CN106101092A

Movatterモバイル変換

Info

Publication number: CN106101092A
Application number: CN201610403355.4A
Authority: CN
Inventors: 郑博; 刘日佳; 刘志斌
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2016-06-07
Filing date: 2016-06-07
Publication date: 2016-11-09

Abstract

The invention discloses a kind of information evaluation processing method and first instance, wherein, described method includes: obtain first user credit evaluation request, and described first user credit evaluation request is for being estimated the legitimacy of first user request；Resolving described first user credit evaluation request, generate credit evaluation mark for first user, described credit evaluation mark is corresponding with subscriber identity information；Described credit evaluation mark is for characterizing the confidence level that the user behavior correspondence formed after first user sends access request or interaction request for different access object possesses；Send and comprise the credit evaluation mark of described subscriber identity information, to be identified user behavior is the most legal according to described credit evaluation mark, take different warning strategies according to recognition result for the user behavior of different access object.

Description

Information evaluation processing method and first entity

Technical Field

The present invention relates to communications technologies, and in particular, to an information evaluation method and a first entity.

Background

With the development of internet technology, information sharing is more convenient. In the process of sharing information in the internet, legal behaviors and illegal behaviors exist, and for information security, illegal behaviors need to be identified and an alarm function needs to be set. By adopting the prior art, the identification accuracy is not high for illegal behaviors, and the false alarm rate is set inaccurately due to the problem of misjudgment. If the false alarm rate is set to be too high, some illegal behaviors can be passed, and if the false alarm rate is set to be too low, a large number of legal behaviors can be mistakenly identified as illegal behaviors. The technical problem to be solved is to accurately identify the illegal action and set a suitable false alarm rate by taking the illegal action as a reference. However, there is no effective solution to this problem in the related art.

Disclosure of Invention

In view of the above, embodiments of the present invention provide an information evaluation processing method and a first entity, which at least solve the problems in the prior art.

The technical scheme of the embodiment of the invention is realized as follows:

the embodiment of the invention provides an information evaluation processing method, which comprises the following steps:

acquiring a first user credit evaluation request, wherein the first user credit evaluation request is used for evaluating the legality of a first user request;

analyzing the first user credit evaluation request, and generating a credit evaluation score for the first user, wherein the credit evaluation score corresponds to the user identity information;

the credit evaluation score is used for representing the credibility degree correspondingly possessed by the user behavior formed after the first user sends the access request or the interaction request aiming at different access objects;

and sending a credit evaluation score containing the user identity information to identify whether the user behavior is legal or not according to the credit evaluation score, and adopting different alarm strategies aiming at the user behaviors of different access objects according to the identification result.

The embodiment of the invention provides a first entity in an information evaluation processing system, wherein the first entity comprises:

the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a first user credit evaluation request which is used for evaluating the legality of the first user request;

the first analysis unit is used for analyzing the first user credit evaluation request and generating a credit evaluation score for the first user, wherein the credit evaluation score corresponds to the user identity information;

and the first sending unit is used for sending the credit evaluation score containing the user identity information so as to identify whether the user behavior is legal or not according to the credit evaluation score, and adopting different alarm strategies aiming at the user behaviors of different access objects according to the identification result.

The embodiment of the invention also provides an information evaluation processing method, which comprises the following steps:

a user behavior initiating end initiates an access request or an interaction request aiming at different access objects, and the access request or the interaction request is monitored by a second entity and then a first user credit evaluation request is sent;

a first entity acquires a first user credit evaluation request, wherein the first user credit evaluation request is used for evaluating the legality of a first user request;

the first entity analyzes the first user credit evaluation request and generates a credit evaluation score for the first user, wherein the credit evaluation score corresponds to the user identity information;

the first entity sends a credit evaluation score containing the user identity information to the second entity;

and the second entity identifies whether the user behavior is legal or not according to the credit evaluation score, and adopts different alarm strategies aiming at the user behaviors of different access objects according to the identification result.

The information evaluation processing method of the embodiment of the invention comprises the following steps: acquiring a first user credit evaluation request, wherein the first user credit evaluation request is used for evaluating the legality of a first user request; analyzing the first user credit evaluation request, and generating a credit evaluation score for the first user, wherein the credit evaluation score corresponds to the user identity information; the credit evaluation score is used for representing the credibility degree correspondingly possessed by the user behavior formed after the first user sends the access request or the interaction request aiming at different access objects; and sending a credit evaluation score containing the user identity information to identify whether the user behavior is legal or not according to the credit evaluation score, and adopting different alarm strategies aiming at the user behaviors of different access objects according to the identification result.

By adopting the embodiment of the invention, after acquiring the credit evaluation request of the first user, the first entity generates the credit evaluation score for the first user, wherein the credit evaluation score corresponds to the user identity information; the credit evaluation score is used for representing the credibility degree correspondingly possessed by the user behavior formed after the first user sends the access request or the interaction request aiming at different access objects. In the embodiment of the invention, the credit evaluation score is adopted to identify whether the user behavior is legal or not, rather than simply collecting and analyzing the user behavior and matching the user behavior characteristics to identify whether the user behavior is legal or not, so that the identification accuracy is high, the possibility of misjudgment is greatly reduced, and a suitable false alarm rate is set by taking the probability as a reference. Moreover, after the user behavior is identified according to the credit evaluation score, different alarm strategies can be adopted according to the identification result of the user behavior aiming at different access objects, so that the misoperation caused by the fact that the false alarm rate is set to be too low or too high is avoided, and if the legal behavior is used as the illegal behavior for shielding, the illegal behavior is released as the legal behavior.

Drawings

FIG. 1 is a diagram of hardware entities performing information interaction in an embodiment of the present invention;

FIG. 2 is a schematic flow chart of an implementation of the first embodiment of the present invention;

FIG. 3 is a diagram of a system architecture 1 to which embodiments of the present invention are applied;

FIG. 4 is a diagram of a system architecture 2 to which embodiments of the present invention are applied;

FIG. 5 is a block diagram of a second embodiment of the present invention;

FIG. 6 is a diagram illustrating a first physical hardware structure to which the embodiments of the present invention are applied;

FIG. 7 is a schematic flow chart of an implementation of a third embodiment of the present invention;

FIG. 8 is a flowchart of a method for implementing a scenario according to an embodiment of the present invention.

Detailed Description

The following describes the embodiments in further detail with reference to the accompanying drawings.

A mobile terminal implementing various embodiments of the present invention will now be described with reference to the accompanying drawings. In the following description, suffixes such as "module", "component", or "unit" used to denote elements are used only for facilitating the description of the embodiments of the present invention, and have no specific meaning in themselves. Thus, "module" and "component" may be used in a mixture.

In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known methods, procedures, components, circuits, and networks disclosed have not been described in detail as not to unnecessarily obscure aspects of the embodiments.

In addition, although the terms "first", "second", etc. are used herein several times to describe various elements (or various thresholds or various applications or various instructions or various operations), etc., these elements (or thresholds or applications or instructions or operations) should not be limited by these terms. These terms are only used to distinguish one element (or threshold or application or instruction or operation) from another element (or threshold or application or instruction or operation). For example, a first operation may be referred to as a second operation, and a second operation may be referred to as a first operation, without departing from the scope of the invention, the first operation and the second operation being operations, except that they are not the same operation.

The steps in the embodiment of the present invention are not necessarily processed according to the described step sequence, and may be optionally rearranged in a random manner, or steps in the embodiment may be deleted, or steps in the embodiment may be added according to requirements.

The term "and/or" in embodiments of the present invention refers to any and all possible combinations including one or more of the associated listed items. It is also to be noted that: when used in this specification, the term "comprises/comprising" specifies the presence of stated features, integers, steps, operations, elements and/or components but does not preclude the presence or addition of one or more other features, integers, steps, operations, elements and/or components and/or groups thereof.

Fig. 1 is a schematic diagram of hardware entities performing information interaction in an embodiment of the present invention, where fig. 1 includes: a server 11 (such as a server of a third-party financial assessment institution), terminal equipment 21-24, access objects 31-32 accessed by the terminal equipment, and network security control equipment 41-42. The terminal devices 21 to 24 perform information interaction with the server through a wired network or a wireless network, and the terminal devices include mobile phones, desktop computers, PCs, all-in-one machines and the like. There are various types of access objects accessed by the terminal devices 21-24, such as terminal payment channels represented by access object 31, shopping channels represented by access object 32, and so forth. The terminal devices 21 to 24 initiate access requests or interaction requests to access objects in the system architecture (the access object 31 and the access object 32 in this embodiment are only examples, and do not limit the protection scope of the embodiment of the present invention), the network security control devices 41 to 42 listen to the terminal devices initiating access requests or interaction requests to access objects in the system architecture, the server 11 (such as a server of a third-party financial evaluation institution) may evaluate the terminal devices 21 to 24 to obtain credit evaluation scores of the terminal devices 21 to 24, and finally, the network security control devices 41 to 42 may analyze the access requests or interaction requests initiated by the terminal devices 21 to 24 with respect to the access objects 31 and the access objects 32 according to the credit evaluation scores to identify whether user behaviors generated by the access requests or interaction requests are legal or not, and adopting different alarm strategies according to the user behaviors of different access objects according to the identification result. It should be noted here that the access object 31 and the access object 32 in this embodiment are only examples, and do not limit the scope of the embodiment of the present invention.

The above example of fig. 1 is only an example of a system architecture for implementing the embodiment of the present invention, and the embodiment of the present invention is not limited to the system architecture described in the above fig. 1, and various embodiments of the method of the present invention are proposed based on the system architecture described in the above fig. 1.

The first embodiment is as follows:

as shown in fig. 2, the information evaluation processing method according to the embodiment of the present invention includes:

step 101, a first entity obtains a first user credit evaluation request, where the first user credit evaluation request is used to evaluate the validity of a first user request.

Here, the embodiment of the present invention includes interaction among a plurality of entities to implement an illegal behavior recognition process based on credit evaluation scores (e.g., financial credit scores), and different alarm policies are adopted for different recognition results according to user behaviors of different access objects. Taking the first entity as the financial evaluating institution as an example, the processing performed by the third-party financial evaluating institution is performed by a server and its storage database, and one specific implementation of the server in the system architecture is shown in fig. 1. The first user credit evaluation request is used for evaluating the validity of a first user (or called a user behavior initiating end) request, taking the terminal devices 21 to 24 in fig. 1 as an example, if a shopping website is accessed through the terminal devices 21 to 24, a process of ordering, paying and generating an order for a favorite commodity on the shopping website is an access request or an interaction request containing multi-level information interaction. Because the payment behavior is different from the conventional user behavior and relates to money transaction, the real behavior of the terminal device can be accurately reflected, such as whether to pay on time or not, whether to pay in full amount or not, whether to pay in installments or not and a series of behaviors derived from the payment, for example, if the installments are selected, whether to pay in installments or not, whether to carry out installments or not, and the like. These behaviors, which are different from the normal user behaviors, and the data generated by them, can be provided to the server 11, and the processing of the server 11 can obtain the credit evaluation score (e.g. financial credit score) of the financial evaluation institution for the first user (or called user behavior initiator), or an instance of the user where the terminal device 21-24 is located, and so on.

Step 102, the first entity analyzes the first user credit evaluation request, and generates a credit evaluation score for the first user, wherein the credit evaluation score corresponds to the user identity information.

Here, the credit evaluation score (e.g., the financial credit score) of the first user (or referred to as the user behavior initiating end), or an instance of the user where the terminal device 21-24 is located, etc. by the processing of the server 11, may be obtained, and the credit evaluation score (e.g., the financial credit score) corresponds to the user identification information (or the real name identification information) to specify which user the credit evaluation score (e.g., the financial credit score) corresponds to, for example, the user identification information (or the real name identification information) is of the user a, and then the credit evaluation score (e.g., the financial credit score) is of the user a, but not possibly of the user B.

Here, the credit evaluation score is used to represent the trustworthiness degree of the user behavior formed after the first user sends an access request or an interaction request to different access objects.

Step 103, the first entity sends the credit evaluation score containing the user identity information, so that the second entity can identify whether the user behavior is legal or not according to the credit evaluation score, and different alarm strategies are adopted according to the identification result and aiming at the user behaviors of different access objects.

Here, the credit evaluation score (e.g., financial credit score) sent by the first entity needs to include: user identity information (or real name identity information), otherwise, one scenario is: the credit evaluation scores (such as financial credit scores) of a plurality of users are mixed, for example, the score of the user A is added to the score of the user B, so that the credit evaluation scores (such as financial credit scores) cannot uniquely identify the determined current user, so that the credit evaluation scores (such as financial credit scores) are meaningless as a basis for identifying illegal behaviors, the misjudgment rate still remains high, and correspondingly, the alarm rate still cannot be accurately set.

When the credit evaluation score (such as financial credit score) can uniquely identify the determined current user, the embodiment of the invention adopts the credit evaluation score to identify whether the user behavior is legal or not, and does not simply collect and analyze the user behavior and match the user behavior characteristics to identify whether the user behavior is legal or not, so that the identification accuracy is high, the possibility of misjudgment is greatly reduced, and a suitable false alarm rate is set by taking the misjudgment as a reference. Moreover, after the user behavior is identified according to the credit evaluation score, different alarm strategies can be adopted according to the identification result of the user behavior aiming at different access objects, so that the misoperation caused by the fact that the false alarm rate is set to be too low or too high is avoided, and if the legal behavior is used as the illegal behavior for shielding, the illegal behavior is released as the legal behavior.

In an embodiment of the present invention, the credit evaluation score is anonymous information in a use stage, and the user identity information included in the credit evaluation score is encrypted signature information. The method further comprises the following steps: and identifying whether the user behavior is legal or not to obtain illegal behavior, acquiring a request for tracing the illegal behavior, decrypting the anonymous information to obtain the user identity information contained in the credit evaluation score, and determining a real-name user corresponding to the illegal behavior as an object to be traced according to the user identity information.

In practical application, the first scheme is as follows: in an implementation manner of the embodiment of the present invention, the obtaining of the first user credit evaluation request includes: the present first entity (e.g., financial evaluation institution) obtains the first user credit evaluation request from a user behavior initiating terminal (first user side) that establishes operable communication with a second entity (e.g., network security control facility), through which verification of the operable communication is established between the present first entity (e.g., financial evaluation institution) and the second entity (e.g., network security control facility). Fig. 3 is a schematic diagram of a system architecture 1 applying an embodiment of the present invention, in which a second entity (e.g., a network security control facility) and a first entity (e.g., a financial evaluation institution) cannot be directly authenticated, and an initiator is introduced as an intermediate party to assist the authentication between the two entities. Since the second entity (e.g. the cyber security control facility) and the first entity (e.g. the financial evaluation institution) are not necessarily located in the inter-trusted internal network, and there is no trust foundation between the two, it is necessary to introduce the user behavior initiating end as an intermediate party to assist the authentication between the two.

Correspondingly, the sending the credit evaluation score containing the user identity information comprises: the first entity sends the credit evaluation score containing the user identity information to the second entity.

In practical application, the first scheme is as follows: in an implementation manner of the embodiment of the present invention, the obtaining of the first user credit evaluation request includes: the first user credit assessment request is obtained directly from a second entity (e.g., a network security control facility) by a first entity (e.g., a financial assessment institution). Fig. 4 is a schematic diagram of a system architecture 2 to which an embodiment of the present invention is applied, in which a second entity (e.g., a network security control facility) and a first entity (e.g., a financial evaluating entity) can directly perform authentication because they are in an internal network that is trusted with each other, and there is no need to introduce a user behavior initiating end as an intermediate party to assist authentication between the two entities. As the auxiliary means of introducing the user behavior initiating end for identity authentication is not required to be added between the second entity (such as a network security control facility) and the first entity (such as a financial evaluation institution), the authentication can be directly performed, thereby saving the processing cost and improving the processing efficiency.

Correspondingly, the sending the credit evaluation score containing the user identity information comprises: the first entity (e.g., a financial evaluation institution) sends a credit evaluation score containing the user identity information to the second entity (e.g., a network security control facility).

Example two:

as shown in fig. 5, a first entity in an information evaluation processing system according to an embodiment of the present invention may be implemented by using the server 11 in fig. 1, where the first entity includes: a first obtaining unit 51, configured to obtain a first user credit evaluation request, where the first user credit evaluation request is used to evaluate validity of a first user request; the first analyzing unit 52 is configured to analyze the first user credit evaluation request, and generate a credit evaluation score for the first user, where the credit evaluation score corresponds to the user identity information, and the credit evaluation score is used to represent a trustworthiness degree that a user behavior formed after the first user sends an access request or an interaction request for different access objects corresponds to; and a first sending unit 53, configured to send a credit evaluation score including the user identity information, so as to identify whether a user behavior is legal according to the credit evaluation score, and adopt different alarm policies for user behaviors of different access objects according to an identification result.

Based on the first entity (e.g., financial evaluation institution) and its interaction with other entities, in the information evaluation processing flow of the embodiment of the present invention, an illegal behavior identification flow based on credit evaluation scores (e.g., financial credit scores) is implemented by including interactions among a plurality of entities, and different alarm policies are taken for different identification results with respect to user behaviors of different access objects. Taking the first entity as the financial evaluating institution as an example, the processing performed by the third-party financial evaluating institution is performed by a server and its storage database, and one specific implementation of the server in the system architecture is shown in fig. 1. The first user credit evaluation request is used for evaluating the validity of a first user (or called a user behavior initiating end) request, taking the terminal devices 21 to 24 in fig. 1 as an example, if a shopping website is accessed through the terminal devices 21 to 24, a process of ordering, paying and generating an order for a favorite commodity on the shopping website is an access request or an interaction request containing multi-level information interaction. Because the payment behavior is different from the conventional user behavior and relates to money transaction, the real behavior of the terminal device can be accurately reflected, such as whether to pay on time or not, whether to pay in full amount or not, whether to pay in installments or not and a series of behaviors derived from the payment, for example, if the installments are selected, whether to pay in installments or not, whether to carry out installments or not, and the like. These behaviors, which are different from the normal user behaviors, and the data generated by them, can be provided to the server 11, and the processing of the server 11 can obtain the credit evaluation score (e.g. financial credit score) of the financial evaluation institution for the first user (or called user behavior initiator), or an instance of the user where the terminal device 21-24 is located, and so on. Through the processing of the server 11, a credit evaluation score (e.g., a financial credit score) of the first user (or referred to as a user behavior initiating end), or an instance of the user where the terminal device 21-24 is located, etc. by the financial evaluation institution may be obtained, where the credit evaluation score (e.g., the financial credit score) corresponds to the user identity information (or the real name identity information) to specify which user the credit evaluation score (e.g., the financial credit score) corresponds to, for example, the user identity information (or the real name identity information) is of the user a, and then the credit evaluation score (e.g., the financial credit score) is of the user a, but not possibly of the user B. Here, the credit evaluation score is used to represent the trustworthiness degree of the user behavior formed after the first user sends an access request or an interaction request to different access objects.

The credit assessment score (e.g., financial credit score) sent by the first entity needs to include: user identity information (or real name identity information), otherwise, one scenario is: the credit evaluation scores (such as financial credit scores) of a plurality of users are mixed, for example, the score of the user A is added to the score of the user B, so that the credit evaluation scores (such as financial credit scores) cannot uniquely identify the determined current user, so that the credit evaluation scores (such as financial credit scores) are meaningless as a basis for identifying illegal behaviors, the misjudgment rate still remains high, and correspondingly, the alarm rate still cannot be accurately set.

In an embodiment of the present invention, the credit evaluation score is anonymous information in a use stage, and the user identity information included in the credit evaluation score is encrypted signature information; the first entity further comprises: a tracing unit for: and identifying whether the user behavior is legal or not to obtain illegal behavior, acquiring a request for tracing the illegal behavior, decrypting the anonymous information to obtain the user identity information contained in the credit evaluation score, and determining a real-name user corresponding to the illegal behavior as an object to be traced according to the user identity information.

In an implementation manner of the embodiment of the present invention, the first obtaining unit is further configured to: acquiring the first user credit evaluation request from a user behavior initiating terminal establishing feasible communication with a second entity, and establishing verification of the feasible communication between the first entity and the second entity through the user behavior initiating terminal; the first sending unit is further configured to: sending a credit assessment score containing the user identity information to the first entity.

In an implementation manner of the embodiment of the present invention, the first obtaining unit is further configured to: obtaining the first user credit assessment request directly from a first entity; the first sending unit is further configured to: sending a credit assessment score containing the user identity information to the first entity.

An example of the server for implementing the first entity as a hardware entity S11 is shown in fig. 6. The apparatus comprises a processor 61, a storage medium 62 and at least one external communication interface 63; the processor 61, the storage medium 62 and the external communication interface 63 are all connected by a bus 64.

Here, it should be noted that: the description related to the first entity item is similar to the description of the method flow in the above embodiment, and the description of the beneficial effect of the method is omitted for brevity. For technical details not disclosed in the first embodiment of the present invention, please refer to the method flow description in the above embodiment.

Example three:

as shown in fig. 7, an information evaluation processing method according to an embodiment of the present invention includes:

step 301, the user behavior initiating terminal initiates an access request or an interaction request for different access objects, and the access request or the interaction request is monitored by the second entity.

Here, taking the terminal devices 21 to 24 in fig. 1 as an example, if a shopping website is accessed through the terminal devices 21 to 24, the process of placing orders, paying for favorite goods on the shopping website and generating orders is an access request or an interaction request containing multi-level information interaction. These access requests or interaction requests are heard by the second entity (the network security control facility). The second entity (the network security control facility) collects the monitored user behavior in order to perform step 302 accordingly.

Step 302, sending a first user credit assessment request.

Here, the first user credit assessment request may be sent by the user behavior initiating terminal, or may be sent by the second entity (network security control setting), and after the first user credit assessment request is sent to the first entity (e.g., financial assessment institution), the validity assessment of step 302 is performed as follows.

Step 303, the first entity obtains a first user credit evaluation request, where the first user credit evaluation request is used to evaluate the validity of the first user request.

Here, taking the terminal devices 21 to 24 in fig. 1 as an example, if a shopping website is accessed through the terminal devices 21 to 24, the process of placing orders, paying for favorite goods on the shopping website and generating orders is an access request or an interaction request containing multi-level information interaction. Because the payment behavior is different from the conventional user behavior and relates to money transaction, the real behavior of the terminal device can be accurately reflected, such as whether to pay on time or not, whether to pay in full amount or not, whether to pay in installments or not and a series of behaviors derived from the payment, for example, if the installments are selected, whether to pay in installments or not, whether to carry out installments or not, and the like. These behaviors, which are different from the normal user behaviors, and the data generated by them, can be provided to the server 11, and the processing of the server 11 can obtain the credit evaluation score (e.g. financial credit score) of the financial evaluation institution for the first user (or called user behavior initiator), or an instance of the user where the terminal device 21-24 is located, and so on.

Step 304, the first entity parses the first user credit assessment request, and generates a credit assessment score for the first user, where the credit assessment score corresponds to the user identity information.

Here, the credit evaluation score (e.g. financial credit score) of the first user (or called user behavior initiator) or an instance of the user where the terminal device 21-24 is located by the financial evaluation institution may be obtained through the processing of the server 11, and the credit evaluation score (e.g. financial credit score) corresponds to the user identification information (or called real name identification information) to specify to which user the credit evaluation score (e.g. financial credit score) corresponds, for example, the user identification information (or called real name identification information) is of the user a, and then the credit evaluation score (e.g. financial credit score) is of the user a, but not possibly of the user B.

Step 305, the first entity sends the credit evaluation score containing the user identity information to the second entity.

And step 306, the second entity identifies whether the user behavior is legal according to the credit evaluation score, and adopts different alarm strategies according to the identification result and aiming at the user behaviors of different access objects.

Here, step 305 and step 306 illustrate that the credit assessment score (e.g., financial credit score) sent by the first entity needs to include: user identity information (or real name identity information), otherwise, one scenario is: the credit evaluation scores (such as financial credit scores) of a plurality of users are mixed, for example, the score of the user A is added to the score of the user B, so that the credit evaluation scores (such as financial credit scores) cannot uniquely identify the determined current user, so that the credit evaluation scores (such as financial credit scores) are meaningless as a basis for identifying illegal behaviors, the misjudgment rate still remains high, and correspondingly, the alarm rate still cannot be accurately set.

In an implementation manner of the embodiment of the present invention, the identifying, by the second entity, whether the user behavior is legal according to the credit evaluation score, and adopting different alarm policies for the user behaviors of different access objects according to the identification result includes: and the second entity uses different network behavior monitoring strategies, screening strategies and/or network access authority distribution strategies for the user behavior initiating end according to the identification result. Specifically, when the identification result is a user behavior higher than a first threshold, a first matching degree is alarmed on the alarm threshold setting of the screening strategy, and a first monitoring strategy or a first network access authority distribution strategy is used; and when the identification result is the user behavior lower than the first threshold, alarming the second matching degree on the alarm threshold setting of the screening strategy, and using a second monitoring strategy or a second network access authority distribution strategy.

It should be noted that the first matching degree is a higher matching degree than the second matching degree; the first monitoring policy is a simpler monitoring policy than the second monitoring policy; the distribution strategy of the first network access authority is a distribution strategy of a higher access authority than the distribution strategy of the second network access authority. That is, with embodiments of the present invention, for different financial credit scores, a second entity (e.g., a network security control facility) uses different network behavior monitoring and screening policies and assignments of network access rights. For example, for a user with a higher score, the credit is considered to be better, an alarm can be given for a higher matching degree on the alarm threshold setting of the screening strategy, or a simpler control strategy is used, and a higher network access right is given; on the contrary, for the user with poor credit, the alarm is needed for the lower matching degree, strict strategy screening is carried out, and lower network access authority is given.

In an implementation manner of the embodiment of the present invention, the acquiring, by the first entity, the first user credit evaluation request includes: the first entity obtains the first user credit evaluation request from a user behavior initiating terminal establishing feasible communication with a second entity, and the verification of the feasible communication between the first entity and the second entity is established through the user behavior initiating terminal. Fig. 3 is a schematic diagram of a system architecture 1 applying an embodiment of the present invention, in which a second entity (e.g., a network security control facility) and a first entity (e.g., a financial evaluation institution) cannot be directly authenticated, and an initiator is introduced as an intermediate party to assist the authentication between the two entities. Since the second entity (e.g. the cyber security control facility) and the first entity (e.g. the financial evaluation institution) are not necessarily located in the inter-trusted internal network, and there is no trust foundation between the two, it is necessary to introduce the user behavior initiating end as an intermediate party to assist the authentication between the two.

In a practical application scenario, based on the system architecture 1 shown in fig. 3, the following embodiments are included.

In an implementation manner of the embodiment of the present invention, the method further includes: a third entity (such as a public key infrastructure) issues digital certificates to the user behavior initiating end, the first entity (such as a financial assessment institution) and the second entity (such as a network security control facility), wherein the digital certificates can prove the valid identities of the user behavior initiating end, the first entity and the second entity, so as to establish a trust relationship among the initiating end, the first entity (such as the financial assessment institution) and the second entity (such as the network security control facility).

In an implementation manner of the embodiment of the present invention, the method further includes: the sending of the first user credit evaluation request after the access request or the interaction request is monitored by the second entity comprises: the second entity generates a first hash value according to the access request or the interaction request initiated by the user behavior initiating end aiming at different access objects according to a first preset strategy, uniquely identifies the access request or the interaction request through the first hash value, and attaches the first hash value to the access request or the interaction request; the second entity signs the first hash value by using a certificate of the second entity to obtain first signature information; and the second entity initiates the first user credit assessment request to the user behavior initiating end and attaches the first signature information.

Here, for the signature, the signature (or called digital signature) is encrypted by using a private key, and correspondingly, the decryption is decrypted by using a public key. The private key and the public key are a pair of keys, and an asymmetric encryption algorithm can be adopted.

For the hash value and the access request or the interaction request, the encryption and decryption processes related to the signature (or the digital signature) are described as follows: one party, for example, the user a regards the access request or the interaction request as a "message", and regards the first hash value as a "message digest" of the "message". A hash algorithm is first applied to the "message" to create a "message digest," i.e., the first hash value. The "message digest" identified by the first hash value can be viewed as a compact and unique representation of the data. And encrypting the message digest, namely the first hash value, by using a self private key to obtain first signature information, thereby creating and obtaining a personal signature (or called digital signature) which can finally confirm the self identity of the user. When the other person, for example, the user B receives the first signature information obtained by performing hash operation and signature (or called digital signature) based on the "message", the user B decrypts the first signature information by using the public key of the user a to recover the "message digest", that is, the first hash value, and the user B hashes the "message" by using the same hash algorithm as that used by the user a. If the "message digest" calculated by user B is identical to the "message digest" received from user a, i.e., both calculated results are the first hash value, then user B can determine that the "message" is from the holder of the private key and that the data has not been modified.

In an implementation manner of the embodiment of the present invention, the method further includes: the method further comprises the following steps: and the user behavior initiating terminal decrypts the first signature information by using the certificate of the second entity to obtain the first hash value, and compares whether the access request or the interaction request uniquely identified by the first hash value is consistent with the first user credit evaluation request, namely compares whether the access request and the access request contained in the decryption information are consistent. And if the second entity is consistent with the network security control facility, the request is a legal request, and the second entity is detected to be a legal network security control facility. And the user behavior initiating terminal signs the first hash value by using a certificate of the user behavior initiating terminal to obtain second signature information, and the second signature information and the first signature information are attached to the first user credit evaluation request and are sent to the first entity for verification.

In an implementation manner of the embodiment of the present invention, the method further includes: the first entity analyzes the first user credit evaluation request and generates a credit evaluation score for the first user, specifically, the first entity receives the first user credit evaluation request and analyzes the second signature information and the first signature information; the first entity decrypts the second signature information and the first signature information by respectively adopting the certificate public key of the user behavior initiating terminal and the certificate public key of the second entity, compares whether the decrypted information is the first hash value, if so, extracts a credit evaluation score and user identity information corresponding to the user behavior initiating terminal, and encrypts the credit evaluation score (daily financial credit score) and the user identity information (real-name identity information) by using the certificate of the first entity to obtain encrypted information A; the first entity signs the credit evaluation score, the encrypted information A, the first entity identity information (such as the identity information of a financial credit evaluation organization) and the first hash value by using a certificate of the first entity to obtain signature information B, encrypts the signature information B by using the certificate of the user behavior initiating terminal to obtain encrypted information B, and returns the encrypted information B to the user behavior initiating terminal.

In an implementation manner of the embodiment of the present invention, the method further includes: and the user behavior initiating terminal decrypts the encrypted information B by using the certificate of the user behavior initiating terminal to obtain the signature information B, encrypts the signature information B by using the certificate of the second entity to obtain feedback information aiming at the first user credit evaluation request sent by the second entity, wherein the feedback information comprises the credit evaluation score and the access certificate, and sends the feedback information to the second entity.

In an implementation manner of the embodiment of the present invention, the acquiring, by the first entity, the first user credit evaluation request includes: the first entity obtains the first user credit assessment request directly from the second entity. Fig. 4 is a schematic diagram of a system architecture 2 to which an embodiment of the present invention is applied, in which a second entity (e.g., a network security control facility) and a first entity (e.g., a financial evaluating entity) can directly perform authentication because they are in an internal network that is trusted with each other, and there is no need to introduce a user behavior initiating end as an intermediate party to assist authentication between the two entities. As the auxiliary means of introducing the user behavior initiating end for identity authentication is not required to be added between the second entity (such as a network security control facility) and the first entity (such as a financial evaluation institution), the authentication can be directly performed, thereby saving the processing cost and improving the processing efficiency.

In a practical application scenario, based on the system architecture 2 shown in fig. 4, the following embodiments are included.

In an implementation manner of the embodiment of the present invention, the method further includes: and a third entity issues digital certificates which can prove the valid identities of the user behavior initiating terminal, the first entity and the second entity to the user behavior initiating terminal, the first entity and the second entity so as to establish a trust relationship among the initiating terminal, the first entity and the second entity.

In an implementation manner of the embodiment of the present invention, the method further includes: the access request or the interaction request is monitored by a second entity and then a first user credit evaluation request is sent, specifically, the second entity generates a first hash value according to the access request or the interaction request initiated by a user behavior initiating end aiming at different access objects and a first preset strategy, uniquely identifies the access request or the interaction request through the first hash value and attaches the first hash value to the access request or the interaction request; the second entity signs the first hash value by using a certificate of the second entity to obtain first signature information; the second entity initiates the first user credit assessment request to the first entity and attaches the first signature information.

In an implementation manner of the embodiment of the present invention, the method further includes: the first entity decrypts the first signature information by using the certificate of the second entity to obtain the first hash value, compares whether the access request or the interaction request uniquely identified by the first hash value with the first user credit evaluation request is a consistent access request, if so, the access request or the interaction request is a legal request, and detects that the second entity is a legal entity.

In an implementation manner of the embodiment of the present invention, the method further includes: the first entity analyzes the first user credit evaluation request and generates a credit evaluation score for the first user, specifically, the first entity extracts the corresponding credit evaluation score and user identity information of a user behavior initiating end, uses the credit evaluation score and an access certificate as feedback information of the first user credit evaluation request sent by a second entity, and sends the feedback information to the second entity.

Example four:

an information evaluation processing system according to an embodiment of the present invention includes: the system comprises a user behavior initiating end, a first entity and a second entity.

Wherein, the user behavior initiating terminal includes: the first request initiating unit is used for initiating access requests or interactive requests aiming at different access objects, and the access requests or the interactive requests are monitored by the second entity and then sent to the first user credit evaluation request.

Wherein the first entity comprises: the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a first user credit evaluation request which is used for evaluating the legality of the first user request; the first analysis unit is used for analyzing the first user credit evaluation request and generating a credit evaluation score for the first user, wherein the credit evaluation score corresponds to the user identity information; the credit evaluation score is used for representing the credibility degree correspondingly possessed by the user behavior formed after the first user sends the access request or the interaction request aiming at different access objects; and the first sending unit is used for sending the credit evaluation score containing the user identity information to the second entity.

Wherein the second entity comprises: and the alarm identification unit is used for identifying whether the user behavior is legal or not according to the credit evaluation score and adopting different alarm strategies according to the identification result and aiming at the user behaviors of different access objects.

In an implementation manner of the embodiment of the present invention, the alarm identification unit is further configured to: and using different network behavior monitoring strategies, screening strategies and/or distribution strategies of network access authorities for the user behavior initiating terminal according to the identification result.

In an implementation manner of the embodiment of the present invention, the alarm identification unit is further configured to: when the identification result is the user behavior higher than the first threshold, alarming is carried out on the first matching degree on the alarm threshold setting of the screening strategy, and a first monitoring strategy or a first network access authority distribution strategy is used; when the identification result is the user behavior lower than the first threshold, alarming is carried out on the second matching degree on the alarm threshold setting of the screening strategy, and a second monitoring strategy or a second network access authority distribution strategy is used; wherein the first degree of matching is a higher degree of matching than the second degree of matching; the first monitoring policy is a simpler monitoring policy than the second monitoring policy; the distribution strategy of the first network access authority is a distribution strategy of a higher access authority than the distribution strategy of the second network access authority.

In an implementation manner of the embodiment of the present invention, the first obtaining unit is further configured to: and acquiring the first user credit evaluation request from a user behavior initiating terminal establishing feasible communication with a second entity, and establishing verification of the feasible communication between the first entity and the second entity through the user behavior initiating terminal.

In an implementation manner of the embodiment of the present invention, the system further includes: a third entity; the third entity comprises a certificate issuance unit to: and issuing digital certificates capable of proving valid identities of the user behavior initiating terminal, the first entity and the second entity to the user behavior initiating terminal, the first entity and the second entity so as to establish a trust relationship among the initiating terminal, the first entity and the second entity.

In an implementation manner of the embodiment of the present invention, the first request initiating unit is further configured to: generating a first hash value according to the access request or the interaction request initiated by a user behavior initiating end aiming at different access objects and a first preset strategy, uniquely identifying the access request or the interaction request through the first hash value, and attaching the first hash value to the access request or the interaction request; signing the first hash value by using a certificate of the second entity to obtain first signature information; and initiating the first user credit evaluation request to the user behavior initiating end and attaching the first signature information.

In an implementation manner of the embodiment of the present invention, the user behavior initiating terminal further includes: the first verification unit is used for decrypting the first signature information by using a certificate of the second entity to obtain a first hash value, comparing whether the access request or the interaction request uniquely identified by the first hash value with the first user credit evaluation request is a consistent access request or not, if so, determining that the access request or the interaction request is a legal request, and detecting that the second entity is a legal entity; and the first processing unit is used for signing the first hash value by using a certificate of the user behavior initiating terminal to obtain second signature information, and sending the second signature information and the first signature information attached to the first user credit evaluation request to the first entity for verification.

In an embodiment of the present invention, the first analyzing unit is further configured to: receiving the first user credit evaluation request, and analyzing the second signature information and the first signature information; decrypting the second signature information and the first signature information by respectively adopting the certificate public key of the user behavior initiating terminal and the certificate public key of the second entity, comparing whether the decrypted information is the first hash value, if so, extracting a credit evaluation score and user identity information corresponding to the user behavior initiating terminal, and encrypting the credit evaluation score and the user identity information by using the certificate of the first entity to obtain encrypted information A; and signing the credit evaluation score, the encrypted information A, the first entity identity information and the first hash value by using a certificate of the first entity to obtain signature information B, encrypting the signature information B by using the certificate of the user behavior initiating terminal to obtain encrypted information B, and returning the encrypted information B to the user behavior initiating terminal.

In an implementation manner of the embodiment of the present invention, the system further includes: a second processing unit to: and after the certificate of the user behavior initiating terminal is used for decrypting the encrypted information B, the signature information B is obtained, after the signature information B is encrypted by using the certificate of the second entity, feedback information aiming at the first user credit evaluation request sent by the second entity is obtained, the feedback information comprises the credit evaluation score and the access certificate, and the feedback information is sent to the second entity.

The above embodiment is based on the system architecture 1 shown in fig. 3, in which the authentication between the second entity (e.g. the network security control facility) and the first entity (e.g. the financial evaluation institution) cannot be directly performed, and an initiating end needs to be introduced as an intermediate party to assist the authentication between the two entities. Since the second entity (e.g. the cyber security control facility) and the first entity (e.g. the financial evaluation institution) are not necessarily located in the inter-trusted internal network, and there is no trust foundation between the two, it is necessary to introduce the user behavior initiating end as an intermediate party to assist the authentication between the two.

The latter embodiment is based on the system architecture 2 as shown in fig. 4. Fig. 4 is a schematic diagram of a system architecture 2 to which an embodiment of the present invention is applied, in which a second entity (e.g., a network security control facility) and a first entity (e.g., a financial evaluating entity) can directly perform authentication because they are in an internal network that is trusted with each other, and there is no need to introduce a user behavior initiating end as an intermediate party to assist authentication between the two entities. As the auxiliary means of introducing the user behavior initiating end for identity authentication is not required to be added between the second entity (such as a network security control facility) and the first entity (such as a financial evaluation institution), the authentication can be directly performed, thereby saving the processing cost and improving the processing efficiency.

In an implementation manner of the embodiment of the present invention, the first obtaining unit is further configured to: the first user credit assessment request is obtained directly from a second entity.

In an implementation manner of the embodiment of the present invention, the first request initiating unit is further configured to: the second entity generates a first hash value according to the access request or the interaction request initiated by the user behavior initiating end aiming at different access objects according to a first preset strategy, uniquely identifies the access request or the interaction request through the first hash value, and attaches the first hash value to the access request or the interaction request; the second entity signs the first hash value by using a certificate of the second entity to obtain first signature information; the second entity initiates the first user credit assessment request to the first entity and attaches the first signature information.

In an implementation manner of the embodiment of the present invention, the first entity further includes: and the second verification unit is used for decrypting the first signature information by using the certificate of the second entity to obtain the first hash value, comparing whether the access request or the interaction request uniquely identified by the first hash value with the first user credit evaluation request is a consistent access request or not, if so, determining that the access request or the interaction request is a legal request, and detecting that the second entity is a legal entity.

In an embodiment of the present invention, the first analyzing unit is further configured to: and extracting a credit evaluation score and user identity information corresponding to a user behavior initiating end, using the credit evaluation score and an access certificate as feedback information of the first user credit evaluation request sent by a second entity, and sending the feedback information to the second entity.

The embodiment of the invention is explained by taking a practical application scene as an example as follows:

the application scenario adopts the embodiment of the invention, which is a technical scheme for assisting in identifying illegal network behaviors by using financial credit scores. First, technical terms related to the present document are explained: 1. machine learning: machine learning theory is mainly to design and analyze some algorithms that allow computers to "learn" automatically. The machine learning algorithm is an algorithm for automatically analyzing and obtaining rules from data and predicting unknown data by using the rules. Because a large number of statistical theories are involved in the learning algorithm, machine learning is particularly closely related to inference statistics, which are also called statistical learning theories. 2. Public key infrastructure: is a set of infrastructure consisting of hardware, software, participants, administrative policies and procedures aimed at creating, managing, distributing, using, storing and revoking digital certificates. 3. And (3) Hash algorithm: the hash algorithm maps an arbitrary length binary value to a shorter fixed length binary value, this small binary value being referred to as the hash value. Hash values are a unique and extremely compact representation of a piece of data as a value. If a piece of plaintext is hashed and even if only one letter of the piece is altered, the subsequent hash will produce a different value. It is computationally infeasible to find two different inputs whose hash is the same value, so the hash value of the data can verify the integrity of the data. Typically for fast lookup and encryption algorithms.

For illegal network behaviors, the illegal network behaviors refer to network access behaviors violating relevant laws and regulations where the behaviors occur, and the behaviors often have certain malicious properties and may cause economic, reputation and even personal injury and loss to relevant accessed objects or third parties. With the rapid development of the internet, the number of illegal network behaviors in the network is also increasing. These illegal network behaviors are hidden and difficult to detect and identify, and are usually automatically matched with manually set strategies by a computer or screened and identified by patterns generated by a machine learning algorithm. However, when a computer finds a behavior, a false alarm rate setting problem often exists, that is, the problem of how much matching degree with a policy needs to reach to trigger an alarm is seen: in the prior art, the accuracy of identifying illegal behaviors is not high, which causes inaccurate false alarm rate setting, thereby causing: because the number of legal network behaviors is usually much larger than that of illegal network behaviors (under the condition of not considering traffic attacks), if the matching degree requirement is too high, namely the false alarm rate is set to be too high, some illegal behaviors can be released, and conversely, if the false alarm rate is set to be too low, a large number of legal behaviors can be reported as illegal behaviors. The method for evaluating the network behavior based on the financial credit score can accurately identify the illegal behavior, thereby obtaining a proper result for setting the false alarm rate by reference.

For the financial credit score, the financial credit score can effectively reflect the credibility of the user on the financial activity, namely the possibility of generating default behaviors. It has a great characteristic of corresponding to the real identity information of people and has a professional financial credit assessment organization to carry out the liability endorsement. Compared with the certification issued by judicial or administrative authorities, the threshold of the financial credit score is much lower, and complex administrative processes are not needed. And the credit score can directly reflect the credibility of the access object, and can flexibly control the screening strength of the behavior. The real-name characteristic is a powerful tool for the responsibility investigation after the fact.

The method adopts the prior art to identify the illegal network behaviors, and one scheme is as follows: the problem of false alarm rate setting exists when a manually constructed strategy or a network access mode learned through data is used for automatically filtering network behaviors, and the situation that a part of illegal behaviors are released or legal network behaviors are misreported is difficult to avoid; the construction strategy needs to have certain experience, and the process of data learning also needs manual experience to participate. The other scheme is as follows: and constructing a security credit score by using the network access record, and executing different matching strategies according to the security credit score. Corresponding credit scores can be given only when an object is accessed, and the security credit scores cannot be traced to the degree of real name traceability responsibility, so that the capability is relatively weak.

The application scenario adopts the embodiment of the invention to evaluate the network behaviors by using the financial credit scores and judge whether the network behaviors needing to be further discriminated are illegal or not by using related auxiliary technical means according to the evaluation result, thereby improving the efficiency of discriminating the illegal network behaviors. Specifically, by acquiring the financial credit scores and the certificates which are provided by the related financial credit evaluation institutions and meet the related requirements from the network access objects, different alarm strategies are adopted for different actions of the access objects. The credit score proof provided by the financial credit evaluation institution is anonymous in the use stage so as to protect the privacy right of the user, but can be used for real-name tracing by encrypted signature information contained in illegal behavior loss tracing. By adopting the embodiment of the invention, the characteristics of safety, credibility and traceability can be achieved at least, firstly, the integrity, confidentiality and non-repudiation of the credit score of the user can be ensured through the cryptology principle and the reasonable data processing method, thereby not only protecting the privacy of the user, but also realizing the effective transmission of the authentication information. Second, using the financial credit score: the financial credit score is obtained from the financial credit evaluation institution, and two characteristics of credibility and real-name traceability can be realized.

Fig. 3-4 are schematic diagrams of two system architectures to which the embodiment of the invention is applied, wherein, under the architecture of the system architecture 1 shown in fig. 3, the second entity (e.g., the network security control facility) and the first entity (e.g., the financial evaluation institution) cannot be directly authenticated, and an initiator is introduced as an intermediate party to assist the authentication between the two entities. Since the second entity (e.g. the cyber security control facility) and the first entity (e.g. the financial evaluation institution) are not necessarily located in the inter-trusted internal network, and there is no trust foundation between the two, it is necessary to introduce the user behavior initiating end as an intermediate party to assist the authentication between the two. Under the architecture of the system architecture 2 shown in fig. 4, since the second entity (e.g., the network security control facility) and the first entity (e.g., the financial evaluation institution) are in the internal network trusted with each other, the authentication can be performed directly without introducing the user behavior initiating end as an intermediate party to assist the authentication between the two entities. As the auxiliary means of introducing the user behavior initiating end for identity authentication is not required to be added between the second entity (such as a network security control facility) and the first entity (such as a financial evaluation institution), the authentication can be directly performed, thereby saving the processing cost and improving the processing efficiency.

The modules in the system structure of the embodiment of the present invention are explained: the module of the system architecture mainly comprises a network visitor (namely an initiator of network behavior), an access object, a network security control facility, a financial credit evaluation organization and a public key infrastructure. Wherein: the behavior initiator comprises entities such as individuals, network accounts, software, hardware equipment, mechanisms and the like which can initiate network behaviors; the network security control facility is responsible for monitoring network access behaviors, and protecting network information security by controlling network access authority and limiting network access capability, and comprises a gateway, a firewall, load balancing and flow control equipment; the financial credit assessment institution can effectively provide self capability certification and provide the behavior initiator with financial credit scores containing real identity information of the initiator. The public key infrastructure is responsible for issuing digital certificates to various other parties that can prove their valid identities.

Based on the system architecture 1 shown in fig. 3, the execution flow of the system includes the following contents:

1) and sending an access or interaction request to the behavior object by the behavior initiator.

2) The network security control facility monitors the related behaviors of a behavior initiator, records the behavior content, the behavior object and the access timestamp of the behavior initiator, maps the behavior content, the behavior object and the access timestamp by using a Hash algorithm, constructs a unique sequence which cannot be forged, and attaches the unique sequence to the behavior content and the behavior object; signing using a certificate of the network security control facility, which guarantees its validity and non-repudiation; and sending a request for credit and access proof of the behavior initiator, and attaching the signed information to the behavior initiator.

3) The behavior initiator verifies the information returned by the network security control facility to confirm the legal network security control facility. The specific verification process uses the certificate of the network security control facility to decrypt the signature information, and then compares whether the access request and the access request contained in the decrypted information are consistent. If the network security control facilities are consistent, the network security control facilities are determined to be legal, and the step 4) is entered, otherwise, the request is rejected.

4) The behavior initiator signs the decrypted signature information by using the certificate of the behavior initiator, sends the signature information and the original signature information to a financial credit evaluation institution which can provide effective access credit evidence, and sends a corresponding access request.

5) After receiving the information, the financial credit evaluation organization decrypts the two pieces of signature information by respectively using the certificate public keys of the network security control facility and the behavior initiator, compares whether the information is consistent, extracts the corresponding financial credit score and real-name identity information of the behavior initiator if the information is consistent and the identity information of the two is matched with the identity information owned by the financial credit evaluation organization, encrypts the two pieces of signature information by using the certificate of the financial credit evaluation organization (the encrypted information A is obtained by encryption), and ensures the confidentiality of the signature information; then, the financial credit score in a clear text form and the encrypted information (such as the encrypted information A) are added with the identity information of the financial credit evaluation institution (such as the financial credit score sent by which institution) and the information which is decrypted and compared before (such as the comparison of different signatures to obtain a hash value, and the certificate signature of the financial credit evaluation institution (the signature information B) is obtained by determining that the same access request is aimed at through the hash value); and finally, encrypting the information by using the certificate of the behavior initiator (obtaining encrypted information B by encryption) and then sending the encrypted information back to the behavior initiator.

6) After receiving the relevant information (such as the encrypted information B), the behavior initiator decrypts the information by using the certificate (decrypts to obtain the signed information B), then verifies the authenticity and validity of the signed information (such as whether the hash value is consistent with the hash value in the step 2-3), then encrypts the information (such as the signed information B) by using the certificate of the network security control facility to obtain credit and access certificates (such as the encrypted information C), and replies to the network security control facility.

7) The network security control facility decrypts the received information (such as the encrypted information C) by using the certificate of the network security control facility to obtain the signature information B, and then verifies the authenticity and validity of the signature information in the received information, and whether the integrity and non-repudiation of the data are available. If the credit points are all available, the real and effective financial credit points are considered to be received, and the received information is filed and stored.

8) For different financial credit scores, different network behavior monitoring and screening policies are used, as well as the assignment of network access rights. The general method is that the credit is considered to be better for the user with higher score, the alarm can be carried out on the higher matching degree on the alarm threshold value setting of the screening strategy, or a simpler control strategy is used, and higher network access authority is given; on the contrary, for the user with poor credit, the alarm is needed for the lower matching degree, strict strategy screening is carried out, and lower network access authority is given.

It should be noted here that for users who do not provide financial credit, the lack of credit is considered to be 0, and the lowest policy matching threshold and the lowest network access rights are used.

It should be noted here that when the user who provides the credit and access proof has illegal network behavior and needs to trace its responsibility, the network security control facility applies the decrypted and filed access proof to the financial credit evaluation institution to find out the corresponding real-name user.

Fig. 8 shows a method flow based on the system architecture, which includes:

step 401, a behavior initiator initiates a network behavior;

step 402, the network security infrastructure sends a credit score request to the initiator;

step 403, judging whether the request is legal, if so, executing step 404, otherwise, ending the current flow;

step 404, the behavior initiator signs the request information and forwards the request information to the financial information evaluation institution;

step 405, judging whether the requests are consistent, if so, executing step 406, otherwise, ending the current process;

step 406, judging whether the result is true or valid, and if so, executing step 407; otherwise, ending the current flow;

step 407, replying credit score and access certificate to the network security infrastructure;

step 408, judging whether the verification is true, if so, executing step 409; otherwise, ending the current flow;

step 409, different policies and rights are used according to credit scores.

Based on the above-mentioned process executed by the system architecture 1 shown in fig. 3, the process and the system architecture are relatively complex, and the following advantages are provided: the method can effectively provide higher security characteristics, and particularly can still effectively guarantee the security and confidentiality of data and the non-repudiation of credit scores when all network environments are public networks. However, these mechanisms appear to be somewhat redundant when the communication network is a reliable internal network. Thus, the method and system may be simplified for different network security situations.

If the financial credit worthiness institution and the network security infrastructure are located in the same internal network and the identity of the activity initiator is queryable, the system may be simplified as shown in figure 4, which is a simplified version of the system block diagram shown in figure 4.

Based on the system architecture 1 shown in fig. 4, the execution flow of the system includes the following contents:

1) sending access or interaction requests to behavioral objects by behavioral initiators

2) The network security control facility monitors the related behaviors of a behavior initiator, records the behavior content, the behavior object and the access timestamp of the behavior initiator, maps the behavior content, the behavior object and the access timestamp by using a Hash algorithm, constructs a unique sequence which cannot be forged, and attaches the unique sequence to the behavior content and the behavior object; signing using a certificate of the network security control facility, which guarantees its validity and non-repudiation; the credit score of the action initiator is requested to be sent to the financial credit assessment institution, and the signed information is attached to the credit score.

3) And after receiving the information, the financial credit evaluation institution verifies the information returned by the network security control facility to confirm the legal network security control facility. The specific verification process uses the certificate of the network security control facility to decrypt the signature information, and then compares whether the access request and the access request contained in the decrypted information are consistent. If the network security control facilities are consistent, the network security control facilities are determined to be legal, and the step 4) is entered, otherwise, the request is rejected.

4) The financial credit evaluation mechanism extracts the corresponding financial credit score and real-name identity information of the behavior initiator; the credit score is then sent back to the network security control facility.

5) The network security control facility receives the credit score and archives and saves the received information.

6) For different financial credit scores, different network behavior monitoring and screening policies are used, as well as the assignment of network access rights. The general method is that the credit is considered to be better for the user with higher score, the alarm can be carried out on the higher matching degree on the alarm threshold value setting of the screening strategy, or a simpler control strategy is used, and higher network access authority is given; on the contrary, for the user with poor credit, the alarm is needed for the lower matching degree, strict strategy screening is carried out, and lower network access authority is given.

The simplified method only carries out identity authentication when the request is sent and received for the first time, can effectively reduce the calculation cost in the processes of certificate encryption and decryption and signature authentication, and also reduces the cost of network transmission. Security, confidentiality and non-repudiation are also not reduced due to the fact that they are an internal security network.

The technical scheme of the invention has the following beneficial effects: 1) differentiated security policies: different security control and monitoring strategies are adopted for different users, and the financial credit score provided by a reliable third party is used as a credit endorsement, so that different security strategies can be adopted for different users, the strategy is depended on, the access management of the users is more flexible, and the access experience of the users is optimized. 2) The burden of the network security policy is reduced: differential strategy control does not need to screen and monitor all users by using too detailed strategies, so that the burden of network security strategies is effectively reduced; and the false alarm rate can be effectively reduced, so that the duty of safety personnel is reduced. 3) The overall safety is improved: because the false alarm rate is reduced, more resources can be invested to process illegal behaviors, and the overall safety is also improved because the financial credit evaluation mechanism of a third party and the public key infrastructure are combined to be used as the safety guarantee of the system.

In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, all the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.

Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional unit and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.

The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims

1. An information evaluation processing method, characterized by comprising:

2. The method of claim 1, wherein the credit evaluation score is anonymous during the usage phase, and the user identity information included in the credit evaluation score is encrypted signature information;

the method further comprises the following steps:

and identifying whether the user behavior is legal or not to obtain illegal behavior, acquiring a request for tracing the illegal behavior, decrypting the anonymous information to obtain the user identity information contained in the credit evaluation score, and determining a real-name user corresponding to the illegal behavior as an object to be traced according to the user identity information.

3. The method of claim 1, wherein obtaining the first user credit assessment request comprises:

acquiring the first user credit evaluation request from a user behavior initiating terminal establishing feasible communication with a second entity, and establishing verification of the feasible communication between the first entity and the second entity through the user behavior initiating terminal;

the sending the credit evaluation score containing the user identity information comprises:

the first entity sends the credit evaluation score containing the user identity information to the second entity.

4. The method of claim 1, wherein obtaining the first user credit assessment request comprises:

obtaining the first user credit assessment request directly from a second entity;

5. A first entity in an information evaluation processing system, the first entity comprising:

6. The first entity of claim 5, wherein the credit evaluation score is anonymous during the usage phase, and the user identity information included in the credit evaluation score is encrypted signature information;

the first entity further comprises: a tracing unit for:

7. The first entity of claim 5, wherein the first obtaining unit is further configured to:

the first sending unit is further configured to:

sending a credit assessment score containing the user identity information to the first entity.

8. The first entity of claim 5, wherein the first obtaining unit is further configured to:

obtaining the first user credit assessment request directly from a first entity;

the first sending unit is further configured to:

9. An information evaluation processing method, characterized by comprising:

10. The method of claim 9, wherein the second entity identifies whether the user behavior is legal according to the credit evaluation score, and adopts different alarm policies for the user behavior of different access objects according to the identification result, comprising:

when the identification result is the user behavior higher than the first threshold, alarming is carried out on the first matching degree on the alarm threshold setting of the screening strategy, and a first monitoring strategy or a first network access authority distribution strategy is used;

when the identification result is the user behavior lower than the first threshold, alarming is carried out on the second matching degree on the alarm threshold setting of the screening strategy, and a second monitoring strategy or a second network access authority distribution strategy is used; wherein,

the first degree of matching is a higher degree of matching than the second degree of matching;

the first monitoring policy is a simpler monitoring policy than the second monitoring policy;

the distribution strategy of the first network access authority is a distribution strategy of a higher access authority than the distribution strategy of the second network access authority.

11. The method of claim 9 or 10, wherein the first entity obtaining a first user credit assessment request comprises:

the first entity obtains the first user credit evaluation request from a user behavior initiating terminal establishing feasible communication with a second entity, and the verification of the feasible communication between the first entity and the second entity is established through the user behavior initiating terminal.

12. The method of claim 11, wherein sending the first user credit assessment request after the access request or the interaction request is intercepted by the second entity comprises:

the second entity generates a first hash value according to the access request or the interaction request initiated by the user behavior initiating end aiming at different access objects according to a first preset strategy, uniquely identifies the access request or the interaction request through the first hash value, and attaches the first hash value to the access request or the interaction request;

the second entity signs the first hash value by using a certificate of the second entity to obtain first signature information;

and the second entity initiates the first user credit assessment request to the user behavior initiating end and attaches the first signature information.

13. The method of claim 12, further comprising:

the user behavior initiating terminal decrypts the first signature information by using the certificate of the second entity to obtain the first hash value, compares whether the access request or the interaction request uniquely identified by the first hash value with the first user credit evaluation request is a consistent access request, if so, the access request or the interaction request is a legal request, and detects that the second entity is a legal entity;

and the user behavior initiating terminal signs the first hash value by using a certificate of the user behavior initiating terminal to obtain second signature information, and the second signature information and the first signature information are attached to the first user credit evaluation request and are sent to the first entity for verification.

14. The method of claim 13, wherein the first entity parses the first user credit assessment request to generate a credit assessment score for the first user, comprising:

the first entity receives the first user credit evaluation request and analyzes the second signature information and the first signature information;

the first entity decrypts the second signature information and the first signature information by respectively adopting the certificate public key of the user behavior initiating terminal and the certificate public key of the second entity, compares whether the decrypted information is the first hash value, if so, extracts the corresponding credit evaluation score and user identity information of the user behavior initiating terminal, and encrypts the credit evaluation score and the user identity information by using the certificate of the first entity to obtain encrypted information A;

the first entity signs the credit evaluation score, the encrypted information A, the first entity identity information and the first hash value by using a certificate of the first entity to obtain signature information B, encrypts the signature information B by using the certificate of the user behavior initiating terminal to obtain encrypted information B, and returns the encrypted information B to the user behavior initiating terminal.

15. The method of claim 14, further comprising:

and the user behavior initiating terminal decrypts the encrypted information B by using the certificate of the user behavior initiating terminal to obtain the signature information B, encrypts the signature information B by using the certificate of the second entity to obtain feedback information aiming at the first user credit evaluation request sent by the second entity, wherein the feedback information comprises the credit evaluation score and the access certificate, and sends the feedback information to the second entity.

16. The method of claim 9 or 10, wherein the first entity obtaining a first user credit assessment request comprises:

the first entity obtains the first user credit assessment request directly from the second entity.

17. The method of claim 16, wherein sending the first user credit assessment request after the access request or the interaction request is intercepted by the second entity comprises:

the second entity initiates the first user credit assessment request to the first entity and attaches the first signature information.

18. The method of claim 17, further comprising:

the first entity decrypts the first signature information by using the certificate of the second entity to obtain the first hash value, compares whether the access request or the interaction request uniquely identified by the first hash value with the first user credit evaluation request is a consistent access request, if so, the access request or the interaction request is a legal request, and detects that the second entity is a legal entity.

19. The method of claim 18, wherein the first entity parses the first user credit assessment request to generate a credit assessment score for the first user, comprising:

the first entity extracts the credit evaluation score and the user identity information corresponding to the user behavior initiating end, uses the credit evaluation score and the access certificate as feedback information aiming at the first user credit evaluation request sent by the second entity, and sends the feedback information to the second entity.