CN1988442A - Method for realizing picture verification code - Google Patents
Method for realizing picture verification code Download PDFInfo
- Publication number
- CN1988442A CN1988442A CN 200510111902 CN200510111902A CN1988442A CN 1988442 A CN1988442 A CN 1988442A CN 200510111902 CN200510111902 CN 200510111902 CN 200510111902 A CN200510111902 A CN 200510111902A CN 1988442 A CN1988442 A CN 1988442A
- Authority
- CN
- China
- Prior art keywords
- picture
- user
- pictures
- validation code
- checking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
This invention discloses a realization method for picture verification code used in preventing webs from being attacked by hostile programs, which applies a picture mode as the authentication code, the system takes out N(N>=4) pieces of incompletely repeated pictures randomly from the stored large amount of picture lists and stores the distribution of valid pixels in a 2-D matrix to form a picture as the verification one displayed in a dialog frame, selects M pieces of pictures randomly from the N stored pictures as the pictures in the verification ones selected by a user, in which, 1<=M<=N/2, and if a user selects a picture verification code from the N pictures displayed in the web, then the verification is passed, if the click is wrong, then the dialog window will show the information prompt of wrong input verification code.
Description
Technical field
The present invention relates to a kind of picture validation code implementation method of preventing that the page from being attacked by rogue program of in network, being used to.
Technical background
At present, the forms that adopt numeral or numeral to add picture background are registered the input validation sign indicating number as the user more in web browser interface, the fail safe of log-on message and information in the assurance webpage.After inputing user name and static password, can increase an authentication code at random, this password most cases is to adopt numeral, letter or number and alphabetical authentication code mode such as combine.The user discerns wherein verification code information by naked eyes, and the input list is submitted the website checking to, could correct login use after being proved to be successful.What current use was popular is the picture (promptly increasing certain interference pixel) that generates 4 random digits and mixed and disorderly background, and numeral and background color be change at random when input request each time.
Existing digital authenticating sign indicating number form is more single, can not adapt to networks development fully, particularly guarantees to prevent the needs of webpage falsification and malicious registration in the network.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of picture validation code implementation method, and it can prevent that the page from being attacked by rogue program and carry out malicious registration, strengthens the difficulty of password cracking, strengthens the reliability of safety certification.
For solving the problems of the technologies described above, picture validation code implementation method of the present invention, when the user asks each time, system takes out N (N 〉=4) at random and opens the picture that not exclusively repeats from a large amount of picture tabulations that existed, the sequence number of N pictures and title are put into user conversation, and the distribution of picture valid pixel is kept in the two-dimensional matrix, be combined into a pictures and be presented in the dialog box, so that user rs authentication is used as the checking picture; Open the picture that picked at random M pictures the picture that has existed is selected as user in the checking picture from N, wherein, 1≤M≤N/2, and the title of this picture and sequence number be kept in the user conversation; The user is using the picture of once selecting to carry out in the proof procedure as picture validation code, if the N pictures that shows from the page is chosen picture validation code, then checking is passed through, if click mistake, then the information indicating of input validation sign indicating number mistake appears in dialog box.
Owing to adopt method of the present invention, adopt the form of picture form as the authentication code input, by a large amount of pictures, similar color, the difficulty that position at random and picture are strengthened being cracked.So both overcome the more single deficiency of digital authenticating sign indicating number form, helped again guaranteeing to prevent that webpage was by the rogue program attack etc.
Adopt 0~9 these 10 identifying codes that numeral is combined into, the common script in the webpage design can be read the numeral of character string forms.The form of the picture validation code that the present invention proposes, its fail safe is very high, if malicious attacker is want to crack according to the pattern of former digital verification, must solve and " how extract checking " this problem in the picture.The present invention effectively utilized complexity and anti-big this characteristics of difficulty that crack in the picture checking, guaranteed the fail safe in the malicious attack such as network registry for example.
Embodiment
Picture validation code implementation method of the present invention is that a kind of use N (N 〉=4) opens the cipher authentication method that random pictures authenticates.
At first, in the system diagram valut, place a large amount of pictures, when the user clicks the window of input validation sign indicating number, by system in the scope of pixel (for example, the 96*96 pixel) seeks N different position at random for every pictures, as the display position of N pictures, and the coordinate of this N position is kept in the user conversation.Sequence number and position according to picture generates a pictures to the N pictures then.By a web page this picture is shown in user's the browser.The picture name that will select the user simultaneously also is shown in the user browser.
When the user asks each time, open from N and to get the picture (being picture validation code) that the M pictures is selected as user in the checking picture the picture that has existed at random, and the title of this picture validation code and sequence number are kept in the user conversation.Wherein, 1≤M≤N/2.
The picture validation code that generates is as the submit button of Form in the page (list), and the user is according to the corresponding picture on the prompting click identifying code picture of the page.The page is submitted to server then, obtains the coordinate that the user clicks picture at server end.According to the position of described generation picture, the position that the user that obtains from client is clicked is converted into the coordinate-system of each picture, and traversal is kept at the two-dimensional matrix of each picture in the user conversation then.If this coordinate drops in the scope that system formulates the picture valid pixel that will select, and does not have picture overlapping on this coordinate, just think that the user selects correctly; If have picture overlapping on this coordinate, then be presented at outermost layer, just the picture of picture sequence numbers maximum is the picture that system's designated user will be selected, and thinks that also it is correct that the user selects; Otherwise think that it is wrong that the user selects.After checking is finished, the session information of this time of user is removed.
The checking picture that generates is PNG (Portable Network Graphics picture format) the vector transparent picture that has Alpha passage (the digital picture transparency is set).Reveal the exact details and can not stay black surround when handling carrying out picture, picture size is the 48*48 pixel.
Picture as identifying code adopts color approaching, or even identical a large amount of picture, effectively the limiting program cracker decodes authentication procedure by color, the placement of N width of cloth picture is overlapping simultaneously, overlapping degree is at random, make the cracker can't obtain a complete picture profile, strengthened the anti-difficulty that cracks.
Picture validation code of the present invention compares with the numeral and the validation symbol sign indicating number of use at present, and its input mode adopts directly to click and selects, and does not need input characters or symbolic information, and is simple and direct, practical, and it is strong to prevent cracking function, is applicable to the various environment that need authentication code.
Claims (6)
1, a kind of picture validation code implementation method is characterized in that: when the user asked each time, system took out the picture that N opens incomplete repetition at random from a large amount of picture tabulations that existed, wherein, and N 〉=4; The sequence number of N pictures and title are put into user conversation, and the distribution of picture valid pixel is kept in the two-dimensional matrix, be combined into a pictures and be presented in the dialog box, so that user rs authentication is used as the checking picture; Open the picture that picked at random M pictures the picture that has existed is selected as user in the checking picture from N, wherein, 1≤M≤N/2, and the title of this picture and sequence number be kept in the user conversation; The user is using the picture of once selecting to carry out in the proof procedure as picture validation code, if the N pictures that shows from the page is chosen picture validation code, then checking is passed through, if click mistake, then the information indicating of input validation sign indicating number mistake appears in dialog box.
2, picture validation code implementation method according to claim 1, it is characterized in that: the method that the described N pictures that will take out at random is combined into a pictures is, at first, in the system diagram valut, place a large amount of pictures, when the user clicks the window of input validation sign indicating number, in pixel coverage, seek N different position at random by system,, and the coordinate of this N position is kept in the user conversation as the display position of N pictures for every pictures; Then, according to the sequence number and the position of picture the N pictures is synthesized a pictures.
3, picture validation code implementation method according to claim 1 and 2, it is characterized in that: a described pictures that generates by the N pictures, this picture is shown in user's the browser by a web page, the picture name that will select the user simultaneously also is shown in the user browser.
4, picture validation code implementation method according to claim 1 and 2, it is characterized in that: the process of using picture validation code to verify is: the picture validation code of generation is as the submit button of Form in the page, and the user is according to the corresponding picture on the prompting click identifying code picture of the page; The page is submitted to server then, obtains the coordinate that the user clicks picture at server end; According to the position that generates picture, the position that the user who obtains from client is clicked is converted into the coordinate-system of each picture, travels through the two-dimensional matrix that is kept at each picture in the user conversation then; If this coordinate drops in the scope that system formulates the picture valid pixel that will select, and does not have picture overlapping on this coordinate, just think that the user selects correctly; If have picture overlapping on this coordinate, then be presented at outermost layer, just the picture of picture sequence numbers maximum is the picture that system's designated user will be selected, and thinks that also it is correct that the user selects; Otherwise think that it is wrong that the user selects; After checking is finished, the session information of this time of user is removed.
5, picture validation code implementation method according to claim 1 and 2 is characterized in that: the checking picture of generation is the PNG vector transparent picture that has the Alpha passage.
6, picture validation code implementation method according to claim 1 and 2 is characterized in that: the checking picture of generation adopts the approaching or identical a large amount of picture of color, and the placement of N width of cloth picture is overlapping simultaneously, and overlapping degree is at random.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200510111902A CN100576794C (en) | 2005-12-23 | 2005-12-23 | The implementation method of picture validation code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200510111902A CN100576794C (en) | 2005-12-23 | 2005-12-23 | The implementation method of picture validation code |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1988442A true CN1988442A (en) | 2007-06-27 |
| CN100576794C CN100576794C (en) | 2009-12-30 |
Family
ID=38185086
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200510111902A Expired - Fee Related CN100576794C (en) | 2005-12-23 | 2005-12-23 | The implementation method of picture validation code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100576794C (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101178813B (en) * | 2007-12-19 | 2010-04-14 | 腾讯科技(深圳)有限公司 | Method and apparatus for generating photograph identifying code |
| CN101183463B (en) * | 2007-12-19 | 2010-06-09 | 腾讯科技(深圳)有限公司 | Picture validation code generating method and device |
| CN101197678B (en) * | 2007-12-27 | 2011-04-06 | 腾讯科技(深圳)有限公司 | Picture identifying code generation method and generation device |
| CN102075507A (en) * | 2010-07-30 | 2011-05-25 | 百度在线网络技术(北京)有限公司 | User verification method and equipment based on word-sentence verification diagram |
| CN102624705A (en) * | 2012-02-21 | 2012-08-01 | 西南石油大学 | Intelligent image verification method and intelligent image verification system |
| CN103106361A (en) * | 2011-11-15 | 2013-05-15 | 北京新媒传信科技有限公司 | Method and device for strengthening picture verification code security |
| CN103957608A (en) * | 2014-05-12 | 2014-07-30 | 罗建平 | Multi-screen interactive device matching and connecting method |
| CN104378329A (en) * | 2013-08-13 | 2015-02-25 | 深圳市腾讯计算机系统有限公司 | Safety verification method, device and system |
| CN104618350A (en) * | 2015-01-15 | 2015-05-13 | 湘潭大学 | Generation method of image checking code |
| CN104657653A (en) * | 2013-11-19 | 2015-05-27 | 博雅网络游戏开发(深圳)有限公司 | Image verification code verification method and device |
| CN106156595A (en) * | 2015-04-02 | 2016-11-23 | 深圳市腾讯计算机系统有限公司 | A kind of method, Apparatus and system being carried out by identifying code picture verifying |
| CN107453876A (en) * | 2017-08-02 | 2017-12-08 | 微梦创科网络科技(中国)有限公司 | A kind of identifying code implementation method and device based on picture |
| CN108390862A (en) * | 2018-01-29 | 2018-08-10 | 丹露成都网络技术有限公司 | A kind of graphic verification method based on image data encrypted indexes |
| CN109076072A (en) * | 2016-04-14 | 2018-12-21 | 微软技术许可有限责任公司 | Web service picture password |
| CN110084029A (en) * | 2012-06-25 | 2019-08-02 | 英特尔公司 | The user of system is verified via authentication image mechanism |
-
2005
- 2005-12-23 CN CN200510111902A patent/CN100576794C/en not_active Expired - Fee Related
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101183463B (en) * | 2007-12-19 | 2010-06-09 | 腾讯科技(深圳)有限公司 | Picture validation code generating method and device |
| CN101178813B (en) * | 2007-12-19 | 2010-04-14 | 腾讯科技(深圳)有限公司 | Method and apparatus for generating photograph identifying code |
| CN101197678B (en) * | 2007-12-27 | 2011-04-06 | 腾讯科技(深圳)有限公司 | Picture identifying code generation method and generation device |
| CN102075507A (en) * | 2010-07-30 | 2011-05-25 | 百度在线网络技术(北京)有限公司 | User verification method and equipment based on word-sentence verification diagram |
| CN103106361A (en) * | 2011-11-15 | 2013-05-15 | 北京新媒传信科技有限公司 | Method and device for strengthening picture verification code security |
| CN102624705B (en) * | 2012-02-21 | 2015-09-30 | 西南石油大学 | A kind of intelligent image verification method and system |
| CN102624705A (en) * | 2012-02-21 | 2012-08-01 | 西南石油大学 | Intelligent image verification method and intelligent image verification system |
| CN110084029B (en) * | 2012-06-25 | 2023-06-30 | 太浩研究有限公司 | Authenticating a user of a system via an authentication image mechanism |
| CN110084029A (en) * | 2012-06-25 | 2019-08-02 | 英特尔公司 | The user of system is verified via authentication image mechanism |
| CN104378329B (en) * | 2013-08-13 | 2018-08-07 | 深圳市腾讯计算机系统有限公司 | The method, apparatus and system of safety verification |
| CN104378329A (en) * | 2013-08-13 | 2015-02-25 | 深圳市腾讯计算机系统有限公司 | Safety verification method, device and system |
| CN104657653A (en) * | 2013-11-19 | 2015-05-27 | 博雅网络游戏开发(深圳)有限公司 | Image verification code verification method and device |
| CN104657653B (en) * | 2013-11-19 | 2017-12-22 | 博雅网络游戏开发(深圳)有限公司 | The verification method and checking device of image authentication code |
| CN103957608B (en) * | 2014-05-12 | 2018-10-19 | 罗建平 | A kind of multi-screen interactive equipment pairing connection method |
| CN103957608A (en) * | 2014-05-12 | 2014-07-30 | 罗建平 | Multi-screen interactive device matching and connecting method |
| CN104618350B (en) * | 2015-01-15 | 2018-03-16 | 湘潭大学 | A kind of generation method of picture validation code |
| CN104618350A (en) * | 2015-01-15 | 2015-05-13 | 湘潭大学 | Generation method of image checking code |
| CN106156595A (en) * | 2015-04-02 | 2016-11-23 | 深圳市腾讯计算机系统有限公司 | A kind of method, Apparatus and system being carried out by identifying code picture verifying |
| CN106156595B (en) * | 2015-04-02 | 2020-04-07 | 深圳市腾讯计算机系统有限公司 | Method, device and system for verifying through verification code picture |
| CN109076072A (en) * | 2016-04-14 | 2018-12-21 | 微软技术许可有限责任公司 | Web service picture password |
| CN109076072B (en) * | 2016-04-14 | 2021-08-20 | 微软技术许可有限责任公司 | Web service picture password |
| CN107453876A (en) * | 2017-08-02 | 2017-12-08 | 微梦创科网络科技(中国)有限公司 | A kind of identifying code implementation method and device based on picture |
| CN108390862A (en) * | 2018-01-29 | 2018-08-10 | 丹露成都网络技术有限公司 | A kind of graphic verification method based on image data encrypted indexes |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100576794C (en) | 2009-12-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100576794C (en) | The implementation method of picture validation code | |
| CN1980126A (en) | Method for realizing picture identifying code | |
| US8453221B2 (en) | Method for improving security in login and single sign-on procedures | |
| CN101601222B (en) | Online data encryption and decryption | |
| CN104065621B (en) | A kind of auth method of third party's service, client and system | |
| EP1803251B1 (en) | Method and apparatus for providing mutual authentication between a sending unit and a recipient | |
| CN106100848B (en) | Double factor identity authorization system and method based on smart phone and user password | |
| JP5723981B2 (en) | Method, apparatus and computer program for providing challenge response tests related to computer resources | |
| US20080201578A1 (en) | Computer security using visual authentication | |
| US20090067627A1 (en) | Method and System for Transmitting Data From a First Data Processing Device to a Second Data Processing Device | |
| US20050144450A1 (en) | Method and apparatus for providing mutual authentication between a sending unit and a recipient | |
| Krombholz et al. | QR Code Security--How Secure and Usable Apps Can Protect Users Against Malicious QR Codes | |
| CN105471808A (en) | Identifying code generating method, safety identification method, safety identification device and safety identification system | |
| CN102105920A (en) | Method and system for securing communication sessions | |
| CN107835160A (en) | Third party's user authen method based on Quick Response Code | |
| CN102594811A (en) | Video identifying code cloud technology | |
| Khedr | Improved keylogging and shoulder-surfing resistant visual two-factor authentication protocol | |
| US20130042318A1 (en) | Authentication System and Method Using Arrays | |
| Grimes | The many ways to hack 2FA | |
| CN102164137A (en) | Strong authentication method based on dynamic mapping password | |
| CN111143812A (en) | Login authentication method based on graph | |
| CN106997432A (en) | Picture password authentication method and picture password authentication device | |
| Xie et al. | CamAuth: securing web authentication with camera | |
| Xu et al. | SDD: A trusted display of FIDO2 transaction confirmation without trusted execution environment | |
| WO2011098242A2 (en) | System security process method and properties of human authorization mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091230 Termination date: 20131223 |