Method and apparatus of identifying a website user

US 9,639,844 B2
Filed: 01/10/2014
Issued: 05/02/2017
Est. Priority Date: 01/11/2013
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

storing, by an apparatus, in a database, an account and a corresponding user identity for each website user logging into a website;

obtaining, by the apparatus, from the database, a list of accounts of the website, each account being associated with a user identity, and a list of user identities associated with the accounts of the website;

building, by the apparatus, a connected graph by taking the accounts and the user identities as nodes and connecting account nodes and user identity nodes having association relationship therewith;

finding, by the apparatus, a connected component from the connected graph, accounts corresponding to all account nodes in the connected component forming an account group that is bound to a same website user;

computing, by a processor of the apparatus, an account density and a fraud account closing rate of the account group;

determining, by the apparatus, whether the account density and the fraud account closing rate are within respective predetermined normal value ranges;

based at least in part on the determined account density and fraud account closing rate, the apparatusdetermining that the account group is a dangerous account group, and determining a website user bound to the dangerous account group is a dangerous website user if the account group is the dangerous account group, ordetermining that the account group is a normal account group, and determining a website user bound to the normal account group is a normal website user if the account group is the normal account group; and

closing, caused by the apparatus, the accounts in the dangerous account group based on determining that the account group is a dangerous account group.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and an apparatus of identifying a website user are disclosed herein. The method includes: obtaining accounts and user identities from a database; building a connected graph by taking the accounts and the user identities as nodes and connecting account nodes and user identity nodes having association relationship therewith; finding a connected component from the connected graph, accounts corresponding to all account nodes in the connected component forming an account group that is bound to a same website user; computing an account density and a fraud account closing rate of the account group; determining whether the account density and the fraud account closing rate are within respective predetermined normal value ranges; and if affirmative, determining that the account group is a dangerous account group and a website user bound to the dangerous account group is a dangerous website user; otherwise, determining that the account group is a normal account group and a website user bound to the normal account group is a normal website user.

27 Citations

20 Claims

1. A method comprising:
- storing, by an apparatus, in a database, an account and a corresponding user identity for each website user logging into a website;
  
  obtaining, by the apparatus, from the database, a list of accounts of the website, each account being associated with a user identity, and a list of user identities associated with the accounts of the website;
  
  building, by the apparatus, a connected graph by taking the accounts and the user identities as nodes and connecting account nodes and user identity nodes having association relationship therewith;
  
  finding, by the apparatus, a connected component from the connected graph, accounts corresponding to all account nodes in the connected component forming an account group that is bound to a same website user;
  
  computing, by a processor of the apparatus, an account density and a fraud account closing rate of the account group;
  
  determining, by the apparatus, whether the account density and the fraud account closing rate are within respective predetermined normal value ranges;
  
  based at least in part on the determined account density and fraud account closing rate, the apparatusdetermining that the account group is a dangerous account group, and determining a website user bound to the dangerous account group is a dangerous website user if the account group is the dangerous account group, ordetermining that the account group is a normal account group, and determining a website user bound to the normal account group is a normal website user if the account group is the normal account group; and
  
  closing, caused by the apparatus, the accounts in the dangerous account group based on determining that the account group is a dangerous account group.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as recited in claim 1, wherein finding the connected component in the connected graph comprises:
    - comparing, by the apparatus, a current label value of each node with a current label value of other nodes having a connection relationship with the respective node in the connected graph;
      
      selecting, by the apparatus, a minimum label value as the current label value of each node;
      
      determining, by the apparatus, whether a current label value of at least one node is changed, andcontinuing to compare, by the apparatus, the current label value of each node with the current label value of the other nodes having the connection relationship with the respective node in the connected graph if the current label value of the at least one node is determined to be changed, andextracting, by the apparatus, nodes having a same label value from the connected graph as the connected component if the current label value of the at least one node is determined not to be changed.
  - 3. The method as recited in claim 1, wherein computing the account density of the account group comprises:
    - counting, by the apparatus, a total number of all accounts and a sum of node degrees of account nodes corresponding to all the accounts in the account group; and
      
      calculating, by the apparatus, the account density according to a formula;
  - 4. The method as recited in claim 1, wherein computing the fraud account closing rate of the account group comprises:
    - counting, by the apparatus, a total number of all accounts and a number of accounts that have been closed due to a fraud and/or a suspected fraud in the account group; and
      
      calculating, by the processor of the apparatus, a ratio between the number of accounts that have been closed due to a fraud and/or a suspected fraud and the total number of all the accounts in the account group, wherein the ratio corresponds to the fraud account closing rate of the account group.
  - 5. The method as recited in claim 1, wherein after determining that the account group is a dangerous account group and the website user bound to the dangerous account group is a dangerous website user, the method further comprises:
    - calculating, by the processor of the apparatus, an identity fraud closing rate of a user identity corresponding to a user identity node in the connected component;
      
      determining, by the apparatus, whether the identity fraud closing rate is within a predetermined normal data range; and
      
      determining, by the apparatus, that the user identity is a dangerous user identity, and determining an account associated with the user identity is a dangerous account if the account group is the dangerous account group, or determining that the user identity is a normal user identity, and determining the account associated with the user identity is a normal account if the account group is the normal account group.
  - 6. The method as recited in claim 5, wherein calculating the identity fraud closing rate of the user identity corresponding to the user identity node in the connected component comprises:
    - counting, by the apparatus, a total number of accounts in the account group that are associated with the user identity, and counting a number of accounts that are closed due to a fraud and/or a suspected fraud from among the total number of accounts associated with the user identity; and
      
      calculating, by the processor of the apparatus, a ratio between the number of accounts that are closed due to a fraud and/or a suspected fraud from among the total number of accounts associated with the user identity and the total number of accounts in the account group that are associated with the user identity, wherein the ratio is the identity fraud closing rate of the user identity.

7. A method comprising:
- storing, by an apparatus, in a database, an account and a corresponding user identity for each website user logging into a website;
  
  obtaining, by the apparatus, from the database, a list of accounts of the website, each account being associated with a user identity, and a list of user identities associated with the accounts of the website;
  
  building, by the apparatus, a connected graph by taking the accounts and the user identities as nodes and connecting account nodes and user identity nodes having association relationship therewith;
  
  finding, by the apparatus, a connected component from the connected graph, accounts corresponding to all account nodes in the connected component forming an account group that is bound to a same website user;
  
  determining, by the apparatus, whether an account that has been closed due to one of a fraud or a suspected fraud exists in the account group, andif the account is determined to be closed due to one of a fraud or a suspected fraud, the apparatus determining that the account group is a dangerous account group and a website user bound to the dangerous account group is a dangerous website user;
  
  if the account is determined not to be closed due to one of a fraud or a suspected fraud, the apparatus determining that the account group is a normal account group and a website user bound to the normal account group is a normal website user; and
  
  wherein the apparatus is configured to close the accounts in the dangerous account group based on the apparatus determining that the account group is a dangerous account group.
- View Dependent Claims (8, 9, 10)
- - 8. The method as recited in claim 7, wherein finding the connected component in the connected graph comprises:
    - comparing, by the apparatus, a current label value of each node with a current label value of other nodes having a connection relationship with the respective node in the connected graph;
      
      selecting, by the apparatus, a minimum label value as the current label value of each node;
      
      determining, by the apparatus, whether a current label value of at least one node is changed, andcontinuing to compare, by the apparatus, the current label value of each node with the current label value of the other nodes having the connection relationship with the respective node in the connected graph if the current label value of at least one node is determined to be changed; and
      
      extracting, by the apparatus, nodes having a same label value from the connected graph as the connected component if the current label value of at least one node is determined not to be changed.
  - 9. The method as recited in claim 7, wherein after determining that the account group is a dangerous account group and the website user bound to the dangerous account group is a dangerous website user, the method further comprises:
    - calculating, by a processor of the apparatus, an identity fraud closing rate of a user identity corresponding to a user identity node in the connected component;
      
      determining, by the apparatus, whether the identity fraud closing rate is within a predetermined normal data range; and
      
      determining, by the apparatus, that the user identity is a dangerous user identity, and an account associated with the user identity is a dangerous account if the determined identity fraud closing rate is not within a predetermined normal data range, ordetermining that the user identity is a normal user identity and the account associated with the user identity is a normal account if the determined identity fraud closing rate is not within a predetermined normal data range.
  - 10. The method as recited in claim 9, wherein calculating the identity fraud closing rate of the user identity corresponding to the user identity node in the connected component comprises:
    - counting, by the apparatus, a total number of accounts in the account group that are associated with the user identity, and counting a number of accounts that are closed due to a fraud and/or a suspected fraud from among the total number of accounts associated with the user identity; and
      
      calculating, by the processor of the apparatus, a ratio between the number of accounts that are closed due to a fraud and/or a suspected fraud from among the total number of accounts associated with the user identity and the total number of accounts in the account group that are associated with the user identity, wherein the ratio is the identity fraud closing rate of the user identity.

11. A system comprising:
- an apparatus comprising;
  
  at least one processor configured to execute computer-readable instructions;
  
  a memory coupled to the at least one processor, the memory storing the computer-readable instructions in a plurality of modules including;
  
  an acquisition module used for obtaining a list of accounts of a website, each account being associated with a user identity, and a list of user identities associated with the accounts of the website, the acquisition module obtaining the list of accounts and user identities from a database storing an account and a corresponding user identity for each website user logging into the website;
  
  a creation module used for building a connected graph by taking the accounts and the user identities as nodes and connecting account nodes and user identity nodes having association relationship therewith;
  
  a search module used for finding a connected component from the connected graph, the accounts corresponding to all account nodes in the connected component forming an account group that is bound to a same website user;
  
  a first parameter computation module used for computing an account density and a fraud account closing rate of the account group;
  
  a first parameter determination module used for determining whether the account density and the fraud account closing rate are within respective predetermined normal value ranges; and
  
  a first website user identification module used fordetermining, based on the determined account density and fraud account closing rate, that the account group is a dangerous account group, and determining a website user bound to the dangerous account group is a dangerous website user if a result of the first parameter determination module determines the account density and the fraud account closing rate are not within the respective predetermined normal value ranges, anddetermining that the account group is a normal account group, and determining a website user bound to the normal account group is a normal website user if a result of the first parameter determination module determines the account density and the fraud account closing rate are within the respective predetermined normal value ranges; and
  
  wherein the system is configured to close the accounts in the dangerous account group based on the determining that the account group is a dangerous account group.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The system as recited in claim 11, wherein the search module comprises:
    - a comparison sub-module used for comparing a current label value of each node with a current label value of other nodes having a connection relationship with the respective node in the connected graph;
      
      a selection sub-module used for selecting a minimum label value as the current label value of each node;
      
      a first determination sub-module used for determining whether a current label value of at least one node is changed;
      
      a repetition sub-module used for triggering the comparison sub-module to continue comparing the current label value of each node with the current label value of the other nodes having the connection relationship with the respective node in the connected graph when a determination result of the first determination module determines the current label value of at the least one node is changed; and
      
      an extraction sub-module used for extracting nodes having a same label value from the connected graph as the connected component when the determination result of the first determination module determines the current label value of at the least one node is not changed.
  - 13. The system as recited in claim 11, wherein the first parameter computation module comprises:
    - a first counting sub-module used for counting a total number of all accounts and a sum of node degrees of account nodes corresponding to all the accounts in the account group; and
      
      a density computation sub-module used for calculating the account density according to a formula;
  - 14. The system as recited in claim 11, wherein the first parameter computation module comprises:
    - a second counting sub-module used for counting a total number of all accounts and a number of accounts that have been closed due to a fraud and/or a suspected fraud in the account group; and
      
      a fraud account closing rate computation sub-module used for calculating a ratio between the number of accounts that have been closed due to a fraud and/or a suspected fraud and the total number of all the accounts in the account group, wherein the ratio corresponds to the fraud account closing rate of the account group.
  - 15. The system as recited in claim 11, wherein after determining that the account group is a dangerous account group and the website user bound to the dangerous account group is a dangerous website user, the apparatus further comprises:
    - a second parameter computation module used for calculating an identity fraud closing rate of a user identity corresponding to a user identity node in the connected component;
      
      a second parameter determination module used for determining whether the identity fraud closing rate is within a predetermined normal data range; and
      
      a user identity identification module used for determining that the user identity is a dangerous user identity and an account associated with the user identity is a dangerous account when a determination result of the second parameter determination module is positive, or determining that the user identity is a normal user identity and an account associated with the user identity is a normal account otherwise.
  - 16. The system as recited in claim 15, wherein the second parameter computation module comprises:
    - a third counting sub-module used for counting a total number of accounts in the account group that are associated with the user identity, and counting a number of accounts that are closed due to a fraud and/or a suspected fraud from among the total number of accounts associated with the user identity; and
      
      an identity fraud closing rate computation sub-module used for calculating a ratio between the number of accounts that are closed due to a fraud and/or a suspected fraud from among the total number of accounts associated with the user identity and the total number of accounts in the account group that are associated with the user identity, where the ratio is the identity fraud closing rate of the user identity.

17. A system comprising:
- an apparatus comprising;
  
  at least one processor configured to execute computer-readable instructions;
  
  a memory coupled to the at least one processor, the memory storing the computer-readable instructions in a plurality of modules including;
  
  an acquisition module used for obtaining a list of accounts of a website, each account being associated with a user identity, and a list of user identities associated with the accounts of the website, the acquisition module obtaining the list of account and user identities from a database storing an account and a corresponding user identity for each website user logging into the website;
  
  a creation module used for building a connected graph by taking the accounts and the user identities as nodes and connecting account nodes and user identity nodes having association relationship therewith;
  
  a search module used for finding a connected component from the connected graph, accounts corresponding to all account nodes in the connected component forming an account group that is bound to a same website user;
  
  a determination module used for determining whether an account that has been closed due to one of a fraud or a suspected fraud exists in the account group; and
  
  a second website user identification module used for determining, based on the determined account closure due to fraud or suspected fraud, that the account group is a dangerous account group, and determining a website user bound to the dangerous account group is a dangerous website user if a determination result of the determination module determines the account that has been closed due to one of a fraud or a suspected fraud exists in the account group, and determining that the account group is a normal account group, and determining a website user bound to the normal account group is a normal website user if a determination result of the determination module determines the account that has not been closed due to one of a fraud or a suspected fraud exists in the account group; and
  
  wherein the system is configured to close the accounts in the dangerous account group based on the determining that the account group is a dangerous account group.
- View Dependent Claims (18, 19, 20)
- - 18. The system as recited in claim 17, wherein the search module comprises:
    - a comparison sub-module used for comparing a current label value of each node with a current label value of other nodes having a connection relationship with the respective node in the connected graph;
      
      a selection sub-module used for selecting a minimum label value as the current label value of each node;
      
      a first determination sub-module used for determining whether a current label value of at least one node is changed;
      
      a repetition sub-module used for triggering the comparison sub-module to continue comparing the current label value of each node with the current label value of the other nodes having the connection relationship with the respective node in the connected graph when a determination result of the first determination module determines the current label value of the at least one node is changed; and
      
      an extraction sub-module used for extracting nodes having a same label value from the connected graph as the connected component when the determination result of the first determination module determines the current label value of the at least one node is not changed.
  - 19. The system as recited in claim 17, wherein after determining that the account group is a dangerous account group and the website user bound to the dangerous account group is a dangerous website user, the apparatus further comprises:
    - a second parameter computation module used for calculating an identity fraud closing rate of a user identity corresponding to a user identity node in the connected component;
      
      a second parameter determination module used for determining whether the identity fraud closing rate is within a predetermined normal data range; and
      
      a user identity identification module used for determining that the user identity is a dangerous user identity and an account associated with the user identity is a dangerous account when a determination result of the second parameter determination module is positive, or determining that the user identity is a normal user identity and an account associated with the user identity is a normal account otherwise.
  - 20. The system as recited in claim 19, wherein the second parameter computation module comprises:
    - a third counting sub-module used for counting a total number of accounts in the account group that are associated with the user identity, and counting a number of accounts that are closed due to a fraud and/or a suspected fraud from among the total number of accounts associated with the user identity; and
      
      an identity fraud closing rate computation sub-module used for calculating a ratio between the number of accounts that are closed due to a fraud and/or a suspected fraud from among the total number of accounts associated with the user identity and the total number of accounts in the account group that are associated with the user identity, where the ratio is the identity fraud closing rate of the user identity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alibaba Group Holding Ltd.
Original Assignee
Alibaba Group Holding Ltd.
Inventors
Lin, Guli, Chen, Depin, Chen, Zhiqiang
Primary Examiner(s)
Hamilton, Lalita M

Application Number

US14/152,463
Publication Number

US 20140201048A1
Time in Patent Office

1,208 Days
Field of Search

705 35, 705 38, 705 39, 705 44, 705 64, 705 67
US Class Current
CPC Class Codes

G06Q 10/10 Office automation; Time man...

G06Q 30/0185 Product, service or busines...

Method and apparatus of identifying a website user

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus of identifying a website user

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links