CN102571356A - Method and device for authenticating user identity - Google Patents
Method and device for authenticating user identity Download PDFInfo
- Publication number
- CN102571356A CN102571356A CN2012100425267A CN201210042526A CN102571356A CN 102571356 A CN102571356 A CN 102571356A CN 2012100425267 A CN2012100425267 A CN 2012100425267A CN 201210042526 A CN201210042526 A CN 201210042526A CN 102571356 A CN102571356 A CN 102571356A
- Authority
- CN
- China
- Prior art keywords
- checking
- numerals
- user identity
- numeral
- random
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method and a device for authenticating a user identity. The method comprises the following steps of: 1, randomly selecting a plurality of colors and a plurality of fonts; 2, generating a plurality of numbers of different fonts and/or different colors according to a plurality of colors and a plurality of fonts; 3, randomly circling at least two authentication numbers from a plurality of numbers; 4, judging whether an authentication result input by a user is equal to the product value of the authentication numbers; 5, confirming the success of user authentication; and 6, feeding back the failure of the user authentication. The method for authenticating the user identity is easy and convenient to operate and is difficult to crack, system loading is relatively light, and data security is ensured; by the method and the device, the background judgment of a server is reduced, and the load of the server is relieved.
Description
Technical field
The present invention relates to field of network game, be specifically related to a kind of method and apparatus of identifying user identity.
Background technology
So-called identifying code is exactly numeral or the symbol that produces at random a string, generates a width of cloth picture; Add some interference pixels (preventing OCR) in the picture; By user's naked eyes identification verification code information wherein, the input list is submitted the website checking to, could use a certain function after verifying successfully.Many websites utilize robot to register automatically, login, pour water in order to prevent the user, have all adopted the identifying code technology.
Line verification sign indicating number or too simple is easy to really separate at present, or complicated in too, and system burden is big, as:
1, identifying code is in webpage and Cookies.
2, leave the checking code value among the user Cookies in., Cookies writes, so also very easily broken through owing to being that the user is readable.
3, more senior identifying code.
Have one type of identifying code more senior than above two kinds of identifying codes, it uses following algorithm:
A. server generates a hash at random.
B. use certain algorithm (irreversible, it is high to crack difficulty) that hash is transformed into the identifying code numeral, change into picture again.
C.hash is sent to client in Cookie
D. the client logins with picture input validation sign indicating number.Server inspection f (hash)=identifying code.
Characteristics: because the assailant does not understand the employed identifying code encryption algorithm of server, so can't the hash that server transfers directly be resolved.
Tackle this identifying code, we can use " expired Cookies method ", method promptly: preserve the once specific Cookies of server, its corresponding identifying code write down.When message is verified in each transmission, throw away the Cookies that server transmits by force, use this Cookies that had been used and identifying code.Like, a prepaid mobilephone card can be used repeatedly the same.
4, five-star identifying code.
It uses following method:
A. server generates a hash at random through user related information (IP, SID or the like).
B. use certain algorithm (irreversible, it is high to crack difficulty) that hash is transformed into the identifying code numeral.
C.hash no longer sends to client.It is saved to local data base (SESSIONS normally, information such as relevant User IP), and pointed by a sequence number seq.(this seq also can be session id)
D.seq is used as cookies and sends to client.
E. the client is with picture input validation sign indicating number.
F. server validation method: server do not check f (hash)==identifying code, but remove the identifying code of reading database desired.If user's input is identical with desired value, then verify successfully.Some server maybe be also can seq and session id between relation proceed checking.
In case g. the user has carried out verification operation or obtained identifying code again, but that server will replace to the hash value in the database will be new, and old value lost efficacy expired.
Summary of the invention
In order to solve above technical problem, the present invention provides a kind of method and apparatus of identifying user identity.
The invention discloses a kind of method of identifying user identity, comprising:
S1. select multiple color and multiple font at random;
S2. generate a plurality of numerals of different fonts and/or different colours according to described multiple color and multiple font;
S3. from described a plurality of numerals, iris out at least 2 checking numerals at random;
S4. whether the digital product of described checking equates the checking result of the input of judges, if, get into step S5, if not, get into step S6;
S5. confirm user's checking success;
S6. the checking of feedback user is unsuccessful.
In the method for identifying user identity of the present invention, step S3 also comprises step S31 between step S4, in described checking numeral, increases the interfering line of same color.
In the method for identifying user identity of the present invention, also comprise step S32 behind the described step S31, the described a plurality of numerals of random distortion make its each numeral that certain connecting line arranged.
In the method for identifying user identity of the present invention, described a plurality of numerals are 9 numerals.
The invention discloses a kind of device of identifying user identity, be used to realize above-mentioned method, comprising:
Color and font selected cell: select multiple color and multiple font at random;
A plurality of digital generation units: link to each other with the font selected cell with described color, be used for a plurality of numerals according to described multiple color and multiple font generation different fonts and/or different colours;
The checking numeral is irised out the unit: link to each other with described a plurality of digital generation units, be used for irising out at least 2 checking numerals at random from described a plurality of numerals;
Checking judging unit as a result: iris out the unit with described checking numeral and link to each other, the product of described checking numeral is equal to be used for the checking result of input of judges;
Checking feedback unit as a result: with described checking as a result judging unit link to each other, successfully whether the checking that is used for feedback user.
In the device of identifying user identity of the present invention, also comprise the interfering line generation unit: be connected in described checking numeral and iris out unit and checking as a result between the judging unit, be used for increasing the interfering line of same color in described checking numeral.
In the device of identifying user identity of the present invention, also comprise a plurality of digital twist cell, link to each other, be used for the described a plurality of numerals of random distortion, make its each numeral that certain connecting line arranged with described interfering line generation unit.
In the device of identifying user identity of the present invention, described a plurality of numerals are 9 numerals.
The method and apparatus of the identifying user identity of embodiment of the present invention has following beneficial technical effects:
User rs authentication is simple, and it is bigger to crack difficulty, and system burden is lighter relatively, has guaranteed safety of data; Reduce the backstage of server end and judged, alleviated server stress.
Description of drawings
Fig. 1 is the method flow diagram of a kind of identifying user identity of the present invention;
Fig. 2 is the device block diagram of a kind of identifying user identity of the present invention.
Embodiment
By specifying technology contents of the present invention, structural feature, realized purpose and effect, give explanation below in conjunction with execution mode and conjunction with figs. are detailed.
See also Fig. 1, a kind of method of identifying user identity comprises:
S1. select multiple color and multiple font at random;
S2. generate a plurality of numerals of different fonts and/or different colours according to described multiple color and multiple font;
Usually; Select for use 9 all natural numbers comparatively suitable; System generates 9 digital random sites arrangement (it is too many to guarantee can not to exceed canvas size) (being 9 palace lattice on the mobile phone) at random automatically, selects tens kinds of fonts at random, selects color to generate the numeral of 9 different fonts different colours at random; 2 numerals (shape of circle has circle and square again at random, prevents to apply mechanically template and cracks) in the circle at random again in 9 arrays again.
S 3. irises out at least 2 checking numerals at random from described a plurality of numerals;
Can come figure numeral to be verified with circle or square, 2 can meet the demands, but a plurality ofly also allow.
S31. in described checking numeral, increase the interfering line of same color;
S32. the described a plurality of numerals of random distortion make its each numeral that certain connecting line arranged;
There is connecting line can increase the difficulty of true releasing between numeral, prevents that masterplate from cracking.
S4. whether the digital product of described checking equates the checking result of the input of judges, if, get into step S5, if not, get into step S6;
The artificial computing of the checking result of user's input for example can be a plurality of digital additions or multiplied result.
Surplus mutually result exists in the database with two numerals choosing, prevents process simulation.
S5. confirm user's checking success;
S6. the checking of feedback user is unsuccessful.
In addition, the independent installation portion of identifying code program administration, convenient whole station is called and is upgraded,
Can adopt IHttpHandler interface HTTP handling procedure, if the identifying code server is shut down accidentally, switching server need not stop to suspend the program of calling at once.
See also the device of Fig. 2, a kind of identifying user identity, be used to realize above-mentioned method, comprising:
Color and font selected cell 10, a plurality of digital generation unit 20, checking numeral are irised out unit 30, interfering line generation unit 31, a plurality of digital twist cell 32, checking judging unit 40, checking as a result feedback unit 50 as a result.
Color and font selected cell 10: select multiple color and multiple font at random; A plurality of digital generation units 20: link to each other with font selected cell 10 with color, be used for a plurality of numerals according to described multiple color and multiple font generation different fonts and/or different colours; A plurality of numerals are 9 numerals.
The checking numeral is irised out unit 30: link to each other with a plurality of digital generation units 20, be used for irising out at least 2 checking numerals at random from described a plurality of numerals;
Interfering line generation unit 31: be connected in the checking numeral and iris out unit 30 and checking as a result between the judging unit 40, be used for interfering line at checking numeral increase same color.
A plurality of digital twist cell 32 link to each other with interfering line generation unit 31, are used for the described a plurality of numerals of random distortion, make its each numeral that certain connecting line arranged.
Checking judging unit 40 as a result: iris out unit 30 with the checking numeral and link to each other, the product of described checking numeral is equal to be used for the checking result of input of judges;
Checking feedback unit 50 as a result: with checking as a result judging unit 40 link to each other, successfully whether the checking that is used for feedback user.
The method and apparatus of the identifying user identity of embodiment of the present invention has following beneficial technical effects:
User rs authentication is simple, and it is bigger to crack difficulty, and system burden is lighter relatively, has guaranteed safety of data; Reduce the backstage of server end and judged, alleviated server stress.
Combine accompanying drawing that embodiments of the invention are described above; But the present invention is not limited to above-mentioned embodiment, and above-mentioned embodiment only is schematically, rather than restrictive; Those of ordinary skill in the art is under enlightenment of the present invention; Not breaking away under the scope situation that aim of the present invention and claim protect, also can make a lot of forms, these all belong within protection scope of the present invention.
Claims (8)
1. the method for an identifying user identity is characterized in that, comprising:
S1. select multiple color and multiple font at random;
S2. generate a plurality of numerals of different fonts and/or different colours according to described multiple color and multiple font;
S3. from described a plurality of numerals, iris out at least 2 checking numerals at random;
S4. whether the digital product of described checking equates the checking result of the input of judges, if, get into step S5, if not, get into step S6;
S5. confirm user's checking success;
S6. the checking of feedback user is unsuccessful.
2. the method for identifying user identity according to claim 1 is characterized in that, step S 3 also comprises step S31 between step S4, in described checking numeral, increases the interfering line of same color.
3. the method for identifying user identity according to claim 2 is characterized in that, also comprises step S32 behind the described step S31, and the described a plurality of numerals of random distortion make its each numeral that certain connecting line arranged.
4. the method for identifying user identity according to claim 1 is characterized in that, described a plurality of numerals are 9 numerals.
5. the device of an identifying user identity is used to realize the described method of claim 1, it is characterized in that, comprising:
Color and font selected cell: select multiple color and multiple font at random;
A plurality of digital generation units: link to each other with the font selected cell with described color, be used for a plurality of numerals according to described multiple color and multiple font generation different fonts and/or different colours;
The checking numeral is irised out the unit: link to each other with described a plurality of digital generation units, be used for irising out at least 2 checking numerals at random from described a plurality of numerals;
Checking judging unit as a result: iris out the unit with described checking numeral and link to each other, the product of described checking numeral is equal to be used for the checking result of input of judges;
Checking feedback unit as a result: with described checking as a result judging unit link to each other, successfully whether the checking that is used for feedback user.
6. the device of identifying user identity according to claim 5; It is characterized in that; Also comprise the interfering line generation unit: be connected in described checking numeral and iris out unit and checking as a result between the judging unit, be used for increasing the interfering line of same color in described checking numeral.
7. the device of identifying user identity according to claim 6 is characterized in that, also comprises a plurality of digital twist cell, links to each other with described interfering line generation unit, is used for the described a plurality of numerals of random distortion, makes its each numeral that certain connecting line arranged.
8. the device of identifying user identity according to claim 5 is characterized in that, described a plurality of numerals are 9 numerals.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012100425267A CN102571356A (en) | 2012-02-23 | 2012-02-23 | Method and device for authenticating user identity |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012100425267A CN102571356A (en) | 2012-02-23 | 2012-02-23 | Method and device for authenticating user identity |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102571356A true CN102571356A (en) | 2012-07-11 |
Family
ID=46415897
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2012100425267A Pending CN102571356A (en) | 2012-02-23 | 2012-02-23 | Method and device for authenticating user identity |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102571356A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973636A (en) * | 2013-01-28 | 2014-08-06 | 深圳市腾讯计算机系统有限公司 | Verification method, server and system |
CN103973636B (en) * | 2013-01-28 | 2016-11-30 | 深圳市腾讯计算机系统有限公司 | A kind of verification method, server and system |
WO2017071541A1 (en) * | 2015-10-28 | 2017-05-04 | 北京金山办公软件股份有限公司 | Numerical verification code generation method and device |
CN109450646A (en) * | 2018-12-10 | 2019-03-08 | 珠海格力电器股份有限公司 | Checking request processing method and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
CN101359987A (en) * | 2007-08-02 | 2009-02-04 | 郝远新 | Algorithm cipher |
CN101631023A (en) * | 2009-07-31 | 2010-01-20 | 北京飞天诚信科技有限公司 | Method for authenticating identity and system thereof |
CN101923702A (en) * | 2010-08-25 | 2010-12-22 | 郝红卫 | Image valid code generating method |
CN101976430A (en) * | 2010-10-29 | 2011-02-16 | 赵俊平 | Method for generating picture verification codes and system thereof |
-
2012
- 2012-02-23 CN CN2012100425267A patent/CN102571356A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101005357A (en) * | 2006-12-28 | 2007-07-25 | 北京飞天诚信科技有限公司 | Method and system for updating certification key |
CN101359987A (en) * | 2007-08-02 | 2009-02-04 | 郝远新 | Algorithm cipher |
CN101631023A (en) * | 2009-07-31 | 2010-01-20 | 北京飞天诚信科技有限公司 | Method for authenticating identity and system thereof |
CN101923702A (en) * | 2010-08-25 | 2010-12-22 | 郝红卫 | Image valid code generating method |
CN101976430A (en) * | 2010-10-29 | 2011-02-16 | 赵俊平 | Method for generating picture verification codes and system thereof |
Non-Patent Citations (1)
Title |
---|
刘明等: ""ASP.NET中动态生成验证码图片的方法研究"", 《信息技术》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973636A (en) * | 2013-01-28 | 2014-08-06 | 深圳市腾讯计算机系统有限公司 | Verification method, server and system |
CN103973636B (en) * | 2013-01-28 | 2016-11-30 | 深圳市腾讯计算机系统有限公司 | A kind of verification method, server and system |
WO2017071541A1 (en) * | 2015-10-28 | 2017-05-04 | 北京金山办公软件股份有限公司 | Numerical verification code generation method and device |
US10565366B2 (en) | 2015-10-28 | 2020-02-18 | Beijing Kingsoft Office Software, Inc. | Numerical verification code generation method and device |
CN109450646A (en) * | 2018-12-10 | 2019-03-08 | 珠海格力电器股份有限公司 | Checking request processing method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101183932B (en) | Security identification system of wireless application service and login and entry method thereof | |
CN104199654B (en) | The call method and device of open platform | |
CN102868702B (en) | System login device and system login method | |
CN104243458A (en) | Secure online game logging-in method and system | |
CN106936790A (en) | The method that client and server end carries out two-way authentication is realized based on digital certificate | |
CN102780674A (en) | Method and system for processing network service by utilizing multifactor authentication method | |
CN105991559B (en) | A kind of user security login method based on image encryption technology | |
CN103327034A (en) | Safe login method, system and device | |
CN102638468A (en) | Method, sending end, receiving end and system for protecting information transmission safety | |
CN106453422A (en) | Dynamic authentication method and system based on mobile terminal | |
CN104378368B (en) | A kind of barcode scanning login method and system | |
CN104346564A (en) | Web-based safe user interaction method | |
CN103905194A (en) | Identity traceability authentication method and system | |
CN102594811A (en) | Video identifying code cloud technology | |
CN105072132A (en) | Validation method, validation system and communication device | |
CN102315934A (en) | System and method for generating and transmitting picture identifying code under limited resource | |
CN108243001A (en) | A kind of data encryption communication means | |
CN102571356A (en) | Method and device for authenticating user identity | |
CN114036495A (en) | Method and device for updating privatized deployment verification code system | |
CN104883341A (en) | Application management device, terminal and application management method | |
CN101594354A (en) | Improve the method and system of account transfer safety | |
CN102238171B (en) | Intelligent key device, and system and method for improving security of online transaction and authentication | |
CN102571341B (en) | A kind of Verification System based on dynamic image and authentication method | |
CN105142141A (en) | Terminal equipment, authentication server, system and method for mobile office identity verification | |
CN104539577A (en) | Information push system and information push method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120711 |