element. If it is determined that the risk prediction result is available, step 218 may be performed next; if the risk prediction result is determined to be unavailable, the step of randomly selecting one information element from the plurality of information elements may be continued until the risk prediction result is determined to be available, or the risk prediction result is determined to be unavailable according to all the plurality of information elements. It is noted that the information elements randomly chosen later are different from the information elements randomly chosen earlier.

As another example, the plurality of information elements may correspond to priorities. The wind control system can determine whether the risk prediction result is available according to each information element in the multiple information elements in sequence from high priority to low priority until the risk prediction result is determined to be available, or determine that the risk prediction result is unavailable according to all the multiple information elements.

Then, if it is finally determined that the risk prediction result is available, the wind control system may execute step 218 to use the risk prediction result as the risk identification result of the second stage. If it is finally determined that the risk prediction result is not available, the wind control system may perform step 220 to perform a risk identification operation for the user.

Further, in step 220, the wind control system may perform risk identification on the user according to the fourth information in the foregoing, so as to obtain a risk identification result of the second stage. It should be noted that the risk identification mode adopted by the wind control system is similar to the risk prediction mode adopted by the risk prediction system, and is not described herein again.

After obtaining the risk identification result of the second stage by performing step 218 or step 220, the wind control system may return the risk identification result to the business system.

In some embodiments, if the wind control system can normally use the risk prediction system for the risk prediction result correspondingly stored by the user, the risk prediction result is returned as the risk identification result of the second stage, and the influence on the downstream processing system is also avoided. Thus, the wind control system may combine the data produced by the risk prediction system in the prediction process with the data in the risk identification request. If the same field and different field values are encountered during merging, the value in the risk identification request can be reserved in a time-based mode.

In the risk identification method provided by the embodiment corresponding to fig. 2, before or when the business system performs the first-stage core-body verification on the user, the risk prediction system is used to perform risk prediction on the user to obtain the risk prediction result corresponding to the first stage, so that after the user passes the first-stage core-body verification, the wind control system makes the risk prediction result available as the risk identification result of the second stage in response to the risk prediction result, or performs a risk identification operation on the user in response to the risk prediction result being unavailable. Therefore, accurate risk prediction of the user can be realized in advance, an available risk prediction result is directly used as a risk identification result of the wind control system in the second stage, and time consumption of the wind control system can be reduced as much as possible under the condition that the risk identification accuracy of the wind control system is ensured. Therefore, the waiting time of the user for executing the target service can be reduced, and the problems caused by overtime can be reduced.

With further reference to fig. 3, the present specification provides an embodiment of a risk identification apparatus for a target service, the target service corresponds to a plurality of user authentication stages, including a first stage based on core verification and a second stage based on risk identification, and the apparatus can be applied to a risk prediction system as shown in fig. 1.

As shown in fig. 3, the risk identification apparatus 300 for a target business of the present embodiment includes: a receiving unit 301, an obtaining unit 302, a risk prediction unit 303, and a storage unit 304. Wherein the receiving unit 301 is configured to receive a risk prediction request for the user from the business system, wherein the risk prediction request includes a user identifier of the user, and the risk prediction request is sent by the business system before or during the first-stage verification for the user; the obtaining unit 302 is configured to obtain first information for risk prediction corresponding to a user; the risk prediction unit 303 is configured to perform risk prediction on the user according to the first information to obtain a risk prediction result corresponding to the first stage; the storage unit 304 is configured to correspondingly store the user identifier and risk prediction information, which includes a risk prediction result; and enabling the wind control system to take the risk prediction result as the risk identification result of the second stage in response to the available risk prediction result after the user passes the core-body verification of the first stage.

In some embodiments, the risk prediction unit 303 may be further configured to: and predicting the risk of the user according to the first information by using the risk prediction model.

In some embodiments, the obtaining unit 302 may be further configured to: after the receiving unit 301 receives a risk prediction request for a user from a business system, acquiring second information corresponding to the user, where the second information includes first behavior information of the user and/or current first environment information; encrypting the second information by using a preset encryption algorithm to obtain first ciphertext information; and the risk prediction information also comprises first ciphertext information, so that the first ciphertext information is used for information comparison when the wind control system determines whether the risk prediction result is available.

In some embodiments, the first context information may include, but is not limited to, at least one of the following for a device currently used by the user: equipment identification, equipment model, IP address and position information.

In some embodiments, the encryption algorithm may include, but is not limited to, an irreversible encryption algorithm.

In some embodiments, the first behavior information may correspond to a first score; and the risk prediction information can also comprise a first score, so that the wind control system uses the first score for information comparison when determining whether the risk prediction result is available.

In some embodiments, the risk prediction information may further include first information, so that the wind control system uses the first information for information comparison when determining whether the risk prediction result is available.

In some embodiments, the first information may include, but is not limited to, at least one of the following for the user: the first behavior information, the payment channel and the current first environment information.

In some embodiments, the target traffic may include, but is not limited to, any of: payment service, account registration service, and account login service.

In some embodiments, the target service comprises a payment service; and the obtaining unit 302 may be further configured to: and acquiring a payment channel preferred by the user and putting the payment channel into the first information.

In some embodiments, the storage unit 304 may be further configured to: and correspondingly caching the user identification and the risk prediction information.

With further reference to fig. 4, the present specification provides an embodiment of a risk identification apparatus for a target service, where the target service corresponds to a plurality of user authentication phases, including a first phase based on core verification and a second phase based on risk identification, and the apparatus can be applied to a wind control system as shown in fig. 1.

As shown in fig. 4, the risk identification apparatus 400 for a target service of the present embodiment includes: a receiving unit 401, an obtaining unit 402, a determining unit 403, a first processing unit 404 and a second processing unit 405. Wherein, the receiving unit 401 is configured to receive a risk identification request for the user from the service system, where the risk identification request includes a user identifier of the user, and the risk identification request is sent by the service system after the user passes the first-stage core-body verification; the obtaining unit 402 is configured to obtain, according to the user identifier, risk prediction information that is correspondingly stored by the risk prediction system for the user, where the risk prediction information includes a risk prediction result corresponding to the first stage, where the risk prediction result is obtained by the risk prediction system performing risk prediction on the user before or while the business system performs core verification of the first stage for the user; the determination unit 403 is configured to acquire third information of the user, and determine whether a risk prediction result is available according to the third information; the first processing unit 404 is configured to take the risk prediction result as the risk identification result of the second stage if the determination result of the determination unit 403 is yes; the second processing unit 405 is configured to perform a risk identification operation for the user if the determination result of the determination unit 403 is no.

In some embodiments, the risk prediction information further comprises at least one of: first information corresponding to a user and used for risk prediction; the first ciphertext information is obtained by encrypting second information corresponding to the user by using a preset encryption algorithm, and the second information comprises first behavior information and/or first environment information of the user during risk prediction; a first score corresponding to the first behavior information; the third information includes the first information, the first ciphertext information, and/or the first score.

In some embodiments, the determining unit 403 may be further configured to: acquiring the current second environment information of the user, and classifying the current second environment information into third information; determining whether the user is in a trusted environment or not according to the second environment information; if the user is determined to be in the trusted environment, determining that a risk prediction result is available; if the user is determined not to be in a trusted environment, determining that the risk prediction result is unavailable.

In some embodiments, the risk prediction information further includes first ciphertext information obtained by encrypting second information corresponding to the user by using a preset encryption algorithm, where the second information includes first behavior information and/or first environment information of the user during risk prediction; the determining unit 403 may be further configured to: acquiring second behavior information of the user and/or current second environment information, and encrypting by using the encryption algorithm to obtain second ciphertext information which is included in third information; calculating a first similarity of the first ciphertext information and the second ciphertext information; if the first similarity reaches a first similarity threshold, determining that a risk prediction result is available; and if the first similarity does not reach the first similarity threshold, determining that the risk prediction result is unavailable.

In some embodiments, the risk prediction information further includes first information corresponding to the user for risk prediction; the determining unit 403 may be further configured to: acquiring fourth information which corresponds to the user and is used for risk identification, and classifying the fourth information into the third information, wherein the fourth information and the first information adopt the same composition structure; calculating a second similarity of the first information and the fourth information; if the second similarity reaches a second similarity threshold, determining that the risk prediction result is available; and if the second similarity does not reach the second similarity threshold, determining that the risk prediction result is unavailable.

In some embodiments, the risk prediction information further includes a first score corresponding to first behavior information of the user in risk prediction; the determining unit 403 may be further configured to: acquiring a second score corresponding to second behavior information of the user, and classifying the second score into third information; calculating a difference between the first score and the second score; if the difference does not exceed the preset value, determining that a risk prediction result is available; and if the difference exceeds a preset value, determining that the risk prediction result is unavailable.

In some embodiments, the third information comprises a plurality of information elements; and the determining unit 403 may be further configured to: determining whether a risk prediction result is available based on at least one of the plurality of information elements.

In the embodiment of the apparatus corresponding to fig. 3 and fig. 4, the detailed processing of each unit and the technical effects thereof can refer to the related description in the embodiment corresponding to fig. 2, and are not repeated herein.

The present specification further provides a computer-readable storage medium, on which a computer program is stored, wherein when the computer program is executed in a computer, the computer is caused to execute the risk identification method for a target service respectively described in the above method embodiments.

The embodiment of the present specification further provides a computing device, which includes a memory and a processor, where the memory stores executable codes, and when the processor executes the executable codes, the risk identification method for a target service, which is respectively described in the above method embodiments, is implemented.

The embodiments of the present specification also provide a computer program, where the computer program, when executed in a computer, causes the computer to execute the risk identification method for a target business described in the above method embodiments respectively.

Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in the embodiments disclosed herein may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.

In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The above-mentioned embodiments, objects, technical solutions and advantages of the embodiments disclosed in the present specification are further described in detail, it should be understood that the above-mentioned embodiments are only specific embodiments of the embodiments disclosed in the present specification, and are not intended to limit the scope of the embodiments disclosed in the present specification, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the embodiments disclosed in the present specification should be included in the scope of the embodiments disclosed in the present specification.