Note : Les revendications sont présentées dans la langue officielle dans laquelle elles ont été soumises.
Claims:
1. A device comprising:
an obtaining module, configured to obtain at least one behavior data produced
by a
user on a current page of a client end;
an analyzing module, configured to:
analyze the at least one behavior data;
obtain risk information of the current page;
a judging module, configured to judge whether a current link node to which the
current page corresponds is a head node of a link, wherein link nodes to which
at
least one page corresponds chronologically form a link;
a recording module, configured to record, when the judging module judges
positive,
the risk information of the current page as the risk information of the
current link
node;
a calculating module, configured to calculate, when the judging module judges
negative, the risk information of the current link node according to the risk
information of the current page and the risk information of a link node
previous to
the current link node on the link; and
an identifying module, configured to identify whether the user is a risk user
according to the risk information of all link nodes including the current link
node on
the link.
2. The device of claim 1, wherein the analyzing module is further
configured to:
obtain at least one behavior feature from the at least one behavior data;
input various behavior features as obtained into a rule engine is performed
with rule
evaluation;
23
Date re we/Date received 2024-02-14
obtain risk levels of the various behavior features; and
determine the risk information of the current page according to the risk
levels of the
various behavior features.
3. The device of claim 2, wherein the analyzing module is further
configured to:
determine highest risk level from the risk levels of the various behavior
features; and
determine the risk information of the current page according to the highest
risk level.
4. The device of any one of claims 1 to 3, wherein the risk information
includes respective
probabilities of plural risk levels.
5. The device of claim 4, wherein the calculating module is further
configured to:
with respect to each of the risk levels, calculate in accordance with a preset
calculation formula to obtain probability of the risk level of the current
link node
according to the probability of the risk level of the current page and the
probability of
the risk level of previous link node;
wherein the preset calculation formula is:
Mi' = Ni * a + Mi * (1 ¨ a);
where N is probability of risk level i of the current page, Mi is probability
of risk
level i of the previous link node, Mi' is probability of risk level i of the
current link
node, a is a coefficient, and 0< a < 0.5.
6. The device of claim 5, wherein the identifying module is further
configured to:
with respect to each link node in all the link nodes, determine the risk level
with
highest probability from probabilities of the risk levels of the link node;
determine the risk level with the highest probability as ultimate risk level
of the link
node;
24
Date recue/Date received 2024-02-14
count number of occurrences of the ultimate risk levels of all the link nodes;
determine the ultimate risk level whose number of occurrences satisfies a
preset
condition as the risk level of the user;
judge whether the risk level of the user is in a preset level range; and
determine whether the user is a normal user or the risk user according to a
judging
result
7. The device of claim 1, further comprises a risk processing module
configured to make
identity authentication on the user or perform a corresponding restriction
operation on the
user.
8. The device of any one of claims 1 to 7, wherein the client end is
installed in any
electronic equipment having a processor and a memory.
9. The device of any one of claims 1 to 8, wherein the client end includes
a shopping client
end, a loan-borrowing client end.
10. The device of any one of claims 1 to 9, wherein the electronic
equipment includes
personal computers, notebook computers, smart mobile phones, panel computers,
and
portable wearable devices.
11. The device of any one of claims 1 to 10, wherein a data collecting tool
is preconfigured
on the client end, wherein the data collecting tool collects behavior data
produced by the
user on the current page of the client end, to upload the behavior data to a
server.
12. The device of any one of claims 1 to 11, wherein an application (APP)
client end, a
software development kit (SDK) collecting tool is preconfigured at the APP
client end,
and the behavior data produced when the user operates on a page of the APP
client end is
collected via an SDK collecting interface.
Date recue/Date received 2024-02-14
13. The device of any one of claims 1 to 12, wherein a hypertext markup
language (HTML)
end or an applet end, a JavaScript collecting tool id preconfigured, and user
behavior
data is collected from a webpage or the applet end through a JavaScript.'
collecting
interface.
14. The device of any one of claims 1 to 13, wherein the user makes
operations on the client
end, including making a registration operation on a regisuation page, making a
login
operation on a login page, wherein corresponding behavior data is generated
with respect
to these operations, and wherein the behavior data includes clicking behavior
data,
including position coordinates and time durations of clicks, and sliding the
behavior data,
including sliding distance, acceleration, and angle.
15. The device of any one of claims 1 to 14, wherein the behavior data
includes terminal
equipment information, including equipment gyroscope data, equipment
acceleration
data, and screen temperature.
16. The device of any one of claims 1 to 15, wherein the server receives
the behavior data
produced by the user on the current page of the APP client end as collected by
SDK,
and/or receives the behavior data produced by the user on the current page of
the HTML
end or the applet end as collected by JavaScriptTM.
17. The device of any one of claims 1 to 16, wherein the SDK collecting
interface and the
JavaScript' collecting interface support continuous collection, and realizes
the
collection of the user behavior data without interfering with business system.
18. The device of any one of claims 1 to 17, wherein the at least one
behavior feature is
obtained from the at least one behavior data.
19. The device of any one of claims 1 to 18, wherein the server performs
statistical analysis
includes plural pieces of the behavior data as coordinate position of a
clicked page, the
time duration of the clicked page, the sliding distance, the sliding
acceleration, sliding
angle, the equipment gyroscope data, the equipment acceleration data, and the
screen
temperature, and
26
Date recue/Date received 2024-02-14
20. The device of any one of claims 1 to 19, wherein the server calculates
to obtain plural
behavior features including page clicking frequency, fluctuation in page
clicking time
durations, fluctuation in the sliding distances, interval of sliding
accelerations, interval of
the sliding angles, equipment motion information, screen temperature change
information.
21. The device of any one of claims 1 to 20, wherein performing analytical
comparison on
the various behavior features with a corresponding preset normal range through
the rule
engine to obtain deviation degrees wherein the deviation degrees are degrees
where the
behavior features exceed the corresponding preset normal range, of the various
behavior
features, determines deviation degree interval ranges in which the deviation
degrees of
the various behavior features locate, and determines the risk levels of the
various
behavior features according to correspondence relations between preset
deviation degree
interval ranges and the risk levels.
22. The device of any one of claims 1 to 21, wherein the risk levels are
classified as no risk,
low risk, medium risk and high risk, wherein higher the deviation degree is,
the higher is
the risk level.
23. The device of any one of claims 1 to 22, wherein the risk information
of the current page
includes the risk levels, and the highest risk level is directly determined as
the risk level
of the current page.
24. The device of any one of claims 1 to 23, wherein each behavior of the
user is taken as a
node, and a series of nodes is chronologically linked together according to
order of times
user behavior occurred, wherein the link is formed in form of an event flow,
wherein the
link records a behavior track of current operation of the user.
25. The device of any one of claims 1 to 24, wherein plural links are
formed for one user,
wherein one link corresponds to the behavior track of one operation of the
user, and
different behavior tacks at each operation of the user, and orders of all link
nodes
possessed by each link is different.
27
Date recue/Date received 2024-02-14
26. The device of any one of claims 1 to 25, wherein plural different risk
levels are classified
in advance, including no risk, low risk, medium risk and high risk.
27. The device of any one of claims 1 to 26, wherein the risk level of the
current link node is
determined, there is a 100% probability for the current link node to have this
risk level,
and the probability for the current link node to have any other risk level is
O.
28. The device of any one of claims 1 to 27, wherein a is 0.2.
29. The device of any one of claims 1 to 28, wherein the risk level of the
user is in the preset
level range, it is determined the user is the risk user, and the user is
marked with a
corresponding risk level label;
30. The device of any one of claims 1 to 29, wherein the risk level of the
user is not in the
preset level range, the user is the normal user.
31. The device of any one of claims 1 to 30, wherein the preset level range
is set as
practically required.
32. The device of any one of claims 1 to 31, wherein the preset level range
is set as medium
risk and high risk.
33. The device of any one of claims 1 to 32, wherein the restriction
operation includes
disabling key functions on the page, wherein the key functions include
checking,
inputting and submitting.
34. The device of any one of claims 1 to 33, wherein the at least one
behavior data includes
coordinate position of the clicked page, the time duration of the clicked
page, sliding
distance, the sliding acceleration, the sliding angle, the equipment gyroscope
data, the
equipment acceleration data, and the screen temperature.
35. A system comprising:
an obtaining module, configured to obtain at least one behavior data produced
by a
user on a current page of a client end;
28
Date recue/Date received 2024-02-14
an analyzing module, configured to:
analyze the at least one behavior data;
obtain risk information of the current page;
a judging module, configured to judge whether a current link node to which the
current page corresponds is a head node of a link, wherein link nodes to which
at
least one page corresponds chronologically form a link;
a recording module, configured to record, when the judging module judges
positive,
the risk information of the current page as the risk information of the
current link
node;
a calculating module, configured to calculate, when the judging module judges
negative, the risk information of the current link node according to the risk
information of the current page and the risk information of a link node
previous to
the current link node on the link; and
an identifying module, configured to identify whether the user is a risk user
according to the risk infaimation of all link nodes including the current link
node on
the link.
36. The system of claim 35, wherein the analyzing module is further
configured to:
obtain at least one behavior feature from the at least one behavior data;
input various behavior features as obtained into a rule engine is performed
with rule
evaluation;
obtain risk levels of the various behavior features; and
determine the risk information of the current page according to the risk
levels of the
various behavior features.
37. The system of claim 36, wherein the analyzing module is further
configured to:
29
Date recue/Date received 2024-02-14
determine highest risk level from the risk levels of the various behavior
features; and
determine the risk information of the current page according to the highest
risk level.
38. The system of any one of claims 35 to 37, wherein the risk information
includes
respective probabilities of plural risk levels.
39. The system of claim 38, wherein the calculating module is further
configured to:
with respect to each of the risk levels, calculate in accordance with a preset
calculation formula to obtain probability of the risk level of the current
link node
according to the probability of the risk level of the current page and the
probability of
the risk level of previous link node;
wherein the preset calculation formula is:
Mi' = N1* a + Mi * (1 ¨ a);
where N1 is probability of risk level i of the current page, M1 is probability
of risk
level i of the previous link node, Mi' is probability of risk level i of the
current link
node, a is a coefficient, and 0< a < O.S.
40. The system of claim 39, wherein the identifying module is further
configured to:
with respect to each link node in all the link nodes, determine the risk level
with
highest probability from probabilities of the risk levels of the link node;
detelinine the risk level with the highest probability as ultimate risk level
of the link
node;
count number of occurrences of the ultimate risk levels of all the link nodes;
determine the ultimate risk level whose number of occurrences satisfies a
preset
condition as the risk level of the user;
judge whether the risk level of the user is in a preset level range; and
Date re we/Date received 2024-02-14
determine whether the user is a normal user or the risk user according to a
judging
result.
41. The system of claim 35, further comprises a risk processing module
configured to make
identity authentication on the user or perform a corresponding restriction
operation on the
user.
42. The system of any one of claims 35 to 41, wherein the client end is
installed in any
electronic equipment having a processor and a memory.
43. The system of any one of claims 35 to 42, wherein the client end
includes a shopping
client end, a loan-borrowing client end.
44. The system of any one of claims 35 to 43, wherein the electronic
equipment includes
personal computers, notebook computers, smart mobile phones, panel computers,
and
portable wearable devices.
45. The system of any one of claims 35 to 44, wherein a data collecting
tool is preconfigured
on the client end, wherein the data collecting tool collects behavior data
produced by the
user on the current page of the client end, to upload the behavior data to a
server.
46. The system of any one of claims 35 to 45, wherein an application (APP)
client end, a
software development kit (SDK) collecting tool is preconfigured at the APP
client end,
and the behavior data produced when the user operates on a page of the APP
client end is
collected via an SDK collecting interface.
47. The system of any one of claims 35 to 46, wherein a hypertext markup
language (HTML)
end or an applet end, a JavaScripem collecting tool id preconfigured, and user
behavior
data is collected from a webpage or the applet end through a JavaScriptim
collecting
interface.
31
Date recue/Date received 2024-02-14
48. The system of any one of claims 35 to 47, wherein the user makes
operations on the
client end, including making a registration operation on a registration page,
making a
login operation on a login page, wherein corresponding behavior data is
generated with
respect to these operations, and wherein the behavior data includes clicking
behavior
data, including position coordinates and time durations of clicks, and sliding
the behavior
data, including sliding distance, acceleration, and angle.
49. The system of any one of claims 35 to 48, wherein the behavior data
includes terminal
equipment information, including equipment gyroscope data, equipment
acceleration
data, and screen temperature.
50. The system of any one of claims 35 to 49, wherein the server receives
the behavior data
produced by the user on the current page of the APP client end as collected by
SDK,
and/or receives the behavior data produced by the user on the current page of
the HTML
end or the applet end as collected by JavaScriptTM.
51. The system of any one of claims 35 to 50, wherein the SDK collecting
interface and the
JavaScriptrm collecting interface support continuous collection, and realizes
the
collection of the user behavior data without interfering with business system.
52. The system of any one of claims 35 to 51, wherein the at least one
behavior feature is
obtained from the at least one behavior data.
53. The system of any one of claims 35 to 52, wherein the server performs
statistical analysis
includes plural pieces of the behavior data as coordinate position of a
clicked page, the
time duration of the clicked page, the sliding distance, the sliding
acceleration, sliding
angle, the equipment gyroscope data, the equipment acceleration data, and the
screen
temperature, and
54. The system of any one of claims 35 to 53, wherein the server calculates
to obtain plural
behavior features including page clicking frequency, fluctuation in page
clicking time
durations, fluctuation in the sliding distances, interval of sliding
accelerations, interval of
the sliding angles, equipment motion information, screen temperature change
information.
32
Date recue/Date received 2024-02-14
55. The system of any one of claims 35 to 54, wherein performing analytical
comparison on
the various behavior features with a corresponding preset normal range through
the rule
engine to obtain deviation degrees wherein the deviation degrees are degrees
where the
behavior features exceed the corresponding preset normal range, of the various
behavior
features, determines deviation degree interval ranges in which the deviation
degrees of
the various behavior features locate, and determines the risk levels of the
various
behavior features according to correspondence relations between preset
deviation degree
interval ranges and the risk levels.
56. The system of any one of claims 35 to 55, wherein the risk levels are
classified as no risk,
low risk, medium risk and high risk, wherein higher the deviation degree is,
the higher is
the risk level.
57. The system of any one of claims 35 to 56, wherein the risk information
of the current
page includes the risk levels, and the highest risk level is directly
determined as the risk
level of the current page.
58. The system of any one of claims 35 to 57, wherein each behavior of the
user is taken as a
node, and a series of nodes is chronologically linked together according to
order of times
user behavior occurred, wherein the link is formed in form of an event flow,
wherein the
link records a behavior track of current operation of the user.
59. The system of any one of claims 35 to 58, wherein plural links are
formed for one user,
wherein one link corresponds to the behavior track of one operation of the
user, and
different behavior tracks at each operation of the user, and orders of all
link nodes
possessed by each link is different.
60. The system of any one of claims 35 to 59, wherein plural different risk
levels are
classified in advance, including no risk, low risk, medium risk and high risk.
61. The system of any one of claims 35 to 60, wherein the risk level of the
current link node
is determined, there is a 100% probability for the current link node to have
this risk level,
and the probability for the current link node to have any other risk level is
O.
33
Date recue/Date received 2024-02-14
62. The system of any one of claims 35 to 61, wherein a is 0.2.
63. The system of any one of claims 35 to 62, wherein the risk level of the
user is in the
preset level range, it is determined the user is the risk user, and the user
is marked with a
corresponding risk level label;
64. The system of any one of claims 35 to 63, wherein the risk level of the
user is not in the
preset level range, the user is the normal user.
65. The system of any one of claims 35 to 64, wherein the preset level
range is set as
practically required.
66. The system of any one of claims 35 to 65, wherein the preset level
range is set as medium
risk and high risk.
67. The system of any one of claims 35 to 66, wherein the restriction
operation includes
disabling key functions on the page, wherein the key functions include
checking,
inputting and submitting.
68. The system of any one of claims 35 to 67, wherein the at least one
behavior data includes
coordinate position of the clicked page, the time duration of the clicked
page, sliding
distance, the sliding acceleration, the sliding angle, the equipment gyroscope
data, the
equipment acceleration data, and the screen temperature.
69. A method comprising:
obtaining at least one behavior data produced by a user on a current page of a
client
end;
analyzing the at least one behavior data;
obtaining risk information of the current page;
judging whether a current link node with the current page corresponds is a
head node
of a link, wherein link nodes to which at least one page corresponds to
chronologically form a link;
34
Date recue/Date received 2024-02-14
wherein yes, recording the risk information of the current page as the risk
information of the current link node;
wherein not, calculating the risk information of the current link node
according to the
risk information of the current page and the risk information of a link node
before the
current link node on the link; and
identifying whether the user is a risk user according to the risk information
of all link
nodes including the current link node on the link.
70. The method of claim 69, wherein analyzing the at least one behavior
data, and obtaining
the risk information of the current page comprises:
obtaining at least one behavior feature from the at least one behavior data;
inputting various behavior features as obtained into a rule engine performed
with rule
evaluation;
obtaining risk levels of the various behavior features; and
determining the risk information of the current page according to the risk
levels of
the various behavior features.
71. The method of claim 70, wherein determining the risk information of the
current page
according to the risk levels of the various behavior features comprises:
determining highest risk level from the risk levels of the various behavior
features;
and
determining the risk infolination of the current page according to the highest
risk
level.
72. The method of any one of claims 69 to 71, wherein the risk information
includes
respective probabilities of plural risk levels.
3 5
Date recue/Date received 2024-02-14
73. The method of claim 72, wherein calculating the risk information of the
current link node
according to the risk information of the current page and the risk information
of the link
node before the current link node on the link comprises:
with respect to each of the risk levels, calculating in accordance with a
preset
calculation formula to obtain probability of the risk level of the current
link node
according to the probability of the risk level of the current page and the
probability of
the risk level of previous link node;
wherein the preset calculation formula is:
Mi' = Ni * a + Mi * (1 ¨ a);
where Ni is probability of risk level i of the current page, Mi is probability
of risk
level i of the previous link node, Mi' is probability of risk level i of the
current link
node, a is a coefficient, and 0< a < 0.5.
74. The method of claim 73, wherein identifying whether the user is the
risk user according
to the risk information of all link nodes including the current link node on
the link
comprises:
with respect to each link node in all the link nodes, determining the risk
level with
highest probability from probabilities of the risk levels of the link node;
determining the risk level with the highest probability as ultimate risk level
of the
link node;
counting number of occurrences of the ultimate risk levels of all the link
nodes;
determining the ultimate risk level whose number of occurrences satisfies a
preset
condition as the risk level of the user;
judging whether the risk level of the user is in a preset level range; and
determining whether the user is a normal user or the risk user according to a
judging
result.
36
Date re we/Date received 2024-02-14
75. The method of claim 69, further comprising:
making identity authentication on the user or performing a corresponding
restriction
operation on the user.
76. The method of any one of claims 69 to 75, wherein the client end is
installed in any
electronic equipment having a processor and a memory.
77. The method of any one of claims 69 to 76, wherein the client end
includes a shopping
client end, a loan-borrowing client end.
78. The method of any one of claims 69 to 77, wherein the electronic
equipment includes
personal computers, notebook computers, smart mobile phones, panel computers,
and
portable wearable devices.
79. The method of any one of claims 69 to 78, wherein a data collecting
tool is preconfigured
on the client end, wherein the data collecting tool collects behavior data
produced by the
user on the current page of the client end, to upload the behavior data to a
server.
80. The method of any one of claims 69 to 79, wherein an application (APP)
client end, a
software development kit (SDK) collecting tool is preconfigured at the APP
client end,
and the behavior data produced when the user operates on a page of the APP
client end is
collected via an SDK collecting interface.
81. The method of any one of claims 69 to 80, wherein a hypertext markup
language
(HTML) end or an applet end, a JavaScriptrm collecting tool id preconfigured,
and user
behavior data is collected from a webpage or the applet end through a
JavaScriptim
collecting interface.
82. The method of any one of claims 69 to 81, wherein the user makes
operations on the
client end, including making a registration operation on a registration page,
making a
login operation on a login page, wherein corresponding behavior data is
generated with
respect to these operations, and wherein the behavior data includes clicking
behavior
data, including position coordinates and time durations of clicks, and sliding
the behavior
data, including sliding distance, acceleration, and angle.
37
Date recue/Date received 2024-02-14
83. The method of any one of claims 69 to 82, wherein the behavior data
includes terminal
equipment information, including equipment gyroscope data, equipment
acceleration
data, and screen temperature.
84. The method of any one of claims 69 to 83, wherein the server receives
the behavior data
produced by the user on the current page of the APP client end as collected by
SDK,
and/or receives the behavior data produced by the user on the current page of
the HTML
end or the applet end as collected by JavaScriptim.
85. The method of any one of claims 69 to 84, wherein the SDK collecting
interface and the
JavaScripe" collecting interface support continuous collection, and realizes
the
collection of the user behavior data without interfering with business system.
86. The method of any one of claims 69 to 85, wherein the at least one
behavior feature is
obtained from the at least one behavior data.
87. The method of any one of claims 69 to 86, wherein the server performs
statistical analysis
includes plural pieces of the behavior data as coordinate position of a
clicked page, the
time duration of the clicked page, the sliding distance, the sliding
acceleration, sliding
angle, the equipment gyroscope data, the equipment acceleration data, and the
screen
temperature, and
88. The method of any one of claims 69 to 87, wherein the server calculates
to obtain plural
behavior features including page clicking frequency, fluctuation in page
clicking time
durations, fluctuation in the sliding distances, interval of sliding
accelerations, interval of
the sliding angles, equipment motion information, screen temperature change
information.
38
Date recue/Date received 2024-02-14
89. The method of any one of claims 69 to 88, wherein performing analytical
comparison on
the various behavior features with a corresponding preset normal range through
the rule
engine to obtain deviation degrees wherein the deviation degrees are degrees
where the
behavior features exceed the corresponding preset normal range, of the various
behavior
features, determines deviation degree interval ranges in which the deviation
degrees of
the various behavior features locate, and determines the risk levels of the
various
behavior features according to correspondence relations between preset
deviation degree
interval ranges and the risk levels.
90. The method of any one of claims 69 to 89, wherein the risk levels are
classified as no
risk, low risk, medium risk and high risk, wherein higher the deviation degree
is, the
higher is the risk level.
91. The method of any one of claims 69 to 90, wherein the risk information
of the current
page includes the risk levels, and the highest risk level is directly
determined as the risk
level of the current page.
92. The method of any one of claims 69 to 91, wherein each behavior of the
user is taken as a
node, and a series of nodes is chronologically linked together according to
order of times
user behavior occurred, wherein the link is formed in form of an event flow,
wherein the
link records a behavior track of current operation of the user.
93. The method of any one of claims 69 to 92, wherein plural links are
formed for one user,
wherein one link corresponds to the behavior track of one operation of the
user, and
different behavior tracks at each operation of the user, and orders of all
link nodes
possessed by each link is different.
94. The method of any one of claims 69 to 93, wherein plural different risk
levels are
classified in advance, including no risk, low risk, medium risk and high risk.
95. The method of any one of claims 69 to 94, wherein the risk level of the
current link node
is determined, there is a 100% probability for the current link node to have
this risk level,
and the probability for the current link node to have any other risk level is
0.
39
Date recue/Date received 2024-02-14
96. The method of any one of claims 69 to 95, wherein a is 0.2.
97. The method of any one of claims 69 to 96, wherein the risk level of the
user is in the
preset level range, it is determined the user is the risk user, and the user
is marked with a
corresponding risk level label;
98. The method of any one of claims 69 to 97, wherein the risk level of the
user is not in the
preset level range, the user is the normal user.
99. The method of any one of claims 69 to 98, wherein the preset level
range is set as
practically required.
100. The method of any one of claims 69 to 99, wherein the preset level range
is set as
medium risk and high risk.
101. The method of any one of claims 69 to 100, wherein the restriction
operation includes
disabling key functions on the page, wherein the key functions include
checking,
inputting and submitting.
102. The method of any one of claims 69 to 101, wherein the at least one
behavior data
includes coordinate position of the clicked page, the time duration of the
clicked page,
sliding distance, the sliding acceleration, the sliding angle, the equipment
gyroscope data,
the equipment acceleration data, and the screen temperature.
103. A computer equipment comprising:
one or more processor(s);
a memory; and
a program, stored in the memory, executed by the one or more processor(s)
configured to:
obtain at least one behavior data produced by a user on a current page of a
client end;
Date recue/Date received 2024-02-14
analyze the at least one behavior data;
obtain risk information of the current page;
judge whether a current link node with the current page corresponds is a
head node of a link, wherein link nodes to which at least one page
corresponds to chronologically form a link;
wherein yes, record the risk information of the current page as the risk
information of the current link node;
wherein not, calculate the risk information of the current link node
according to the risk information of the current page and the risk
information of a link node before the current link node on the link; and
identify whether the user is a risk user according to the risk information of
all link nodes including the current link node on the link.
104. The equipment of claim 103, wherein analyzing the at least one behavior
data, and
obtaining the risk information of the current page comprises:
obtaining at least one behavior feature from the at least one behavior data;
inputting various behavior features as obtained into a rule engine performed
with rule
evaluation;
obtaining risk levels of the various behavior features; and
determining the risk information of the current page according to the risk
levels of
the various behavior features.
105. The equipment of claim 104, wherein determining the risk information of
the current
page according to the risk levels of the various behavior features comprises:
determining highest risk level from the risk levels of the various behavior
features;
and
41
Date recue/Date received 2024-02-14
determining the risk information of the current page according to the highest
risk
level.
106. The equipment of any one of claims 103 to 105, wherein the risk
information includes
respective probabilities of plural risk levels.
107. The equipment of claim 106, wherein calculating the risk information of
the current link
node according to the risk information of the current page and the risk
information of the
link node before the current link node on the link comprises:
with respect to each of the risk levels, calculating in accordance with a
preset
calculation formula to obtain probability of the risk level of the current
link node
according to the probability of the risk level of the current page and the
probability of
the risk level of previous link node;
wherein the preset calculation formula is:
Mi' = Ni * a + Mi * (1 ¨ a);
where Ni is probability of risk level i of the current page, Mi is probability
of risk
level i of the previous link node, Mi' is probability of risk level i of the
current link
node, a is a coefficient, and 0< a < 0.5.
108. The equipment of claim 107, wherein identifying whether the user is the
risk user
according to the risk information of all link nodes including the current link
node on the
link comprises:
with respect to each link node in all the link nodes, determining the risk
level with
highest probability from probabilities of the risk levels of the link node;
determining the risk level with the highest probability as ultimate risk level
of the
link node;
counting number of occurrences of the ultimate risk levels of all the link
nodes;
42
Date re we/Date received 2024-02-14
determining the ultimate risk level whose number of occurrences satisfies a
preset
condition as the risk level of the user;
judging whether the risk level of the user is in a preset level range; and
determining whether the user is a normal user or the risk user according to a
judging
result.
109. The equipment of claim 103, further comprising:
making identity authentication on the user or performing a corresponding
restriction
operation on the user.
110. The equipment of any one of claims 103 to 109, wherein the client end
includes a
shopping client end, a loan-borrowing client end.
111. The equipment of any one of claims 103 to 110, includes personal
computers, notebook
computers, smart mobile phones, panel computers, and portable wearable
devices.
112. The equipment of any one of claims 103 to 111, wherein a data collecting
tool is
preconfigured on the client end, wherein the data collecting tool collects
behavior data
produced by the user on the current page of the client end, to upload the
behavior data to
a server.
113. The equipment of any one of claims 103 to 112, wherein an application
(APP) client end,
a software development kit (SDK) collecting tool is preconfigured at the APP
client end,
and the behavior data produced when the user operates on a page of the APP
client end is
collected via an SDK collecting interface.
114. The equipment of any one of claims 103 to 113, wherein a hypertext markup
language
(HTML) end or an applet end, a JavaScriptTm collecting tool id preconfigured,
and user
behavior data is collected from a webpage or the applet end through a
JavaScript'
collecting interface.
43
Date recue/Date received 2024-02-14
115. The equipment of any one of claims 103 to 114, wherein the user makes
operations on the
client end, including making a registration operation on a registration page,
making a
login operation on a login page, wherein corresponding behavior data is
generated with
respect to these operations, and wherein the behavior data includes clicking
behavior
data, including position coordinates and time durations of clicks, and sliding
the behavior
data, including sliding distance, acceleration, and angle.
116. The equipment of any one of claims 103 to 115, wherein the behavior data
includes
terminal equipment information, including equipment gyroscope data, equipment
acceleration data, and screen temperature.
117. The equipment of any one of claims 103 to 116, wherein the server
receives the behavior
data produced by the user on the current page of the APP client end as
collected by SDK,
and/or receives the behavior data produced by the user on the current page of
the HTML
end or the applet end as collected by JavaScriptTM.
118. The equipment of any one of claims 103 to 117, wherein the SDK collecting
interface and
the JavaScripem collecting interface support continuous collection, and
realizes the
collection of the user behavior data without interfering with business system.
119. The equipment of any one of claims 103 to 118, wherein the at least one
behavior feature
is obtained from the at least one behavior data.
120. The equipment of any one of claims 103 to 119, wherein the server
performs statistical
analysis includes plural pieces of the behavior data as coordinate position of
a clicked
page, the time duration of the clicked page, the sliding distance, the sliding
acceleration,
sliding angle, the equipment gyroscope data, the equipment acceleration data,
and the
screen temperature, and
121. The equipment of any one of claims 103 to 120, wherein the server
calculates to obtain
plural behavior features including page clicking frequency, fluctuation in
page clicking
time durations, fluctuation in the sliding distances, interval of sliding
accelerations,
interval of the sliding angles, equipment motion information, screen
temperature change
information.
44
Date recue/Date received 2024-02-14
122. The equipment of any one of claims 103 to 121, wherein performing
analytical
comparison on the various behavior features with a corresponding preset normal
range
through the rule engine to obtain deviation degrees wherein the deviation
degrees are
degrees where the behavior features exceed the corresponding preset normal
range, of the
various behavior features, determines deviation degree interval ranges in
which the
deviation degrees of the various behavior features locate, and determines the
risk levels of
the various behavior features according to correspondence relations between
preset
deviation degree interval ranges and the risk levels.
123. The equipment of any one of claims 103 to 122, wherein the risk levels
are classified as
no risk, low risk, medium risk and high risk, wherein higher the deviation
degree is, the
higher is the risk level.
124. The equipment of any one of claims 103 to 123, wherein the risk
information of the
current page includes the risk levels, and the highest risk level is directly
determined as
the risk level of the current page.
125. The equipment of any one of claims 103 to 124, wherein each behavior of
the user is
taken as a node, and a series of nodes is chronologically linked together
according to
order of times user behavior occurred, wherein the link is formed in form of
an event
flow, wherein the link records a behavior track of current operation of the
user.
126. The equipment of any one of claims 103 to 125, wherein plural links are
formed for one
user, wherein one link corresponds to the behavior track of one operation of
the user, and
different behavior tracks at each operation of the user, and orders of all
link nodes
possessed by each link is different.
127. The equipment of any one of claims 103 to 126, wherein plural different
risk levels are
classified in advance, including no risk, low risk, medium risk and high risk.
128. The equipment of any one of claims 103 to 127, wherein the risk level of
the current link
node is determined, there is a 100% probability for the current link node to
have this risk
level, and the probability for the current link node to have any other risk
level is 0.
Date recue/Date received 2024-02-14
129. The equipment of any one of claims 103 to 128, wherein a is 0.2.
130. The equipment of any one of claims 103 to 129, wherein the risk level of
the user is in the
preset level range, it is determined the user is the risk user, and the user
is marked with a
corresponding risk level label;
131. The equipment of any one of claims 103 to 130, wherein the risk level of
the user is not
in the preset level range, the user is the normal user.
132. The equipment of any one of claims 103 to 131, wherein the preset level
range is set as
practically required.
133. The equipment of any one of claims 103 to 132, wherein the preset level
range is set as
medium risk and high risk.
134. The equipment of any one of claims 103 to 133, wherein the restriction
operation
includes disabling key functions on the page, wherein the key functions
include checking,
inputting and submitting.
135. The equipment of any one of claims 103 to 134, wherein the at least one
behavior data
includes coordinate position of the clicked page, the time duration of the
clicked page,
sliding distance, the sliding acceleration, the sliding angle, the equipment
gyroscope data,
the equipment acceleration data, and the screen temperature.
136. A computer readable physical memory having stored thereon a computer
program
executed by a computer configured to:
obtain at least one behavior data produced by a user on a current page of a
client end;
analyze the at least one behavior data;
obtain risk information of the current page;
46
Date recue/Date received 2024-02-14
judge whether a current link node with the current page corresponds is a head
node
of a link, wherein link nodes to which at least one page corresponds to
chronologically form a link;
wherein yes, record the risk information of the current page as the risk
information of
the current link node;
wherein not, calculate the risk information of the current link node according
to the
risk information of the current page and the risk information of a link node
before the
current link node on the link; and
identify whether the user is a risk user according to the risk information of
all link
nodes including the current link node on the link.
137. The memory of claim 136, wherein analyzing the at least one behavior
data, and
obtaining the risk information of the current page comprises:
obtaining at least one behavior feature from the at least one behavior data;
inputting various behavior features as obtained into a rule engine performed
with rule
evaluation;
obtaining risk levels of the various behavior features; and
determining the risk information of the current page according to the risk
levels of
the various behavior features.
138. The memory of claim 137, wherein determining the risk information of the
current page
according to the risk levels of the various behavior features comprises:
determining highest risk level from the risk levels of the various behavior
features;
and
determining the risk information of the current page according to the highest
risk
level.
47
Date recue/Date received 2024-02-14
139. The memory of any one of claims 136 to 138, wherein the risk information
includes
respective probabilities of plural risk levels.
140. The memory of claim 139, wherein calculating the risk information of the
current link
node according to the risk information of the current page and the risk
information of the
link node before the current link node on the link comprises:
with respect to each of the risk levels, calculating in accordance with a
preset
calculation formula to obtain probability of the risk level of the current
link node
according to the probability of the risk level of the current page and the
probability of
the risk level of previous link node;
wherein the preset calculation formula is:
Mi' = Ni * a + Mi * (1 ¨ a);
where Ni is probability of risk level i of the current page, Mi is probability
of risk
level i of the previous link node, Mi' is probability of risk level i of the
current link
node, a is a coefficient, and 0< a < 0.5.
141. The memory of claim 140, wherein identifying whether the user is the risk
user according
to the risk information of all link nodes including the current link node on
the link
comprises:
with respect to each link node in all the link nodes, determining the risk
level with
highest probability from probabilities of the risk levels of the link node;
determining the risk level with the highest probability as ultimate risk level
of the
link node;
counting number of occurrences of the ultimate risk levels of all the link
nodes;
determining the ultimate risk level whose number of occurrences satisfies a
preset
condition as the risk level of the user;
judging whether the risk level of the user is in a preset level range; and
48
Date re we/Date received 2024-02-14
determining whether the user is a normal user or the risk user according to a
judging
result.
142. The memory of claim 136, further comprising:
making identity authentication on the user or performing a corresponding
restriction
operation on the user.
143. The memory of any one of claims 136 to 142, wherein the client end
includes a shopping
client end, a loan-borrowing client end.
144. The memory of any one of claims 136 to 143, wherein a data collecting
tool is
preconfigured on the client end, wherein the data collecting tool collects
behavior data
produced by the user on the current page of the client end, to upload the
behavior data to
a server.
145. The memory of any one of claims 136 to 144, wherein an application (APP)
client end, a
software development kit (SDK) collecting tool is preconfigured at the APP
client end,
and the behavior data produced when the user operates on a page of the APP
client end is
collected via an SDK collecting interface.
146. The memory of any one of claims 136 to 145, wherein a hypertext markup
language
(HTML) end or an applet end, a JavaScript. collecting tool id preconfigured,
and user
behavior data is collected from a webpage or the applet end through a
JavaScriptim
collecting interface.
147. The memory of any one of claims 136 to 146, wherein the user makes
operations on the
client end, including making a registration operation on a registration page,
making a
login operation on a login page, wherein corresponding behavior data is
generated with
respect to these operations, and wherein the behavior data includes clicking
behavior
data, including position coordinates and time durations of clicks, and sliding
the behavior
data, including sliding distance, acceleration, and angle.
49
Date recue/Date received 2024-02-14
148. The memory of any one of claims 136 to 147, wherein the behavior data
includes
terminal equipment information, including equipment gyroscope data, equipment
acceleration data, and screen temperature.
149. The memory of any one of claims 136 to 148, wherein the server receives
the behavior
data produced by the user on the current page of the APP client end as
collected by SDK,
and/or receives the behavior data produced by the user on the current page of
the HTML
end or the applet end as collected by JavaScriptTM.
150. The memory of any one of claims 136 to 149, wherein the SDK collecting
interface and
the JavaScriptrm collecting interface support continuous collection, and
realizes the
collection of the user behavior data without interfering with business system.
151. The memory of any one of claims 136 to 150, wherein the at least one
behavior feature is
obtained from the at least one behavior data.
152. The memory of any one of claims 136 to 151, wherein the server performs
statistical
analysis includes plural pieces of the behavior data as coordinate position of
a clicked
page, the time duration of the clicked page, the sliding distance, the sliding
acceleration,
sliding angle, the equipment gyroscope data, the equipment acceleration data,
and the
screen temperature, and
153. The memory of any one of claims 136 to 152, wherein the server calculates
to obtain
plural behavior features including page clicking frequency, fluctuation in
page clicking
time durations, fluctuation in the sliding distances, interval of sliding
accelerations,
interval of the sliding angles, equipment motion information, screen
temperature change
information.
Date recue/Date received 2024-02-14
154. The memory of any one of claims 136 to 153, wherein performing analytical
comparison
on the various behavior features with a corresponding preset normal range
through the
rule engine to obtain deviation degrees wherein the deviation degrees are
degrees where
the behavior features exceed the corresponding preset normal range, of the
various
behavior features, determines deviation degree interval ranges in which the
deviation
degrees of the various behavior features locate, and determines the risk
levels of the
various behavior features according to correspondence relations between preset
deviation
degree interval ranges and the risk levels.
155. The memory of any one of claims 136 to 154, wherein the risk levels are
classified as no
risk, low risk, medium risk and high risk, wherein higher the deviation degree
is, the
higher is the risk level.
156. The memory of any one of claims 136 to 155, wherein the risk information
of the current
page includes the risk levels, and the highest risk level is directly
determined as the risk
level of the current page.
157. The memory of any one of claims 136 to 156, wherein each behavior of the
user is taken
as a node, and a series of nodes is chronologically linked together according
to order of
times user behavior occurred, wherein the link is formed in form of an event
flow,
wherein the link records a behavior track of current operation of the user.
158. The memory of any one of claims 136 to 157, wherein plural links are
formed for one
user, wherein one link corresponds to the behavior track of one operation of
the user, and
different behavior tracks at each operation of the user, and orders of all
link nodes
possessed by each link is different.
159. The memory of any one of claims 136 to 158, wherein plural different risk
levels are
classified in advance, including no risk, low risk, medium risk and high risk.
160. The memory of any one of claims 136 to 159, wherein the risk level of the
current link
node is determined, there is a 100% probability for the current link node to
have this risk
level, and the probability for the current link node to have any other risk
level is 0.
51
Date recue/Date received 2024-02-14
161. The memory of any one of claims 136 to 160, wherein a is 0.2.
162. The memory of any one of claims 136 to 161, wherein the risk level of the
user is in the
preset level range, it is determined the user is the risk user, and the user
is marked with a
corresponding risk level label;
163. The memory of any one of claims 136 to 162, wherein the risk level of the
user is not in
the preset level range, the user is the normal user.
164. The memory of any one of claims 136 to 163, wherein the preset level
range is set as
practically required.
165. The memory of any one of claims 136 to 164, wherein the preset level
range is set as
medium risk and high risk.
166. The memory of any one of claims 136 to 165, wherein the restriction
operation includes
disabling key functions on the page, wherein the key functions include
checking,
inputting and submitting.
167. The memory of any one of claims 136 to 166, wherein the at least one
behavior data
includes coordinate position of the clicked page, the time duration of the
clicked page,
sliding distance, the sliding acceleration, the sliding angle, the equipment
gyroscope data,
the equipment acceleration data, and the screen temperature.
168. A device comprising:
a judging module, configured to judge whether a current link node to which a
current
page corresponds is a head node of a link, wherein link nodes to which at
least one
page corresponds chronologically form a link-,
a recording module, configured to record, when the judging module judges
positive,
risk information of the current page as the risk information of the current
link node;
52
Date recue/Date received 2024-02-14
a calculating module, configured to calculate, when the judging module judges
negative, the risk information of the current link node according to the risk
information of the current page and the risk information of a link node
previous to
the current link node on the link; and
an identifying module, configured to identify whether a user is a risk user
according
to the risk information of all link nodes including the current link node on
the link.
169. The device of claim 168, further comprising:
an obtaining module, configured to obtain at least one behavior data produced
by the
user on the current page of a client end;
an analyzing module, configured to:
analyze the at least one behavior data; and
obtain the risk information of the current page.
170. The device of claim 169, wherein the analyzing module is further
configured to:
obtain at least one behavior feature from the at least one behavior data;
input various behavior features as obtained into a rule engine is performed
with rule
evaluation;
obtain risk levels of the various behavior features; and
determine the risk information of the current page according to the risk
levels of the
various behavior features.
171. The device of claim 170, wherein the analyzing module is further
configured to:
determine highest risk level from the risk levels of the various behavior
features; and
determine the risk information of the current page according to the highest
risk level.
53
Date recue/Date received 2024-02-14
172. The device of any one of claims 169 to 171, wherein the risk information
includes
respective probabilities of plural risk levels.
173. The device of claim 172, wherein the calculating module is further
configured to:
with respect to each of the risk levels, calculate in accordance with a preset
calculation formula to obtain probability of the risk level of the current
link node
according to the probability of the risk level of the current page and the
probability of
the risk level of previous link node;
wherein the preset calculation formula is:
Iv1;' = N; * a + M; * (1 ¨ a);
where Ni is probability of risk level i of the current page, Mi is probability
of risk
level i of the previous link node, M1' is probability of risk level i of the
current link
node, a is a coefficient, and 0< a < O.S.
174. The device of claim 173, wherein the identifying module is further
configured to:
with respect to each link node in all the link nodes, determine the risk level
with
highest probability from probabilities of the risk levels of the link node;
determine the risk level with the highest probability as ultimate risk level
of the link
node;
count number of occurrences of the ultimate risk levels of all the link nodes;
determine the ultimate risk level whose number of occurrences satisfies a
preset
condition as the risk level of the user;
judge whether the risk level of the user is in a preset level range; and
determine whether the user is a normal user or the risk user according to a
judging
result.
54
Date recue/Date received 2024-02-14
175. The device of claim 169, further comprises a risk processing module
configured to make
identity authentication on the user or perform a corresponding restriction
operation on the
user.
176. The device of any one of claims 168 to 175, wherein the client end is
installed in any
electronic equipment having a processor and a memory.
177. The device of any one of claims 168 to 176, wherein the client end
includes a shopping
client end, a loan-borrowing client end.
178. The device of any one of claims 168 to 177, wherein the electronic
equipment includes
personal computers, notebook computers, smart mobile phones, panel computers,
and
portable wearable devices.
179. The device of any one of claims 168 to 178, wherein a data collecting
tool is
preconfigured on the client end, wherein the data collecting tool collects
behavior data
produced by the user on the current page of the client end, to upload the
behavior data to
a server.
180. The device of any one of claims 168 to 179, wherein an application (APP)
client end, a
software development kit (SDK) collecting tool is preconfigured at the APP
client end,
and the behavior data produced when the user operates on a page of the APP
client end is
collected via an SDK collecting interface.
181. The device of any one of claims 168 to 180, wherein a hypertext markup
language
(HTML) end or an applet end, a JavaScriptrm collecting tool id preconfigured,
and user
behavior data is collected from a webpage or the applet end through a
JavaScriptrm
collecting interface.
Date recue/Date received 2024-02-14
182. The device of any one of claims 168 to 181, wherein the user makes
operations on the
client end, including making a registration operation on a registration page,
making a
login operation on a login page, wherein corresponding behavior data is
generated with
respect to these operations, and wherein the behavior data includes clicking
behavior
data, including position coordinates and time durations of clicks, and sliding
the behavior
data, including sliding distance, acceleration, and angle.
183. The device of any one of claims 168 to 182, wherein the behavior data
includes terminal
equipment information, including equipment gyroscope data, equipment
acceleration
data, and screen temperature.
184. The device of any one of claims 168 to 183, wherein the server receives
the behavior data
produced by the user on the current page of the APP client end as collected by
SDK,
and/or receives the behavior data produced by the user on the current page of
the HTML
end or the applet end as collected by JavaScriptTM.
185. The device of any one of claims 168 to 184, wherein the SDK collecting
interface and the
JavaScriptrm collecting interface support continuous collection, and realizes
the
collection of the user behavior data without interfering with business system.
186. The device of any one of claims 168 to 185, wherein the at least one
behavior feature is
obtained from the at least one behavior data.
187. The device of any one of claims 168 to 186, wherein the server performs
statistical
analysis includes plural pieces of the behavior data as coordinate position of
a clicked
page, the time duration of the clicked page, the sliding distance, the sliding
acceleration,
sliding angle, the equipment gyroscope data, the equipment acceleration data,
and the
screen temperature, and
188. The device of any one of claims 168 to 187, wherein the server calculates
to obtain plural
behavior features including page clicking frequency, fluctuation in page
clicking time
durations, fluctuation in the sliding distances, interval of sliding
accelerations, interval of
the sliding angles, equipment motion information, screen temperature change
information.
56
Date recue/Date received 2024-02-14
189. The device of any one of claims 168 to 188, wherein performing analytical
comparison
on the various behavior features with a corresponding preset normal range
through the
rule engine to obtain deviation degrees wherein the deviation degrees are
degrees where
the behavior features exceed the corresponding preset normal range, of the
various
behavior features, determines deviation degree interval ranges in which the
deviation
degrees of the various behavior features locate, and determines the risk
levels of the
various behavior features according to correspondence relations between preset
deviation
degree interval ranges and the risk levels.
190. The device of any one of claims 168 to 189, wherein the risk levels are
classified as no
risk, low risk, medium risk and high risk, wherein higher the deviation degree
is, the
higher is the risk level.
191. The device of any one of claims 168 to 190, wherein the risk information
of the current
page includes the risk levels, and the highest risk level is directly
determined as the risk
level of the current page.
192. The device of any one of claims 168 to 191, wherein each behavior of the
user is taken as
a node, and a series of nodes is chronologically linked together according to
order of
times user behavior occurred, wherein the link is formed in form of an event
flow,
wherein the link records a behavior track of current operation of the user.
193. The device of any one of claims 168 to 192, wherein plural links are
formed for one user,
wherein one link corresponds to the behavior track of one operation of the
user, and
different behavior tracks at each operation of the user, and orders of all
link nodes
possessed by each link is different.
194. The device of any one of claims 168 to 193, wherein plural different risk
levels are
classified in advance, including no risk, low risk, medium risk and high risk.
195. The device of any one of claims 168 to 194, wherein the risk level of the
current link
node is determined, there is a 100% probability for the current link node to
have this risk
level, and the probability for the current link node to have any other risk
level is 0.
57
Date recue/Date received 2024-02-14
196. The device of any one of claims 168 to 195, wherein a is 0.2.
197. The device of any one of claims 168 to 196, wherein the risk level of the
user is in the
preset level range, it is determined the user is the risk user, and the user
is marked with a
corresponding risk level label;
198. The device of any one of claims 168 to 197, wherein the risk level of the
user is not in the
preset level range, the user is the normal user.
199. The device of any one of claims 168 to 198, wherein the preset level
range is set as
practically required.
200. The device of any one of claims 168 to 199, wherein the preset level
range is set as
medium risk and high risk.
201. The device of any one of claims 168 to 200, wherein the restriction
operation includes
disabling key functions on the page, wherein the key functions include
checking,
inputting and submitting.
202. The device of any one of claims 168 to 201, wherein the at least one
behavior data
includes coordinate position of the clicked page, the time duration of the
clicked page,
sliding distance, the sliding acceleration, the sliding angle, the equipment
gyroscope data,
the equipment acceleration data, and the screen temperature.
203. A system comprising:
a judging module, configured to judge whether a current link node to which a
current
page corresponds is a head node of a link, wherein link nodes to which at
least one
page corresponds chronologically form a link-,
a recording module, configured to record, when the judging module judges
positive,
risk information of the current page as the risk information of the current
link node;
58
Date recue/Date received 2024-02-14
a calculating module, configured to calculate, when the judging module judges
negative, the risk information of the current link node according to the risk
information of the current page and the risk information of a link node
previous to
the current link node on the link; and
an identifying module, configured to identify whether a user is a risk user
according
to the risk information of all link nodes including the current link node on
the link.
204. The system of claim 203, further comprising:
an obtaining module, configured to obtain at least one behavior data produced
by the
user on the current page of a client end;
an analyzing module, configured to:
analyze the at least one behavior data; and
obtain the risk information of the current page.
205. The system of claim 204, wherein the analyzing module is further
configured to:
obtain at least one behavior feature from the at least one behavior data;
input various behavior features as obtained into a rule engine is performed
with rule
evaluation;
obtain risk levels of the various behavior features; and
determine the risk information of the current page according to the risk
levels of the
various behavior features.
206. The system of claim 205, wherein the analyzing module is further
configured to:
determine highest risk level from the risk levels of the various behavior
features; and
determine the risk information of the current page according to the highest
risk level.
59
Date recue/Date received 2024-02-14
207. The system of any one of claims 204 to 206, wherein the risk information
includes
respective probabilities of plural risk levels.
208. The system of claim 207, wherein the calculating module is further
configured to:
with respect to each of the risk levels, calculate in accordance with a preset
calculation formula to obtain probability of the risk level of the current
link node
according to the probability of the risk level of the current page and the
probability of
the risk level of previous link node;
wherein the preset calculation formula is:
= N; * a + M; * (1 ¨ a);
where Ni is probability of risk level i of the current page, Mi is probability
of risk
level i of the previous link node, M1' is probability of risk level i of the
current link
node, a is a coefficient, and 0< a < 0.5.
209. The system of claim 208, wherein the identifying module is further
configured to:
with respect to each link node in all the link nodes, determine the risk level
with
highest probability from probabilities of the risk levels of the link node;
determine the risk level with the highest probability as ultimate risk level
of the link
node;
count number of occurrences of the ultimate risk levels of all the link nodes;
determine the ultimate risk level whose number of occurrences satisfies a
preset
condition as the risk level of the user;
judge whether the risk level of the user is in a preset level range; and
determine whether the user is a normal user or the risk user according to a
judging
result.
Date recue/Date received 2024-02-14
210. The system of claim 204, further comprises a risk processing module
configured to make
identity authentication on the user or perform a corresponding restriction
operation on the
user.
211. The system of any one of claims 203 to 210, wherein the client end is
installed in any
electronic equipment having a processor and a memory.
212. The system of any one of claims 203 to 211, wherein the client end
includes a shopping
client end, a loan-borrowing client end.
213. The system of any one of claims 203 to 212, wherein the electronic
equipment includes
personal computers, notebook computers, smart mobile phones, panel computers,
and
portable wearable devices.
214. The system of any one of claims 203 to 213, wherein a data collecting
tool is
preconfigured on the client end, wherein the data collecting tool collects
behavior data
produced by the user on the current page of the client end, to upload the
behavior data to
a server.
215. The system of any one of claims 203 to 214, wherein an application (APP)
client end, a
software development kit (SDK) collecting tool is preconfigured at the APP
client end,
and the behavior data produced when the user operates on a page of the APP
client end is
collected via an SDK collecting interface.
216. The system of any one of claims 203 to 215, wherein a hypertext markup
language
(HTML) end or an applet end, a JavaScriptrm collecting tool id preconfigured,
and user
behavior data is collected from a webpage or the applet end through a
JavaScriptrm
collecting interface.
61
Date recue/Date received 2024-02-14
217. The system of any one of claims 203 to 216, wherein the user makes
operations on the
client end, including making a registration operation on a registration page,
making a
login operation on a login page, wherein corresponding behavior data is
generated with
respect to these operations, and wherein the behavior data includes clicking
behavior
data, including position coordinates and time durations of clicks, and sliding
the behavior
data, including sliding distance, acceleration, and angle.
218. The system of any one of claims 203 to 217, wherein the behavior data
includes terminal
equipment information, including equipment gyroscope data, equipment
acceleration
data, and screen temperature.
219. The system of any one of claims 203 to 218, wherein the server receives
the behavior
data produced by the user on the current page of the APP client end as
collected by SDK,
and/or receives the behavior data produced by the user on the current page of
the HTML
end or the applet end as collected by JavaScriptTM.
220. The system of any one of claims 203 to 219, wherein the SDK collecting
interface and
the JavaScripem collecting interface support continuous collection, and
realizes the
collection of the user behavior data without interfering with business system.
221. The system of any one of claims 203 to 220, wherein the at least one
behavior feature is
obtained from the at least one behavior data.
222. The system of any one of claims 203 to 221, wherein the server performs
statistical
analysis includes plural pieces of the behavior data as coordinate position of
a clicked
page, the time duration of the clicked page, the sliding distance, the sliding
acceleration,
sliding angle, the equipment gyroscope data, the equipment acceleration data,
and the
screen temperature, and
223. The system of any one of claims 203 to 222, wherein the server calculates
to obtain plural
behavior features including page clicking frequency, fluctuation in page
clicking time
durations, fluctuation in the sliding distances, interval of sliding
accelerations, interval of
the sliding angles, equipment motion information, screen temperature change
information.
62
Date recue/Date received 2024-02-14
224. The system of any one of claims 203 to 223, wherein performing analytical
comparison
on the various behavior features with a corresponding preset normal range
through the
rule engine to obtain deviation degrees wherein the deviation degrees are
degrees where
the behavior features exceed the corresponding preset normal range, of the
various
behavior features, determines deviation degree interval ranges in which the
deviation
degrees of the various behavior features locate, and determines the risk
levels of the
various behavior features according to correspondence relations between preset
deviation
degree interval ranges and the risk levels.
225. The system of any one of claims 203 to 224, wherein the risk levels are
classified as no
risk, low risk, medium risk and high risk, wherein higher the deviation degree
is, the
higher is the risk level.
226. The system of any one of claims 203 to 225, wherein the risk information
of the current
page includes the risk levels, and the highest risk level is directly
determined as the risk
level of the current page.
227. The system of any one of claims 203 to 226, wherein each behavior of the
user is taken as
a node, and a series of nodes is chronologically linked together according to
order of
times user behavior occurred, wherein the link is formed in form of an event
flow,
wherein the link records a behavior track of current operation of the user.
228. The system of any one of claims 203 to 227, wherein plural links are
formed for one user,
wherein one link corresponds to the behavior track of one operation of the
user, and
different behavior tracks at each operation of the user, and orders of all
link nodes
possessed by each link is different.
229. The system of any one of claims 203 to 228, wherein plural different risk
levels are
classified in advance, including no risk, low risk, medium risk and high risk.
230. The system of any one of claims 203 to 229, wherein the risk level of the
current link
node is determined, there is a 100% probability for the current link node to
have this risk
level, and the probability for the current link node to have any other risk
level is 0.
63
Date recue/Date received 2024-02-14
231. The system of any one of claims 203 to 230, wherein a is 0.2.
232. The system of any one of claims 203 to 231, wherein the risk level of the
user is in the
preset level range, it is determined the user is the risk user, and the user
is marked with a
corresponding risk level label;
233. The system of any one of claims 203 to 232, wherein the risk level of the
user is not in
the preset level range, the user is the normal user.
234. The system of any one of claims 203 to 233, wherein the preset level
range is set as
practically required.
235. The system of any one of claims 203 to 234, wherein the preset level
range is set as
medium risk and high risk.
236. The system of any one of claims 203 to 235, wherein the restriction
operation includes
disabling key functions on the page, wherein the key functions include
checking,
inputting and submitting.
237. The system of any one of claims 203 to 236, wherein the at least one
behavior data
includes coordinate position of the clicked page, the time duration of the
clicked page,
sliding distance, the sliding acceleration, the sliding angle, the equipment
gyroscope data,
the equipment acceleration data, and the screen temperature.
238. A method comprising:
judging whether a current link node with a current page corresponds is a head
node
of a link, wherein link nodes to which at least one page corresponds to
chronologically form a link;
wherein yes, recording risk information of the current page as the risk
information of
the current link node;
64
Date recue/Date received 2024-02-14
wherein not, calculating the risk information of the current link node
according to the
risk information of the current page and the risk information of a link node
before the
current link node on the link; and
identifying whether a user is a risk user according to the risk information of
all link
nodes including the current link node on the link.
239. The method of claim 238, further comprises:
obtaining at least one behavior data produced by the user on the current page
of a
client end;
analyzing the at least one behavior data; and
obtaining the risk information of the current page.
240. The method of claim 239, wherein analyzing the at least one behavior
data, and obtaining
the risk information of the current page comprises:
obtaining at least one behavior feature from the at least one behavior data;
inputting various behavior features as obtained into a rule engine performed
with rule
evaluation;
obtaining risk levels of the various behavior features; and
determining the risk information of the current page according to the risk
levels of
the various behavior features.
241. The method of claim 240, wherein determining the risk information of the
current page
according to the risk levels of the various behavior features comprises:
determining highest risk level from the risk levels of the various behavior
features;
and
determining the risk information of the current page according to the highest
risk
level.
Date recue/Date received 2024-02-14
242. The method of any one of claims 239 to 241, wherein the risk information
includes
respective probabilities of plural risk levels.
243. The method of claim 242, wherein calculating the risk information of the
current link
node according to the risk information of the current page and the risk
information of the
link node before the current link node on the link comprises:
with respect to each of the risk levels, calculating in accordance with a
preset
calculation formula to obtain probability of the risk level of the current
link node
according to the probability of the risk level of the current page and the
probability of
the risk level of previous link node;
wherein the preset calculation formula is:
Mi' = Ni * a + Mi * (1 ¨ a);
where Ni is probability of risk level i of the current page, Mi is probability
of risk
level i of the previous link node, Mi' is probability of risk level i of the
current link
node, a is a coefficient, and 0< a < 0.5.
244. The method of claim 243, wherein identifying whether the user is the risk
user according
to the risk information of all link nodes including the current link node on
the link
comprises:
with respect to each link node in all the link nodes, determining the risk
level with
highest probability from probabilities of the risk levels of the link node;
determining the risk level with the highest probability as ultimate risk level
of the
link node;
counting number of occurrences of the ultimate risk levels of all the link
nodes;
determining the ultimate risk level whose number of occurrences satisfies a
preset
condition as the risk level of the user;
judging whether the risk level of the user is in a preset level range; and
66
Date re we/Date received 2024-02-14
determining whether the user is a normal user or the risk user according to a
judging
result.
245. The method of claim 239, further comprising:
making identity authentication on the user or performing a corresponding
restriction
operation on the user.
246. The method of any one of claims 238 to 245, wherein the client end is
installed in any
electronic equipment having a processor and a memory.
247. The method of any one of claims 238 to 246, wherein the client end
includes a shopping
client end, a loan-borrowing client end.
248. The method of any one of claims 238 to 247, wherein the electronic
equipment includes
personal computers, notebook computers, smart mobile phones, panel computers,
and
portable wearable devices.
249. The method of any one of claims 238 to 248, wherein a data collecting
tool is
preconfigured on the client end, wherein the data collecting tool collects
behavior data
produced by the user on the current page of the client end, to upload the
behavior data to
a server.
250. The method of any one of claims 238 to 249, wherein an application (APP)
client end, a
software development kit (SDK) collecting tool is preconfigured at the APP
client end,
and the behavior data produced when the user operates on a page of the APP
client end is
collected via an SDK collecting interface.
251. The method of any one of claims 238 to 250, wherein a hypertext markup
language
(HTML) end or an applet end, a JavaScriptTm collecting tool id preconfigured,
and user
behavior data is collected from a webpage or the applet end through a
JavaScriptrm
collecting interface.
67
Date recue/Date received 2024-02-14
252. The method of any one of claims 238 to 251, wherein the user makes
operations on the
client end, including making a registration operation on a registration page,
making a
login operation on a login page, wherein corresponding behavior data is
generated with
respect to these operations, and wherein the behavior data includes clicking
behavior
data, including position coordinates and time durations of clicks, and sliding
the behavior
data, including sliding distance, acceleration, and angle.
253. The method of any one of claims 238 to 252, wherein the behavior data
includes terminal
equipment information, including equipment gyroscope data, equipment
acceleration
data, and screen temperature.
254. The method of any one of claims 238 to 253, wherein the server receives
the behavior
data produced by the user on the current page of the APP client end as
collected by SDK,
and/or receives the behavior data produced by the user on the current page of
the HTML
end or the applet end as collected by JavaScriptTM.
255. The method of any one of claims 238 to 254, wherein the SDK collecting
interface and
the JavaScripem collecting interface support continuous collection, and
realizes the
collection of the user behavior data without interfering with business system.
256. The method of any one of claims 238 to 255, wherein the at least one
behavior feature is
obtained from the at least one behavior data.
257. The method of any one of claims 238 to 256, wherein the server performs
statistical
analysis includes plural pieces of the behavior data as coordinate position of
a clicked
page, the time duration of the clicked page, the sliding distance, the sliding
acceleration,
sliding angle, the equipment gyroscope data, the equipment acceleration data,
and the
screen temperature, and
258. The method of any one of claims 238 to 257, wherein the server calculates
to obtain
plural behavior features including page clicking frequency, fluctuation in
page clicking
time durations, fluctuation in the sliding distances, interval of sliding
accelerations,
interval of the sliding angles, equipment motion information, screen
temperature change
information.
68
Date recue/Date received 2024-02-14
259. The method of any one of claims 238 to 258, wherein performing analytical
comparison
on the various behavior features with a corresponding preset normal range
through the
rule engine to obtain deviation degrees wherein the deviation degrees are
degrees where
the behavior features exceed the corresponding preset normal range, of the
various
behavior features, determines deviation degree interval ranges in which the
deviation
degrees of the various behavior features locate, and determines the risk
levels of the
various behavior features according to correspondence relations between preset
deviation
degree interval ranges and the risk levels.
260. The method of any one of claims 238 to 259, wherein the risk levels are
classified as no
risk, low risk, medium risk and high risk, wherein higher the deviation degree
is, the
higher is the risk level.
261. The method of any one of claims 238 to 260, wherein the risk information
of the current
page includes the risk levels, and the highest risk level is directly
determined as the risk
level of the current page.
262. The method of any one of claims 238 to 261, wherein each behavior of the
user is taken
as a node, and a series of nodes is chronologically linked together according
to order of
times user behavior occurred, wherein the link is formed in form of an event
flow,
wherein the link records a behavior track of current operation of the user.
263. The method of any one of claims 238 to 262, wherein plural links are
formed for one
user, wherein one link corresponds to the behavior track of one operation of
the user, and
different behavior tracks at each operation of the user, and orders of all
link nodes
possessed by each link is different.
264. The method of any one of claims 238 to 263, wherein plural different risk
levels are
classified in advance, including no risk, low risk, medium risk and high risk.
265. The method of any one of claims 238 to 264, wherein the risk level of the
current link
node is determined, there is a 100% probability for the current link node to
have this risk
level, and the probability for the current link node to have any other risk
level is 0.
69
Date recue/Date received 2024-02-14
266. The method of any one of claims 238 to 265, wherein a is 0.2.
267. The method of any one of claims 238 to 266, wherein the risk level of the
user is in the
preset level range, it is determined the user is the risk user, and the user
is marked with a
corresponding risk level label;
268. The method of any one of claims 238 to 267, wherein the risk level of the
user is not in
the preset level range, the user is the normal user.
269. The method of any one of claims 238 to 268, wherein the preset level
range is set as
practically required.
270. The method of any one of claims 238 to 269, wherein the preset level
range is set as
medium risk and high risk.
271. The method of any one of claims 238 to 270, wherein the restriction
operation includes
disabling key functions on the page, wherein the key functions include
checking,
inputting and submitting.
272. The method of any one of claims 238 to 271, wherein the at least one
behavior data
includes coordinate position of the clicked page, the time duration of the
clicked page,
sliding distance, the sliding acceleration, the sliding angle, the equipment
gyroscope data,
the equipment acceleration data, and the screen temperature.
273. A computer equipment comprising:
one or more processor(s);
a memory; and
a program, stored in the memory, executed by the one or more processor(s)
configured to:
judge whether a current link node with a current page corresponds is a
head node of a link, wherein link nodes to which at least one page
corresponds to chronologically form a link;
Date recue/Date received 2024-02-14
wherein yes, record risk information of the current page as the risk
information of the current link node;
wherein not, calculate the risk information of the current link node
according to the risk information of the current page and the risk
information of a link node before the current link node on the link; and
identify whether a user is a risk user according to the risk information of
all link nodes including the current link node on the link.
274. The equipment of claim 273, further comprises:
obtaining at least one behavior data produced by the user on the current page
of a
client end;
analyzing the at least one behavior data; and
obtaining the risk information of the current page.
275. The equipment of claim 274, wherein analyzing the at least one behavior
data, and
obtaining the risk information of the current page comprises:
obtaining at least one behavior feature from the at least one behavior data;
inputting various behavior features as obtained into a rule engine performed
with rule
evaluation;
obtaining risk levels of the various behavior features; and
determining the risk information of the current page according to the risk
levels of
the various behavior features.
276. The equipment of claim 275, wherein determining the risk information of
the current
page according to the risk levels of the various behavior features comprises:
determining highest risk level from the risk levels of the various behavior
features;
and
71
Date recue/Date received 2024-02-14
determining the risk information of the current page according to the highest
risk
level.
277. The equipment of any one of claims 274 to 276, wherein the risk
information includes
respective probabilities of plural risk levels.
278. The equipment of claim 277, wherein calculating the risk information of
the current link
node according to the risk information of the current page and the risk
information of the
link node before the current link node on the link comprises:
with respect to each of the risk levels, calculating in accordance with a
preset
calculation formula to obtain probability of the risk level of the current
link node
according to the probability of the risk level of the current page and the
probability of
the risk level of previous link node;
wherein the preset calculation formula is:
Mi' = Ni * a + Mi * (1 ¨ a);
where Ni is probability of risk level i of the current page, Mi is probability
of risk
level i of the previous link node, Mi' is probability of risk level i of the
current link
node, a is a coefficient, and 0< a < 0.5.
279. The equipment of claim 278, wherein identifying whether the user is the
risk user
according to the risk information of all link nodes including the current link
node on the
link comprises:
with respect to each link node in all the link nodes, determining the risk
level with
highest probability from probabilities of the risk levels of the link node;
determining the risk level with the highest probability as ultimate risk level
of the
link node;
counting number of occurrences of the ultimate risk levels of all the link
nodes;
72
Date re we/Date received 2024-02-14
determining the ultimate risk level whose number of occurrences satisfies a
preset
condition as the risk level of the user;
judging whether the risk level of the user is in a preset level range; and
determining whether the user is a normal user or the risk user according to a
judging
result.
280. The equipment of claim 274, further comprising:
making identity authentication on the user or performing a corresponding
restriction
operation on the user.
281. The equipment of any one of claims 273 to 280, wherein the client end
includes a
shopping client end, a loan-borrowing client end.
282. The equipment of any one of claims 273 to 281, includes personal
computers, notebook
computers, smart mobile phones, panel computers, and portable wearable
devices.
283. The equipment of any one of claims 273 to 282, wherein a data collecting
tool is
preconfigured on the client end, wherein the data collecting tool collects
behavior data
produced by the user on the current page of the client end, to upload the
behavior data to
a server.
284. The equipment of any one of claims 273 to 283, wherein an application
(APP) client end,
a software development kit (SDK) collecting tool is preconfigured at the APP
client end,
and the behavior data produced when the user operates on a page of the APP
client end is
collected via an SDK collecting interface.
285. The equipment of any one of claims 273 to 284, wherein a hypertext markup
language
(HTML) end or an applet end, a JavaScriptTm collecting tool id preconfigured,
and user
behavior data is collected from a webpage or the applet end through a
JavaScript'
collecting interface.
73
Date recue/Date received 2024-02-14
286. The equipment of any one of claims 273 to 285, wherein the user makes
operations on the
client end, including making a registration operation on a registration page,
making a
login operation on a login page, wherein corresponding behavior data is
generated with
respect to these operations, and wherein the behavior data includes clicking
behavior
data, including position coordinates and time durations of clicks, and sliding
the behavior
data, including sliding distance, acceleration, and angle.
287. The equipment of any one of claims 273 to 286, wherein the behavior data
includes
terminal equipment information, including equipment gyroscope data, equipment
acceleration data, and screen temperature.
288. The equipment of any one of claims 273 to 287, wherein the server
receives the behavior
data produced by the user on the current page of the APP client end as
collected by SDK,
and/or receives the behavior data produced by the user on the current page of
the HTML
end or the applet end as collected by JavaScriptTM.
289. The equipment of any one of claims 273 to 288, wherein the SDK collecting
interface and
the JavaScripem collecting interface support continuous collection, and
realizes the
collection of the user behavior data without interfering with business system.
290. The equipment of any one of claims 273 to 289, wherein the at least one
behavior feature
is obtained from the at least one behavior data.
291. The equipment of any one of claims 273 to 290, wherein the server
performs statistical
analysis includes plural pieces of the behavior data as coordinate position of
a clicked
page, the time duration of the clicked page, the sliding distance, the sliding
acceleration,
sliding angle, the equipment gyroscope data, the equipment acceleration data,
and the
screen temperature, and
292. The equipment of any one of claims 273 to 291, wherein the server
calculates to obtain
plural behavior features including page clicking frequency, fluctuation in
page clicking
time durations, fluctuation in the sliding distances, interval of sliding
accelerations,
interval of the sliding angles, equipment motion information, screen
temperature change
information.
74
Date recue/Date received 2024-02-14
293. The equipment of any one of claims 273 to 292, wherein performing
analytical
comparison on the various behavior features with a corresponding preset normal
range
through the rule engine to obtain deviation degrees wherein the deviation
degrees are
degrees where the behavior features exceed the corresponding preset normal
range, of the
various behavior features, determines deviation degree interval ranges in
which the
deviation degrees of the various behavior features locate, and determines the
risk levels of
the various behavior features according to correspondence relations between
preset
deviation degree interval ranges and the risk levels.
294. The equipment of any one of claims 273 to 293, wherein the risk levels
are classified as
no risk, low risk, medium risk and high risk, wherein higher the deviation
degree is, the
higher is the risk level.
295. The equipment of any one of claims 273 to 294, wherein the risk
information of the
current page includes the risk levels, and the highest risk level is directly
determined as
the risk level of the current page.
296. The equipment of any one of claims 273 to 295, wherein each behavior of
the user is
taken as a node, and a series of nodes is chronologically linked together
according to
order of times user behavior occurred, wherein the link is formed in form of
an event
flow, wherein the link records a behavior track of current operation of the
user.
297. The equipment of any one of claims 273 to 296, wherein plural links are
formed for one
user, wherein one link corresponds to the behavior track of one operation of
the user, and
different behavior tracks at each operation of the user, and orders of all
link nodes
possessed by each link is different.
298. The equipment of any one of claims 273 to 297, wherein plural different
risk levels are
classified in advance, including no risk, low risk, medium risk and high risk.
299. The equipment of any one of claims 273 to 298, wherein the risk level of
the current link
node is determined, there is a 100% probability for the current link node to
have this risk
level, and the probability for the current link node to have any other risk
level is O.
Date recue/Date received 2024-02-14
300. The equipment of any one of claims 273 to 299, wherein a is 0.2.
301. The equipment of any one of claims 273 to 300, wherein the risk level of
the user is in the
preset level range, it is determined the user is the risk user, and the user
is marked with a
corresponding risk level label;
302. The equipment of any one of claims 273 to 301, wherein the risk level of
the user is not
in the preset level range, the user is the normal user.
303. The equipment of any one of claims 273 to 302, wherein the preset level
range is set as
practically required.
304. The equipment of any one of claims 273 to 303, wherein the preset level
range is set as
medium risk and high risk.
305. The equipment of any one of claims 273 to 304, wherein the restriction
operation
includes disabling key functions on the page, wherein the key functions
include checking,
inputting and submitting.
306. The equipment of any one of claims 273 to 305, wherein the at least one
behavior data
includes coordinate position of the clicked page, the time duration of the
clicked page,
sliding distance, the sliding acceleration, the sliding angle, the equipment
gyroscope data,
the equipment acceleration data, and the screen temperature.
307. A computer readable physical memory having stored thereon a computer
program
executed by a computer configured to:
judge whether a current link node with a current page corresponds is a head
node of a
link, wherein link nodes to which at least one page corresponds to
chronologically
form a link;
wherein yes, record risk information of the current page as the risk
information of the
current link node;
76
Date recue/Date received 2024-02-14
wherein not, calculate the risk information of the current link node according
to the
risk information of the current page and the risk information of a link node
before the
current link node on the link; and
identify whether a user is a risk user according to the risk information of
all link
nodes including the current link node on the link.
308. The memory of claim 307, further comprises:
obtaining at least one behavior data produced by the user on the current page
of a
client end;
analyzing the at least one behavior data; and
obtaining the risk information of the current page.
309. The memory of claim 308, wherein analyzing the at least one behavior
data, and
obtaining the risk information of the current page comprises:
obtaining at least one behavior feature from the at least one behavior data;
inputting various behavior features as obtained into a rule engine performed
with rule
evaluation;
obtaining risk levels of the various behavior features; and
determining the risk information of the current page according to the risk
levels of
the various behavior features.
310. The memory of claim 309, wherein determining the risk information of the
current page
according to the risk levels of the various behavior features comprises:
determining highest risk level from the risk levels of the various behavior
features;
and
determining the risk information of the current page according to the highest
risk
level.
77
Date recue/Date received 2024-02-14
311. The memory of any one of claims 308 to 310, wherein the risk information
includes
respective probabilities of plural risk levels.
312. The memory of claim 311, wherein calculating the risk information of the
current link
node according to the risk information of the current page and the risk
information of the
link node before the current link node on the link comprises:
with respect to each of the risk levels, calculating in accordance with a
preset
calculation formula to obtain probability of the risk level of the current
link node
according to the probability of the risk level of the current page and the
probability of
the risk level of previous link node;
wherein the preset calculation formula is:
Mi' = Ni * a + Mi * (1 ¨ a);
where Ni is probability of risk level i of the current page, Mi is probability
of risk
level i of the previous link node, Mi' is probability of risk level i of the
current link
node, a is a coefficient, and 0< a < 0.5.
313. The memory of claim 312, wherein identifying whether the user is the risk
user according
to the risk information of all link nodes including the current link node on
the link
comprises:
with respect to each link node in all the link nodes, determining the risk
level with
highest probability from probabilities of the risk levels of the link node;
determining the risk level with the highest probability as ultimate risk level
of the
link node;
counting number of occurrences of the ultimate risk levels of all the link
nodes;
determining the ultimate risk level whose number of occurrences satisfies a
preset
condition as the risk level of the user;
judging whether the risk level of the user is in a preset level range; and
78
Date re we/Date received 2024-02-14
determining whether the user is a normal user or the risk user according to a
judging
result.
314. The memory of claim 308, further comprising:
making identity authentication on the user or performing a corresponding
restriction
operation on the user.
315. The memory of any one of claims 307 to 314, wherein the client end
includes a shopping
client end, a loan-borrowing client end.
316. The memory of any one of claims 307 to 315, wherein a data collecting
tool is
preconfigured on the client end, wherein the data collecting tool collects
behavior data
produced by the user on the current page of the client end, to upload the
behavior data to
a server.
317. The memory of any one of claims 307 to 316, wherein an application (APP)
client end, a
software development kit (SDK) collecting tool is preconfigured at the APP
client end,
and the behavior data produced when the user operates on a page of the APP
client end is
collected via an SDK collecting interface.
318. The memory of any one of claims 307 to 317, wherein a hypertext markup
language
(HTML) end or an applet end, a JavaScript. collecting tool id preconfigured,
and user
behavior data is collected from a webpage or the applet end through a
JavaScriptim
collecting interface.
319. The memory of any one of claims 307 to 318, wherein the user makes
operations on the
client end, including making a registration operation on a registration page,
making a
login operation on a login page, wherein corresponding behavior data is
generated with
respect to these operations, and wherein the behavior data includes clicking
behavior
data, including position coordinates and time durations of clicks, and sliding
the behavior
data, including sliding distance, acceleration, and angle.
79
Date recue/Date received 2024-02-14
320. The memory of any one of claims 307 to 319, wherein the behavior data
includes
terminal equipment information, including equipment gyroscope data, equipment
acceleration data, and screen temperature.
321. The memory of any one of claims 307 to 320, wherein the server receives
the behavior
data produced by the user on the current page of the APP client end as
collected by SDK,
and/or receives the behavior data produced by the user on the current page of
the HTML
end or the applet end as collected by JavaScriptTM.
322. The memory of any one of claims 307 to 321, wherein the SDK collecting
interface and
the JavaScriptrm collecting interface support continuous collection, and
realizes the
collection of the user behavior data without interfering with business system.
323. The memory of any one of claims 307 to 322, wherein the at least one
behavior feature is
obtained from the at least one behavior data.
324. The memory of any one of claims 307 to 323, wherein the server performs
statistical
analysis includes plural pieces of the behavior data as coordinate position of
a clicked
page, the time duration of the clicked page, the sliding distance, the sliding
acceleration,
sliding angle, the equipment gyroscope data, the equipment acceleration data,
and the
screen temperature, and
325. The memory of any one of claims 307 to 324, wherein the server calculates
to obtain
plural behavior features including page clicking frequency, fluctuation in
page clicking
time durations, fluctuation in the sliding distances, interval of sliding
accelerations,
interval of the sliding angles, equipment motion information, screen
temperature change
information.
Date recue/Date received 2024-02-14
326. The memory of any one of claims 307 to 325, wherein performing analytical
comparison
on the various behavior features with a corresponding preset normal range
through the
rule engine to obtain deviation degrees wherein the deviation degrees are
degrees where
the behavior features exceed the corresponding preset normal range, of the
various
behavior features, determines deviation degree interval ranges in which the
deviation
degrees of the various behavior features locate, and determines the risk
levels of the
various behavior features according to correspondence relations between preset
deviation
degree interval ranges and the risk levels.
327. The memory of any one of claims 307 to 326, wherein the risk levels are
classified as no
risk, low risk, medium risk and high risk, wherein higher the deviation degree
is, the
higher is the risk level.
328. The memory of any one of claims 307 to 327, wherein the risk information
of the current
page includes the risk levels, and the highest risk level is directly
determined as the risk
level of the current page.
329. The memory of any one of claims 307 to 328, wherein each behavior of the
user is taken
as a node, and a series of nodes is chronologically linked together according
to order of
times user behavior occurred, wherein the link is formed in form of an event
flow,
wherein the link records a behavior track of current operation of the user.
330. The memory of any one of claims 307 to 329, wherein plural links are
formed for one
user, wherein one link corresponds to the behavior track of one operation of
the user, and
different behavior tracks at each operation of the user, and orders of all
link nodes
possessed by each link is different.
331. The memory of any one of claims 307 to 330, wherein plural different risk
levels are
classified in advance, including no risk, low risk, medium risk and high risk.
332. The memory of any one of claims 307 to 331, wherein the risk level of the
current link
node is determined, there is a 100% probability for the current link node to
have this risk
level, and the probability for the current link node to have any other risk
level is 0.
81
Date recue/Date received 2024-02-14
333. The memory of any one of claims 307 to 332, wherein a is 0.2.
334. The memory of any one of claims 307 to 333, wherein the risk level of the
user is in the
preset level range, it is determined the user is the risk user, and the user
is marked with a
corresponding risk level label;
335. The memory of any one of claims 307 to 334, wherein the risk level of the
user is not in
the preset level range, the user is the normal user.
336. The memory of any one of claims 307 to 335, wherein the preset level
range is set as
practically required.
337. The memory of any one of claims 307 to 336, wherein the preset level
range is set as
medium risk and high risk.
338. The memory of any one of claims 307 to 337, wherein the restriction
operation includes
disabling key functions on the page, wherein the key functions include
checking,
inputting and submitting.
339. The memory of any one of claims 307 to 338, wherein the at least one
behavior data
includes coordinate position of the clicked page, the time duration of the
clicked page,
sliding distance, the sliding acceleration, the sliding angle, the equipment
gyroscope data,
the equipment acceleration data, and the screen temperature.
82
Date recue/Date received 2024-02-14
