Risk management method and device, computer device, readable storage medium and program product

By using the system to determine risk control trigger conditions based on user behavior characteristics and record the trigger records, a second layer of dynamic verification is performed, which solves the problem of low risk control security in existing technologies and achieves higher security and operational efficiency.

CN119416188BActive Publication Date: 2026-06-23CHINA LIFE INSURANCE CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA LIFE INSURANCE CO LTD
Filing Date
2024-11-28
Publication Date
2026-06-23

Smart Images

  • Figure CN119416188B_ABST
    Figure CN119416188B_ABST
Patent Text Reader

Abstract

The application relates to a risk control method and device, computer equipment, a computer readable storage medium and a computer program product. The method comprises the following steps: judging whether a preset risk control trigger condition is met based on behavior characteristic information of a target user on a target system; if the preset risk control trigger condition is met, recording a risk control trigger record; when the target user performs a target operation on the target system, if there is a risk control trigger record in a current risk control period, performing a second re-verification of the target operation of the target user; the second re-verification is dynamic verification; the target operation comprises login and password modification. The method can improve security.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of information security technology, and in particular to a risk management method, apparatus, computer equipment, computer-readable storage medium, and computer program product. Background Technology

[0002] With the development of digital technology, more and more transactions can be handled through online systems. For example, employees use internal corporate systems to process work-related tasks, while customers use external systems or applications to conduct business. Therefore, risk management of these systems is crucial.

[0003] The existing risk control measures require users to set highly complex passwords, and only users who enter the correct username and password can log in to the system. However, once the password is leaked, unauthorized users can easily log in and perform operations using the leaked password. Therefore, the security of this risk control method is low. Summary of the Invention

[0004] Therefore, it is necessary to provide a risk management method, apparatus, computer equipment, computer-readable storage medium, and computer program product that can improve security in response to the above-mentioned technical problems.

[0005] Firstly, this application provides a risk management method, including:

[0006] Based on the behavioral characteristics of the target user on the target system, determine whether the preset risk control trigger conditions are met;

[0007] If the preset risk control trigger conditions are met, the risk control trigger record is recorded.

[0008] When the target user performs a target operation on the target system, if a risk control trigger record exists within the current risk control period, a second layer of verification is performed on the target user for the target operation; the second layer of verification is dynamic verification; the target operation includes logging in and changing the password.

[0009] In one embodiment, the behavioral characteristic information includes password modification behavior information, and the step of determining whether the preset risk control triggering conditions are met based on the target user's behavioral characteristic information on the target system includes:

[0010] If the password modification behavior information indicates that the number of times the target user successfully modified their password on the target system within the current risk control period exceeds a preset password modification frequency threshold, then the preset risk control trigger condition is determined to be met; and / or,

[0011] If the password modification behavior information indicates that the target user successfully modified the password on the target system within a preset abnormal password modification time period, then the preset risk control triggering condition is determined to be met.

[0012] In one embodiment, the behavioral feature information includes bound behavioral information, and the step of determining whether the preset risk control triggering conditions are met based on the behavioral feature information of the target user on the target system includes:

[0013] If the binding behavior information indicates that the number of mobile phone numbers bound by the same target user within the current risk control period exceeds a preset threshold for the number of mobile phone numbers bound by a user, then the preset risk control trigger condition is determined to be met; and / or,

[0014] If the binding behavior information indicates that the number of users bound to the same mobile number is greater than the preset threshold for the number of users bound to the same mobile number during the current risk control period, then the preset risk control trigger condition is determined to be met.

[0015] In one embodiment, the behavioral feature information includes login behavior information, and the step of determining whether the preset risk control triggering conditions are met based on the behavioral feature information of the target user on the target system includes:

[0016] If the login behavior information indicates that the number of accounts with the same IP address logging into the target system within a preset abnormal login time period is greater than a preset login account threshold, then the preset risk control trigger condition is determined to be met; and / or,

[0017] If the login behavior information indicates that the number of times a target user fails to log in to the target system within a preset historical time period is greater than a preset login failure threshold, then the preset risk control trigger condition is determined to be met.

[0018] In one embodiment, the behavioral feature information includes associated behavioral information, and the step of determining whether the preset risk control triggering conditions are met based on the behavioral feature information of the target user on the target system includes:

[0019] If the associated behavior information indicates that the number of cloud desktops associated with the same target user during the current risk control period is greater than the preset threshold for the number of cloud desktop associations, then the preset risk control triggering condition is determined to be met.

[0020] In one embodiment, the method further includes:

[0021] When the target user logs in on the target system, the target user is instructed to enter an account name, static password, and dynamic password.

[0022] Secondly, this application also provides a risk management device, comprising:

[0023] The judgment module is used to determine whether the preset risk control trigger conditions are met based on the behavioral characteristics of the target user on the target system.

[0024] The recording module is used to record risk control triggering conditions if they are met.

[0025] The verification module performs a second layer of verification on the target user when the target user performs a target operation on the target system. If a risk control trigger record exists within the current risk control period, the module performs a second layer of verification on the target user for the target operation. The second layer of verification is dynamic verification. The target operation includes logging in and changing the password.

[0026] In one embodiment, the behavioral feature information includes password modification behavior information, and the judgment module is specifically used for:

[0027] If the password modification behavior information indicates that the number of times the target user successfully modified their password on the target system within the current risk control period exceeds a preset password modification frequency threshold, then the preset risk control trigger condition is determined to be met; and / or,

[0028] If the password modification behavior information indicates that the target user successfully modified the password on the target system within a preset abnormal password modification time period, then the preset risk control triggering condition is determined to be met.

[0029] In one embodiment, the behavioral feature information includes bound behavioral information, and the judgment module is specifically used for:

[0030] If the binding behavior information indicates that the number of mobile phone numbers bound by the same target user within the current risk control period exceeds a preset threshold for the number of mobile phone numbers bound by a user, then the preset risk control trigger condition is determined to be met; and / or,

[0031] If the binding behavior information indicates that the number of users bound to the same mobile number is greater than the preset threshold for the number of users bound to the same mobile number during the current risk control period, then the preset risk control trigger condition is determined to be met.

[0032] In one embodiment, the behavioral feature information includes login behavior information, and the judgment module is specifically used for:

[0033] If the login behavior information indicates that the number of accounts with the same IP address logging into the target system within a preset abnormal login time period is greater than a preset login account threshold, then the preset risk control trigger condition is determined to be met; and / or,

[0034] If the login behavior information indicates that the number of times a target user fails to log in to the target system within a preset historical time period is greater than a preset login failure threshold, then the preset risk control trigger condition is determined to be met.

[0035] In one embodiment, the behavioral feature information includes associated behavioral information, and the judgment module is specifically used for:

[0036] If the associated behavior information indicates that the number of cloud desktops associated with the same target user during the current risk control period is greater than the preset threshold for the number of cloud desktop associations, then the preset risk control triggering condition is determined to be met.

[0037] In one embodiment, the device further includes:

[0038] The instruction module is used to instruct the target user to enter an account name, static password, and dynamic password when the target user logs in on the target system.

[0039] Thirdly, this application also provides a computer device, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps described in the first aspect above.

[0040] Fourthly, this application also provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, performs the steps described in the first aspect above.

[0041] Fifthly, this application also provides a computer program product, including a computer program that, when executed by a processor, implements the steps described in the first aspect above.

[0042] The aforementioned risk control methods, devices, computer equipment, computer-readable storage media, and computer program products determine whether preset risk control trigger conditions are met based on the behavioral characteristics of the target user on the target system. If the preset risk control trigger conditions are met, a risk control trigger record is recorded. When the target user performs a target operation on the target system, if a risk control trigger record exists within the current risk control period, a second layer of verification is performed on the target user for the target operation. This second layer of verification is dynamic verification. The target operation includes logging in and changing a password. Thus, by determining whether risk control is triggered based on the behavioral characteristics of the target user on the target system and recording the risk control trigger record, and by performing operations such as logging in or changing a password on the target system, and if a risk control trigger record exists within the current risk control period, a second layer of dynamic verification is performed on the target user for the target operation. The risk within the current risk control period is assessed based on user behavior, and when the risk is too high, an additional layer of dynamic verification is added for operations such as logging in and changing a password. Even if the password is leaked, unauthorized users cannot log in to the system using the leaked password, thereby improving security. Attached Figure Description

[0043] To more clearly illustrate the technical solutions in the embodiments of this application or related technologies, the drawings used in the description of the embodiments of this application or related technologies will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.

[0044] Figure 1 This is a flowchart illustrating a risk management method in one embodiment;

[0045] Figure 2 This is a flowchart illustrating the risk management method in another embodiment;

[0046] Figure 3 This is a schematic diagram illustrating the process of risk control or risk blocking for login in one embodiment;

[0047] Figure 4 This is a schematic diagram illustrating the process of risk control or risk blocking for password modification in one embodiment;

[0048] Figure 5 This is a structural block diagram of a risk control device in one embodiment;

[0049] Figure 6 This is an internal structural diagram of a computer device in one embodiment. Detailed Implementation

[0050] To make the objectives, technical solutions, and advantages of this application clearer, the following detailed description is provided in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the scope of this application.

[0051] In one embodiment, such as Figure 1As shown, a risk management method is provided. This embodiment illustrates the application of this method to a terminal, but it is understood that the method can also be applied to a server, or to a system including both a terminal and a server, and is implemented through the interaction between the terminal and the server. The terminal can be, but is not limited to, various personal computers, laptops, smartphones, tablets, IoT devices, and portable wearable devices. IoT devices can include smart speakers, smart TVs, smart air conditioners, smart in-vehicle devices, projection devices, etc. Portable wearable devices can include smartwatches, smart bracelets, head-mounted devices, etc. Head-mounted devices can be virtual reality (VR) devices, augmented reality (AR) devices, smart glasses, etc. The server can be a standalone physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server providing cloud computing services. In this embodiment, the method includes the following steps:

[0052] Step 101: Based on the behavioral characteristics of the target user on the target system, determine whether the preset risk control triggering conditions are met.

[0053] In this embodiment, the target user is the user subject to risk management, which can be a company employee or a customer. The company includes, but is not limited to, companies involved in finance. The target system is the system subject to risk management, which can be an internal company system or an external system, i.e., a system that provides services to customers. For example, the target user is an internal employee of an insurance company, and the target system is an internal system of the insurance company. Behavioral characteristic information is used to characterize the target user's operational behavior on the target system. Risk control triggering conditions are used to determine whether risk control is triggered.

[0054] In one example, every preset check period, the terminal determines whether the preset risk control trigger conditions are met based on the target user's behavioral characteristics on the target system.

[0055] In one example, the terminal determines in real time whether the preset risk control trigger conditions are met based on the target user's behavioral characteristics on the target system.

[0056] Step 102: If the preset risk control triggering conditions are met, record the risk control triggering record.

[0057] In this embodiment, if preset risk control triggering conditions are met, the terminal records the risk control triggering record and stores it in the target database. The target database is the database that stores the risk control triggering records, and it can retain only the risk control triggering records within the current risk control management period. For example, the terminal can clear the risk control triggering records from the previous risk control management period when the current risk control management period ends. The target database can be a remote dictionary service (Redis).

[0058] Step 103: When a target user performs a target operation on the target system, if a risk control trigger record exists within the current risk control period, then the target user's target operation will be subject to a second verification.

[0059] The second layer of verification is dynamic verification. Target operations include logging in and changing passwords.

[0060] In this embodiment, the target operation is the operation to be subject to risk control, and may also include other operations performed by the target user on the target system. For example, the target operation includes transferring funds. The risk control period can be a calendar day, i.e., 00:00:00-23:59:59 on that day. There may be no interval between adjacent risk control periods. The second layer of verification can be SMS verification code verification.

[0061] In one example, the terminal determines the risk coefficient corresponding to each system operation performed by the user on the target system. Then, the terminal selects system operations with risk coefficients greater than a preset risk coefficient threshold as target operations.

[0062] When a target user performs a target operation on the target system, if a risk control trigger record exists within the current risk management period, the terminal performs a second layer of verification for the target user's target operation. If both the first and second layers of verification for the target user's target operation on the target system pass, the terminal determines that the target user has passed the verification for performing the target operation on the target system. If either the first or second layer of verification for the target user's target operation on the target system fails, the terminal determines that the target user has passed the verification for performing the target operation on the target system. The first layer of verification may include account verification and password verification. Password verification can be static or dynamic.

[0063] In one example, if the target user successfully completes the target operation on the target system, the terminal sends a verification success indication message to the target user. This verification success indication message indicates that the target user has successfully completed the verification process for the target operation on the target system.

[0064] In the aforementioned risk control method, based on the behavioral characteristics of the target user on the target system, it determines whether risk control is triggered and records the risk control trigger record. When the target user performs operations such as logging in or changing their password on the target system, if a risk control trigger record exists within the current risk control period, a second layer of dynamic verification is performed on the target user's operation. This assesses the risk within the current risk control period based on user behavior, and when the risk is too high, an additional layer of dynamic verification is added for operations such as logging in and changing passwords. Even if the password is leaked, unauthorized users cannot log in to the system using the leaked password, thus improving security. Furthermore, this method not only manages risk for login operations but also for other operations such as changing passwords, preventing further harm after successful login by unauthorized users, further enhancing security. Moreover, when the risk is low, this method only performs one layer of verification, improving user operation efficiency, risk control efficiency, and user experience while ensuring security.

[0065] In an exemplary embodiment, the behavioral characteristic information includes password modification behavior information. The specific process of determining whether a preset risk control trigger condition is met based on the target user's behavioral characteristic information on the target system includes the following steps: If the password modification behavior information indicates that the number of times the target user successfully modified their password on the target system within the current risk control period is greater than a preset password modification frequency threshold, then the preset risk control trigger condition is determined to be met. And / or, if the password modification behavior information indicates that the time when the target user successfully modified their password on the target system falls within a preset abnormal password modification time period, then the preset risk control trigger condition is determined to be met.

[0066] In this embodiment, the password modification behavior information is used to characterize the password modification behavior of a target user on the target system. The password modification frequency threshold can be 5 times. When the target system is an internal enterprise system, the abnormal password modification time period can be during non-normal working hours, such as 00:00:00-04:59:59 daily. When the target system is an external system, the abnormal password modification time period can be during non-normal working hours or the user's rest time. The abnormal password modification time period can be preset and adjusted by the target user.

[0067] In the aforementioned risk control method, if the password modification behavior information indicates that the number of times the target user successfully changed their password on the target system within the current risk control period exceeds a preset password modification frequency threshold, then the preset risk control trigger condition is determined to be met; and / or, if the password modification behavior information indicates that the time when the target user successfully changed their password on the target system falls within a preset abnormal password modification time period, then the preset risk control trigger condition is determined to be met. Thus, when a user exhibits excessive password modification frequency within a certain period and / or password modification behavior outside of normal modification times, risk control is triggered to verify the user's abnormal password modification behavior, further enhancing security.

[0068] In an exemplary embodiment, the behavioral characteristic information includes binding behavior information. The specific process of determining whether a preset risk control trigger condition is met based on the target user's behavioral characteristic information on the target system includes the following steps: If the binding behavior information indicates that the number of mobile phone numbers bound by the same target user within the current risk control period is greater than a preset threshold for the number of mobile phone numbers bound by a user, then the preset risk control trigger condition is determined to be met. And / or, if the binding behavior information indicates that the number of users bound by the same mobile phone number within the current risk control period is greater than a preset threshold for the number of users bound by a mobile phone number, then the preset risk control trigger condition is determined to be met.

[0069] In this embodiment, the binding behavior information is used to characterize the binding behavior of a target user on the target system. The user-bound mobile phone number number threshold measures the number of mobile phone numbers bound by the same user, and can be preset and adjusted by the target user. For example, the user-bound mobile phone number number threshold is 2. The mobile phone number bound user number threshold measures the number of users bound by the same mobile phone number, and can be preset and adjusted by the target user. For example, the mobile phone number bound user number threshold is 2.

[0070] In the aforementioned risk control method, if the binding behavior information indicates that the number of mobile phone numbers bound by the same target user within the current risk control period exceeds a preset threshold for the number of mobile phone numbers bound by a user, then the preset risk control trigger condition is determined to be met; and / or, if the binding behavior information indicates that the number of users bound by the same mobile phone number within the current risk control period exceeds a preset threshold for the number of users bound by a mobile phone number, then the preset risk control trigger condition is determined to be met. Thus, when a user exhibits abnormal behavior regarding the number of mobile phone numbers bound by the same user and / or the number of users bound by the same mobile phone number, risk control is triggered to verify the abnormal binding behavior and the user's environment, further enhancing security.

[0071] In an exemplary embodiment, the behavioral characteristic information includes login behavior information. The specific process of determining whether a preset risk control trigger condition is met based on the target user's behavioral characteristic information on the target system includes the following steps: If the login behavior information indicates that the number of accounts with the same IP address logging into the target system within a preset abnormal login time period is greater than a preset login account threshold, then the preset risk control trigger condition is determined to be met. And / or, if the login behavior information indicates that the number of times the target user failed to log in to the target system within a preset historical time period is greater than a preset login failure count threshold, then the preset risk control trigger condition is determined to be met.

[0072] In this embodiment, login behavior information is used to characterize the login behavior of a target user on the target system. Accounts with the same IP address that log in to the target system within a preset abnormal login time period include the target user's accounts. The login account threshold can be preset and adjusted by the target user. For example, the login account threshold is 2. IP (Internet Protocol Address) is the Internet Protocol address. The historical time period can be the most recent past hour. For example, the login failure count threshold is 5 times.

[0073] In the aforementioned risk control method, if the login behavior information indicates that the number of accounts with the same IP address logging into the target system within a preset abnormal login period exceeds a preset login account threshold, then the preset risk control trigger condition is determined to be met; and / or, if the login behavior information indicates that the number of times a target user fails to log in to the target system within a preset historical period exceeds a preset login failure number threshold, then the preset risk control trigger condition is determined to be met. Thus, when a user exhibits behavior such as multiple account logins within an abnormal login period from the same IP address and / or an excessive number of login failures within a short period, risk control is triggered to verify the user's abnormal login behavior, user IP address, and user environment, thereby further improving security.

[0074] In an exemplary embodiment, the behavioral feature information includes associated behavioral information. The specific process of determining whether the preset risk control triggering conditions are met based on the behavioral feature information of the target user on the target system includes the following steps: if the associated behavioral information indicates that the number of cloud desktops associated by the same target user is greater than the preset threshold for the number of cloud desktops associated within the current risk control period, then it is determined that the preset risk control triggering conditions are met.

[0075] In this embodiment, the association behavior information is used to characterize the associated behaviors of a target user on the target system. Association behaviors may include the behavior of associating with cloud desktops. The threshold for the number of associated cloud desktops can be preset and adjusted by the target user. For example, the threshold for the number of associated cloud desktops is 2.

[0076] In the aforementioned risk control method, if the associated behavior information indicates that the number of cloud desktops associated with the same target user within the current risk control period exceeds a preset threshold for the number of associated cloud desktops, then the preset risk control trigger condition is determined to be met. Thus, when a user exhibits excessive behavior related to cloud desktops associated with other users, risk control is triggered to verify abnormal user login behavior and the user's environment, further enhancing security.

[0077] In one exemplary embodiment, the method further includes the following steps: when a target user logs in on a target system, instructing the target user to enter an account name, a static password, and a dynamic password.

[0078] In this embodiment, the static password is a fixed password that may contain at least one of uppercase and lowercase letters, numbers, and special symbols. The length of the static password is greater than or equal to a preset static password length threshold. The static password length threshold can be 8 characters. The static password can be the system default password or a password set by the target user. The dynamic password is a dynamically changing password, which can be a dynamic password, i.e., an unpredictable combination of random numbers generated according to a specific algorithm. For example, in the case where the target system is an internal system of an insurance company, the dynamic password can be a China Life Insurance password and / or a cloud assistant verification password.

[0079] When a target user logs in to the target system, the terminal instructs the user to enter their username, static password, and dynamic password. Then, the terminal performs the first layer of verification for the target user's intended action based on the entered username, static password, and dynamic password.

[0080] In the aforementioned risk control method, when a target user logs into the target system, they are instructed to enter their account name, static password, and dynamic security code. This first layer of verification for user login verifies not only the account and static password but also the dynamic security code, enabling more timely prevention of losses caused by password leaks, preventing unauthorized user logins, and further enhancing security.

[0081] In another embodiment, such as Figure 2As shown, the risk control method includes the following steps: Step 201, if the password modification behavior information indicates that the number of times the target user successfully modified their password on the target system within the current risk control period is greater than a preset password modification frequency threshold, then the preset risk control trigger condition is met. Step 202, if the password modification behavior information indicates that the time when the target user successfully modified their password on the target system falls within a preset abnormal password modification time period, then the preset risk control trigger condition is met. Step 203, if the binding behavior information indicates that the number of times the same target user binds a mobile phone number within the current risk control period is greater than a preset threshold for the number of mobile phone numbers bound by a user, then the preset risk control trigger condition is met. Step 204, if the binding behavior information indicates that the number of users bound by the same mobile phone number within the current risk control period is greater than a preset threshold for the number of users bound by a mobile phone number, then the preset risk control trigger condition is met. Step 205, if the login behavior information indicates that the number of accounts logging into the target system from the same IP address within a preset abnormal login time period is greater than a preset threshold for login accounts, then the preset risk control trigger condition is met. Step 206: If the login behavior information indicates that the number of times the target user failed to log in to the target system within a preset historical time period is greater than a preset login failure threshold, then the preset risk control trigger condition is determined to be met. Step 207: If the association behavior information indicates that the number of cloud desktops associated with the same target user within the current risk control period is greater than a preset cloud desktop association number threshold, then the preset risk control trigger condition is determined to be met. Step 208: If the preset risk control trigger condition is met, a risk control trigger record is recorded. Step 209: When the target user logs in to the target system, the target user is instructed to enter their account name, static password, and dynamic security code. Step 210: When the target user performs a target operation on the target system, if a risk control trigger record exists within the current risk control period, a second layer of verification is performed on the target user for the target operation.

[0082] In one embodiment, the terminal is the target system, which includes a front-end and a back-end. For example... Figure 3As shown, the process of risk control or risk blocking for login includes: When a target user logs into the target system, the front-end displays the login status, and the back-end generates a token (storing the application code, etc.). Then, the front-end displays the login page and sends the obtained username and password to the back-end. The back-end authenticates the username and password. If authentication fails, the front-end displays an error message; if authentication succeeds, the back-end queries the risk control trigger records for the day. If no risk control trigger records are found for the day, the front-end displays "Login Successful"; if risk control trigger records are found, the back-end records the successful login in Redis and triggers the second layer of risk control verification. Then, the back-end returns a random risk to the front-end. The front-end prompts for an SMS verification code in a pop-up window. Then, the front-end sends the random risk verification code to the back-end. The back-end verifies the Redis and SMS verification codes based on the random risk verification code. If the verification fails, the front-end displays an error message; if the verification succeeds, the back-end clears Redis, and the front-end displays "Login Successful." In this way, this method promptly notifies users of logins, making them aware of the login process.

[0083] In one embodiment, the terminal is the target system, which includes a front-end and a back-end. For example... Figure 4 As shown, the process of risk control or risk prevention for password changes includes: When a target user changes their password on the target system, the front-end displays the login status, and the back-end generates a token, storing the user ID, etc. Then, the back-end returns the token to the front-end. The front-end displays the user's personal information page and sends the token to the back-end. The back-end then queries the risk control trigger records for the day. If no risk control trigger records are found, the front-end displays the password change page. If risk control trigger records are found, the back-end records the user triggering a second layer of risk control verification in Redis. The front-end then prompts for an SMS verification code. The back-end retrieves the password and SMS verification code from the password change page. The back-end then verifies the password, Redis data, and SMS verification code. If the verification fails, the front-end displays an error message; if the verification succeeds, the back-end clears Redis, saves the new password, and the front-end displays a success message. In this way, this method promptly notifies the user of password changes, making the user aware of the change.

[0084] It should be understood that although the steps in the flowcharts of the embodiments described above are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order restriction on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the flowcharts of the embodiments described above may include multiple steps or multiple stages. These steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the steps or stages of other steps.

[0085] Based on the same inventive concept, this application also provides a risk management device for implementing the risk management method described above. The solution provided by this device is similar to the solution described in the above method; therefore, the specific limitations in one or more risk management device embodiments provided below can be found in the limitations of the risk management method described above, and will not be repeated here.

[0086] In one exemplary embodiment, such as Figure 5 As shown, a risk control device 500 is provided, including: a judgment module 510, a recording module 520, and a verification module 530, wherein:

[0087] The judgment module 510 is used to determine whether the preset risk control triggering conditions are met based on the behavioral characteristics information of the target user on the target system.

[0088] The recording module 520 is used to record risk control triggering records if preset risk control triggering conditions are met.

[0089] The verification module 530 performs a second layer of verification on the target user's target operation when the target user performs the target operation on the target system. If a risk control trigger record exists within the current risk control period, the second layer of verification is dynamic verification. The target operation includes logging in and changing the password.

[0090] Optionally, the behavioral characteristic information includes password modification behavior information, and the judgment module 510 is specifically used for:

[0091] If the password modification behavior information indicates that the number of times the target user successfully modified their password on the target system within the current risk control period exceeds a preset password modification frequency threshold, then the preset risk control trigger condition is determined to be met; and / or,

[0092] If the password modification behavior information indicates that the target user successfully modified the password on the target system within a preset abnormal password modification time period, then the preset risk control triggering condition is determined to be met.

[0093] Optionally, the behavioral feature information includes bound behavioral information, and the judgment module 510 is specifically used for:

[0094] If the binding behavior information indicates that the number of mobile phone numbers bound by the same target user within the current risk control period exceeds a preset threshold for the number of mobile phone numbers bound by a user, then the preset risk control trigger condition is determined to be met; and / or,

[0095] If the binding behavior information indicates that the number of users bound to the same mobile number is greater than the preset threshold for the number of users bound to the same mobile number during the current risk control period, then the preset risk control trigger condition is determined to be met.

[0096] Optionally, the behavioral feature information includes login behavior information, and the judgment module 510 is specifically used for:

[0097] If the login behavior information indicates that the number of accounts with the same IP address logging into the target system within a preset abnormal login time period is greater than a preset login account threshold, then the preset risk control trigger condition is determined to be met; and / or,

[0098] If the login behavior information indicates that the number of times a target user fails to log in to the target system within a preset historical time period is greater than a preset login failure threshold, then the preset risk control trigger condition is determined to be met.

[0099] Optionally, the behavioral feature information includes associated behavioral information, and the judgment module 510 is specifically used for:

[0100] If the associated behavior information indicates that the number of cloud desktops associated with the same target user during the current risk control period is greater than the preset threshold for the number of cloud desktop associations, then the preset risk control triggering condition is determined to be met.

[0101] Optionally, the device 500 further includes:

[0102] The instruction module is used to instruct the target user to enter an account name, static password, and dynamic password when the target user logs in on the target system.

[0103] Each module in the aforementioned risk management device can be implemented entirely or partially through software, hardware, or a combination thereof. These modules can be embedded in or independent of the processor in a computer device, or stored in the memory of a computer device as software, so that the processor can call and execute the corresponding operations of each module.

[0104] In one exemplary embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as follows: Figure 6 As shown, the computer device includes a processor, memory, input / output interfaces, a communication interface, a display unit, and an input device. The processor, memory, and input / output interfaces are connected via a system bus, and the communication interface, display unit, and input device are also connected to the system bus via the input / output interfaces. The processor provides computing and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system and computer programs. The internal memory provides an environment for the operation of the operating system and computer programs stored in the non-volatile storage media. The input / output interfaces are used for exchanging information between the processor and external devices. The communication interface is used for wired or wireless communication with external terminals; wireless communication can be achieved through Wi-Fi, mobile cellular networks, Near Field Communication (NFC), or other technologies. When the computer program is executed by the processor, it implements a risk management method. The display unit is used to form a visually visible image and can be a display screen, a projection device, or a virtual reality imaging device. The display screen can be an LCD screen or an e-ink screen. The input device of the computer device can be a touch layer covering the display screen, or buttons, trackballs, or touchpads set on the casing of the computer device, or external keyboards, touchpads, or mice, etc.

[0105] Those skilled in the art will understand that Figure 6 The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. Specific computer devices may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.

[0106] In one exemplary embodiment, a computer device is provided, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps in the above-described method embodiments.

[0107] In one embodiment, a computer-readable storage medium is provided having a computer program stored thereon, which, when executed by a processor, implements the steps in the above method embodiments.

[0108] In one embodiment, a computer program product is provided, including a computer program that, when executed by a processor, implements the steps in the above method embodiments.

[0109] It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, data stored, data displayed, etc.) involved in this application are all information and data authorized by the user or fully authorized by all parties, and the collection, use and processing of the relevant data must comply with relevant regulations.

[0110] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in a non-volatile computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. Any references to memory, databases, or other media used in the embodiments provided in this application can include at least one of non-volatile memory and volatile memory. Non-volatile memory can include read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, high-density embedded non-volatile memory, resistive random access memory (ReRAM), magnetic random access memory (MRAM), ferroelectric random access memory (FRAM), phase change memory (PCM), graphene memory, etc. Volatile memory can include random access memory (RAM) or external cache memory, etc. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM). The databases involved in the embodiments provided in this application may include at least one type of relational database and non-relational database. Non-relational databases may include, but are not limited to, blockchain-based distributed databases. The processors involved in the embodiments provided in this application may be general-purpose processors, central processing units, graphics processing units, digital signal processors, programmable logic devices, quantum computing-based data processing logic devices, artificial intelligence (AI) processors, etc., and are not limited to these.

[0111] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this application.

[0112] The embodiments described above are merely illustrative of several implementation methods of this application, and while the descriptions are specific and detailed, they should not be construed as limiting the scope of this patent application. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the protection scope of this application. Therefore, the protection scope of this application should be determined by the appended claims.

Claims

1. A risk management method, characterized in that, The method includes: Based on the behavioral characteristics of the target user on the target system, determine whether the preset risk control trigger conditions are met; If the preset risk control trigger conditions are met, the risk control trigger record is recorded. When the target user performs a target operation on the target system, if a risk control trigger record exists within the current risk control period, a second layer of verification is performed on the target user for the target operation; the second layer of verification is dynamic verification; the target operation includes logging in and changing password; The behavioral feature information includes associated behavioral information. The step of determining whether the preset risk control triggering conditions are met based on the target user's behavioral feature information on the target system includes: If the associated behavior information indicates that the number of cloud desktops associated with the same target user during the current risk control period is greater than the preset threshold for the number of cloud desktop associations, then the preset risk control triggering condition is determined to be met.

2. The method according to claim 1, characterized in that, The behavioral characteristic information includes password modification behavior information. The step of determining whether the preset risk control trigger conditions are met based on the target user's behavioral characteristic information on the target system includes: If the password modification behavior information indicates that the number of times the target user successfully modified their password on the target system within the current risk control period exceeds a preset password modification frequency threshold, then the preset risk control trigger condition is determined to be met; and / or, If the password modification behavior information indicates that the target user successfully modified the password on the target system within a preset abnormal password modification time period, then the preset risk control triggering condition is determined to be met.

3. The method according to claim 1, characterized in that, The behavioral characteristic information includes bound behavioral information. The step of determining whether the preset risk control triggering conditions are met based on the target user's behavioral characteristic information on the target system includes: If the binding behavior information indicates that the number of mobile phone numbers bound by the same target user within the current risk control period exceeds a preset threshold for the number of mobile phone numbers bound by a user, then the preset risk control trigger condition is determined to be met; and / or, If the binding behavior information indicates that the number of users bound to the same mobile number is greater than the preset threshold for the number of users bound to the same mobile number during the current risk control period, then the preset risk control trigger condition is determined to be met.

4. The method according to claim 1, characterized in that, The behavioral characteristic information includes login behavior information. The step of determining whether the preset risk control trigger conditions are met based on the target user's behavioral characteristic information on the target system includes: If the login behavior information indicates that the number of accounts with the same IP address logging into the target system within a preset abnormal login time period is greater than a preset login account threshold, then the preset risk control trigger condition is determined to be met; and / or, If the login behavior information indicates that the number of times a target user fails to log in to the target system within a preset historical time period is greater than a preset login failure threshold, then the preset risk control trigger condition is determined to be met.

5. The method according to claim 1, characterized in that, The method further includes: When the target user logs in on the target system, the target user is instructed to enter an account name, static password, and dynamic password.

6. A risk management device, characterized in that, The device includes: The judgment module is used to determine whether the preset risk control trigger conditions are met based on the behavioral characteristics of the target user on the target system. The recording module is used to record risk control triggering conditions if they are met. The verification module performs a second layer of verification on the target user when the target user performs a target operation on the target system. If a risk control trigger record exists within the current risk control period, the module performs a second layer of verification on the target user's target operation. The second layer of verification is dynamic verification. The target operation includes logging in and changing the password. The behavioral feature information includes associated behavioral information, and the judgment module is specifically used for: If the associated behavior information indicates that the number of cloud desktops associated with the same target user during the current risk control period is greater than the preset threshold for the number of cloud desktop associations, then the preset risk control triggering condition is determined to be met.

7. A computer device comprising a memory and a processor, wherein the memory stores a computer program, characterized in that, When the processor executes the computer program, it implements the steps of the method according to any one of claims 1 to 5.

8. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1 to 5.

9. A computer program product, comprising a computer program, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1 to 5.