CN103812822A - Method and system for safety certificate - Google Patents

Method and system for safety certificate Download PDF

Info

Publication number
CN103812822A
CN103812822A CN201210440068.2A CN201210440068A CN103812822A CN 103812822 A CN103812822 A CN 103812822A CN 201210440068 A CN201210440068 A CN 201210440068A CN 103812822 A CN103812822 A CN 103812822A
Authority
CN
China
Prior art keywords
interface
matched data
user side
positional information
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201210440068.2A
Other languages
Chinese (zh)
Other versions
CN103812822B (en
Inventor
石为天
章建军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201210440068.2A priority Critical patent/CN103812822B/en
Publication of CN103812822A publication Critical patent/CN103812822A/en
Application granted granted Critical
Publication of CN103812822B publication Critical patent/CN103812822B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The application provides a method and a system for safety certificate and relates to the field of safety technologies. The method comprises a step of receiving a verification acquisition request triggered by a user; a step of generating elements to be selected and positional information of each element to be selected in a display interface according to the verification acquisition request, generating verification tasks corresponding to the elements to be selected and the positional information of each element to be selected in the display interface, and generating first matching data corresponding to the verification tasks; a step of sending the verification tasks to a mobile terminal corresponding to the verification acquisition request; a step of sending the elements to be selected and the positional information of each element to be selected in the display interface to a user terminal; a step of sending second matching data sent by the user terminal; and a step of comparing the second matching data with the first matching data and carrying out identifier recognition according to a comparison result. The application can completely improve safety during the user identifier recognition process and protect safety of user information.

Description

A kind of safety certifying method and system
Technical field
The application relates to safe practice field, particularly relates to a kind of safety certifying method and system.
Background technology
Along with the development of network, the network user's information security also becomes the focus of people's growing interest.For the safety of protecting network user account information, prior art has been taked various safety measures.Wherein, there is so a kind of safety measure: user A is registered as user at website W, and entry password is set, and leave the phone number of oneself.In the time that user A needs Website login, website, in order to know whether user is real user, can, except verified users name and password, can issue the check code of 6 bit digital to user mobile phone.User inputs the check code of receiving and submits on website, after website verification is passed through, thinks that user is the real user of holding this mobile phone.
But this kind of check code input and the process of submitting to, be easy to be attacked by fishing website, such as, for the website W that offers a text inputting interface input validation code of user at its webpage, in the time that user accesses network address W, fishing website by the modes such as wooden horse by its access jump to oneself simulation W interface webpage, if user A is when fishing website operation (such as enter the internet pays), fishing website analog subscriber thinks that website W initiates request, website W issues check code to the mobile phone of user A, user inputs check code at the text inputting interface of fishing website, fishing website can obtain the operating right of user A account so, check code can be inputted to website W operates the account of user A.And check code is very easy to be obtained by fishing website in this process, cause user profile to occur unsafe problem
Summary of the invention
The application's technical problem to be solved is to provide a kind of safety certifying method and system, to solve in prior art, when user carries out proof of identity, because targeted website input pattern is simple, easily obtained check information by fishing website, easily cause user profile to occur unsafe problem.
In order to address the above problem, the application discloses a kind of safety certifying method, comprising:
Receive the verification being triggered by user side and obtain request;
Obtain request according to described verification, generate element to be selected and each element to be selected in the positional information of showing place in interface, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and first matched data corresponding with verification task;
Described verification task is sent to mobile terminal corresponding to the described verification request of obtaining;
Element described to be selected and each element to be selected are sent to user side in the positional information of showing place in interface;
Receive the second matched data that user side sends; Described the second matched data operates acquisition according to user to the element of showing interface by user side; Described displaying interface is generated in the positional information of showing place in interface by element to be selected described in user side basis and each element to be selected;
Described the second matched data and described the first matched data are compared, carry out authentication according to comparative result.
Preferably, described generation verification task comprises:
Notify user by described displaying interface, the position of at least one element of appointment and another object element moving to; Element to be selected described in the element of described appointment belongs to;
Further, the first matched data corresponding to described generation verification task comprises:
Record the shift action information of described designed element as the first matched data.
Preferably, described the second matched data is operated to obtain to the element at described displaying interface according to user by user side and comprises:
User side receives user to showing the move operation of interface element since the element of a position;
According to mobile starting position and end position, record the shift action information of described element as the second matched data.
Preferably, described element is non-ly can descriptively show card element; Described non-can descriptively show that card element comprises can not be by the directly element of input of the character on keyboard.
Preferably, described displaying interface is generated and comprises in the positional information of showing place in interface by element to be selected described in user side basis and each element to be selected:
When browser corresponding to user side receive that server sends described in wait selecting element and each wait selecting element in the time showing the positional information at place in interface, activate the independent process with respect to browser process;
Generate and show interface in the positional information of showing place in interface by element to be selected described in described independent process basis and each element to be selected.
Preferably, user, described displaying interface is operated to obtain after the second matched data and comprises:
User side sends described the second matched data to server by described independent process.
Preferably, described element described to be selected and each element to be selected are comprised showing in interface that the positional information at place is sent to user side:
By described wait selecting element and each wait selecting element showing that the positional information at place is sent to user side after encrypting in interface;
Further, described displaying interface is generated and comprises in the positional information of showing place in interface by element to be selected described in user side basis and each element to be selected:
The positional information at element to be selected and each element to be selected place in displaying interface described in described user side deciphering obtains, and generate displaying interface.
Preferably, describedly carry out authentication according to comparative result and comprise:
When described the second matched data and described the first matched data match, authentication success;
When described the second matched data and described the first matched data do not match, authentification failure, reenter according to described verification and obtain request, generate element to be selected and each element to be selected in the positional information of showing place in interface, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and the step of first matched data corresponding with verification task.
Preferably, after described the second matched data and described the first matched data do not match, also comprise:
For user ID corresponding to the described verification request of obtaining, the number of times that statistics does not match;
In the time that the number of times not matching meets threshold condition, lock user ID.
Accordingly, the application also provides a kind of security certification system, comprising:
Server and user side;
Described server comprises:
Check request receiver module, obtains request for receiving the verification being triggered by user side;
Checking data generation module, for obtaining request according to described verification, generate element to be selected and each element to be selected in the positional information of showing place in interface, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and first matched data corresponding with verification task;
The first sending module, for being sent to described verification task mobile terminal corresponding to the described verification request of obtaining;
The second sending module, for by element described to be selected and each element to be selected in the positional information of showing place, interface, be sent to user side;
The second matched data receiver module, the second matched data sending for receiving user side;
Coupling authentication module, for described the second matched data and described the first matched data are compared, carries out authentication according to comparative result;
Described user side comprises:
Show interface generation module, generate and show interface in the positional information of showing place, interface for element to be selected described in basis and each element to be selected;
The second matched data generation module, for operating and obtain the second matched data the element at described displaying interface according to user;
The second matched data sending module, for being sent to server by the second matched data.
Compared with prior art, the application comprises following advantage:
1, the application is except being issued to by verification task the mobile terminal that user side is corresponding, also the to be selected element corresponding with verification task and each element to be selected are directly sent to user side in the positional information of showing place in interface according to the IP address information of user side, then generate and show that interface generates displaying interface in the positional information of showing place in interface by element to be selected described in user side basis and each element to be selected.For fishing website, when the webpage of its emulating server, need to obtain server and be dynamically issued to the information of user side, and in aforementioned this process, server sends information according to the IP address information of user side, user just can generate corresponding displaying interface after the information that receives server transmission, this is for fishing website, and its technical difficulty of obtaining increases greatly, thereby has reduced the risk that user profile is revealed.
2, server be sent to the element to be selected of user side and each element to be selected in the positional information of showing place in interface according to the dynamic change of verification task, therefore, in the time that client is shown it, it shows that content is also dynamic change.And this is on 1 basis, further improves the technical difficulty of fishing website simulation, thereby further reduced the risk that user profile is revealed.
3, server is handed down to the verification task of the mobile terminal that user side is corresponding, with the matched data of mating in server, can there is in form difference in both, in the time of checking, need user to carry out operational processes according to verification task at user side, and this operational processes has also improved the technical difficulty of fishing website simulation greatly, also reduce the risk that user profile is revealed.
In a word, the application has avoided simple check code checking flow process in prior art and the low problem of user's authentication security that causes, can improve on the whole the fail safe in authenticating user identification process, the safety of protection user profile.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of a kind of safety certifying method embodiment mono-of the application;
Fig. 2 is the schematic flow sheet of a kind of safety certifying method embodiment bis-of the application;
Fig. 3 is the displaying interface schematic diagram of the application as an example of nine grids example;
Fig. 4 is the each positional information schematic diagrames of the nine grids of the application as an example of nine grids example;
Fig. 5 is the structural representation of a kind of security certification system embodiment of the application.
Embodiment
For the above-mentioned purpose, the feature and advantage that make the application can become apparent more, below in conjunction with the drawings and specific embodiments, the application is described in further detail.
One of core concept of the application is, verification input page (such as the payment verification page of paying website) for targeted website in prior art is processed simple to check code, cause easily being attacked by fishing website and making user profile have the situation of serious potential safety hazard, the application is by utilizing binary channels form, request is obtained in the verification that server triggers according to user side, generate element to be selected and each element to be selected in the positional information of showing place in interface, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and first matched data corresponding with verification task, then verification task is sent to the mobile terminal that user side is corresponding, element described to be selected and each element to be selected are sent to user side in the positional information of showing place in interface, operated in user side is being shown interface according to the verification task of mobile terminal by user, then by operating result return service device, so, avoid in prior art, user side simple input validation code in the text input frame of the webpage of corresponding server, and do not verify whether what send request is the situation of user side, thereby cause user profile easily by phishing attack so that the unsafe problem of user profile.
With reference to Fig. 1, it shows the schematic flow sheet of a kind of safety certifying method embodiment mono-of the application, specifically can comprise:
Step 110, receives the verification being triggered by user side and obtains request;
In practice, when user operates in browser corresponding to user side, such as carrying out shopping at network, while then using the bill payment such as Web bank, it can trigger verification and obtain request, and server needs user to authenticate and could agree to that user uses its account to pay its identity.
Step 120, obtain request according to described verification, generate element to be selected and each element to be selected in the positional information of showing place in interface, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and first matched data corresponding with verification task;
And obtain the server after request for the verification that receives user side triggering, server generates verification task and corresponding the first matched data according to this verification request of obtaining, this first matched data is as the checking benchmark of server side, and server also generates the positional information at the to be selected element corresponding with verification task and each element to be selected place in displaying interface.
Such as the displaying interface for nine grids, there are nine positions in it.Generate so wait select element and each wait select element in the time showing the positional information at place in interface such as, generate 8 mutually different elements, be positioned over respectively in eight positions of nine grids; And corresponding, verification task is generated as: by the element of the first row first row, move in a remaining empty position; Corresponding the first matched data can be: element and the positional information thereof of latter two position of mobile two positions.
In this step, described displaying interface at least comprises two positions, and element to be selected can be selected at random, random selection course will be there is again once in the time selecting the corresponding position of showing interface of element, there is random process twice in this process so, the complexity and the randomness that have greatly increased the information that sends to user side, its fail safe increases greatly.
Preferably, described generation verification task comprises:
Steps A 11, notifies user by described displaying interface, the position of at least one element of appointment and another object element moving to; Element to be selected described in the element of described appointment belongs to;
Such as, aforesaid nine grids are shown interface, if select at random 9 mutually different elements, such as 9 mutually different elements are designated as respectively a1, a2, a3, ... a9, then by a position in nine random corresponding nine grids of elements difference, such as nine positions are respectively w1, w2, w3......w9, if the result after the random correspondence position of element is a1-w1 so, a2-w2, a3-w3......a9-w9.
Wherein, can adopt the form of coordinates matrix to store for position, such as for 9 palace lattice, it can adopt the matrix coordinate of 3*3, (1, 1) represent upper left (w1 in Fig. 3) position, (1, 2) represent upper (w2 in Fig. 3) position, (1, 3) represent upper right (w3 in Fig. 3) position, (2, 1) left (w4 in Fig. 3) position in representative, (2, 2) (w5 in Fig. 3) position in representative, (2, 3) right (w6 in Fig. 3) position in representative, (3, 1) represent bottom left (w7 in Fig. 3) position, (3, 2) represent lower (w8 in Fig. 3) position, (3, 3) represent bottom right (w9 in Fig. 3) position.
Can from 9 elements, select at random so an element as the element being moved of specifying, such as a2, another one is object element a7, and verification task so can be: notify user that the a2 element in nine grids is moved to a7 element position.
Further, the first matched data corresponding to described generation verification task comprises:
Steps A 12, the shift action information of the element of record to described appointment is as the first matched data.
Wherein the first matched data of record can have various ways, such as the position pair of a record move, such as (w2)-> (w7) position, as the first matched data; If with the form record of aforementioned matrix, be (1,2)-> (3,1), as the first matched data.
Also can be by movement (position+element) to record together, such as can record move action (a2-w2)-> (a7-w7) as the first matched data; If recorded with aforementioned matrix coordinate form, can be (a2, (1,2))-> (a7, (3,1)) as the first matched data.
In this application, can have multiplely according to the form of verification task record the first matched data, it not limited at this.
Wherein, shift action can comprise pull, the action such as click.
Show that in this application interface also can be other forms, such as 16 palace lattice etc., it is not limited at this.
Step 130, is sent to mobile terminal corresponding to the described verification request of obtaining by described verification task;
Request is obtained in the verification triggering for user side, and it comprises user's identity information, such as phone number, verification task can be sent in the terminal at this phone number place so.Such as, the verification task that server generates abovementioned steps is sent to user mobile phone with the form of note.Such as for aforementioned verification task: notify user that the a2 element in nine grids is moved to a7 position, its form with note can be sent to its particular content in user's mobile phone.
Step 140, is sent to user side by element described to be selected and each element to be selected in the positional information of showing place in interface;
In the present embodiment, can the IP address information in inter net directly send to user side for element to be selected and each element to be selected of aforementioned generation according to user side in the positional information of showing place in interface.
In addition, in this step, further can comprise:
Step S141, by described wait selecting element and each wait selecting element showing that the positional information at place is sent to user side after encrypting in interface.
Such as to need to send to comprising of user side element to be selected and each element to be selected adopt cryptographic algorithm to be encrypted it in the positional information information of showing place in interface, and then send to user side.
Step 150, receives the second matched data that user side sends; Described the second matched data operates acquisition according to user to the element of showing interface by user side; Described displaying interface is generated in the positional information of showing place in interface by element to be selected described in user side basis and each element to be selected;
In the present embodiment, user side first can preset display module, for receive that server sends wait selecting element and each wait selecting element showing after the positional information at place, interface, generate and show interface in the positional information of showing place in interface according to element described to be selected and each element to be selected.Such as aforementioned nine grids example, the element of user side and the information of correspondence position thereof are a1-w1, a2-w2, and a3-w3......a9-w9, the display module of user side is according to the displaying interface of the corresponding nine grids of Information generation so.
With matrix coordinate, the positional information of nine grids is designated to example, element and positional information thereof that user side sends according to server: (a1, (1, 1)), (a2, (1, 2)), (a3, (1, 3)), (a4, (2, 1)), (a5, (2, 2)), (a6, (2, 3)), (a7, (3, 1)), (a8, (3, 2)), (a9, (3, 3)), extract the content of first position in each outer bracket as element, matrix coordinate in the round bracket of second position is position, generate whole nine grids and show interface.
In the present embodiment, the element of showing each position in interface is element movably, and each element place UI (User Interface) window can be moved.
After showing that interface generates, user can operate in displaying interface, waits operation such as moving, and then can obtain the operating data of user to element, can generate the second matched data.Optionally, described the second matched data is operated to obtain to the element at described displaying interface according to user by user side and comprises:
Step B11, user side receives user to showing the move operation of interface element since the element of a position;
Step B12, according to mobile starting position and end position, records the shift action information of described element as the second matched data.
Such as aforementioned to a1-w1, a2-w2, the nine grids that a3-w3......a9-w9 generates are shown interface, and user can be to showing the a1 in interface, a2 so, each element in a3......a9 moves, such as user can move to a2 element a7 element position, so according to mobile starting position w2, and end position w7, record move action w2-> w7 generates the second matched data, the position pair that record is moved.This kind records the position of a corresponding server record move to the situation as the first matched data.
Also can be according to mobile starting position and element (a2-w2) and end position and element (a7-w7), can generate the second matched data by record move action (a2-w2)-> (a7-w7), position and element thereof that record is moved.This kind record corresponding server together record move (position+element) to the situation as the first matched data.
In practice, the verification task that user can be sent to its mobile terminal according to server is carried out shift action, such as aforementioned server sends to customer mobile terminal " the a2 element in nine grids is moved to a7 element position ", if user can move to a2 a7 position, so in the situation that a record position is right: the shift action of user side record, corresponding generation the second matched data (w2-> w7); So in the situation that (position+element) is right: the shift action of user side record, corresponding generation the second matched data is (a2-w2)-> (a7-w7).
For aforementioned form of with matrix coordinate, position being carried out mark, be (1,2)-> (3,1) for the second matched data w2-> w7; Be (a2, (1,2))-> (a7, (3,1)) for the second matched data (a2-w2)-> (a7-w7).
User side can be sent to server by described the second matched data so.
In this application, preferred, described displaying interface is generated and comprises in the positional information of showing place in interface by element to be selected described in user side basis and each element to be selected:
Step C1, when browser corresponding to user side receive that server sends described in wait selecting element and each wait selecting element in the time showing the positional information at place in interface, activate the independent process with respect to browser process;
Step C2, is generated and shows interface in the positional information of showing place in interface by element to be selected described in described independent process basis and each element to be selected.
Be user side receive that server sends wait select element and each wait select element showing interface in after the positional information at place, the program that interface is shown in the generation of ability excited users end this locality, generate and show interface in the positional information of showing place in interface according to element described to be selected and each element to be selected, and receive user's operation, obtain the second matched data.
Further, user, described displaying interface is operated to obtain after the second matched data and comprises:
Step C3, user side sends described the second matched data to server by described independent process.
User side is by independent process, connects according to the IP address of server and local ip address and server, directly the second matched data is sent to server.
By step C1, C2 and C3, when making fishing website simulation and attacking, need intercept server to be sent to the information of user side, and need the displaying interface that emulating server dynamically generates and can allow to move to wait action, its simulation and attack difficulty and greatly increase, greatly reduces the risk of user profile leakage, in addition, its timeliness also increases greatly, and the situation of carrying out the restriction of authentication life period for existing website also causes the success rate of phishing attack to reduce.
In addition, corresponding and step S141, described displaying interface is generated and comprises in the positional information of showing place in interface by element to be selected described in user side basis and each element to be selected:
Step S151, the positional information at element to be selected and each element to be selected place in displaying interface described in described user side deciphering obtains, and generate displaying interface.
The information through encrypting according to preset decipherment algorithm, server being sent is decrypted, and described in obtaining, element to be selected and each element to be selected, showing the positional information at place in interface, then generate and show interface.
Step 160, compares described the second matched data and described the first matched data, carries out authentication according to comparative result.
The second matched data that user side is sent and the first matched data of server record compare, and can carry out authentication according to comparative result.
Wherein, when described the second matched data and described the first matched data match, authentication success;
When described the second matched data and described the first matched data do not match, authentification failure, reenter according to described verification and obtain request, generate element to be selected and each element to be selected in the positional information of showing place in interface, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and the step of first matched data corresponding with verification task.
Such as being w2-> w7 for the first matched data of aforementioned server stores; If the second matched data that user side sends is w2-> w7, both match, and the authentication of user side is passed through, and can carry out subsequent operation, such as withholing, and the action such as transfer accounts.If the second matched data that user side sends is w2-> w9, both unmatch so, authenticating user identification failure, server can generate the positional information at element to be selected and each element to be selected place in displaying interface again at random, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and first matched data corresponding with verification task, and subsequent step, even authentication failed circulates and enters step 120 to step 160.
For an above-mentioned server record position, to the situation as the first matched data, in reality during with matrix marker element position, server record the first matched data is (1,2)-> (3,1); If user side is being shown interface operation, record obtain the and matched data is (1,2)-> (3,1), and send it to server, server mates, authentication is passed through; If the second matched data that user side sends is (1,2)-> (3,3), server unmatches, and authentication is not passed through.
Such as for the first matched data of aforementioned server stores being shift action (the a2-w2)-> (a7-w7) of record; If the second matched data that user side sends is that shift action is (a2-w2)-> (a7-w7), both match so, and the authentication of user side is passed through, and can carry out subsequent operation, such as withholing, the action such as transfer accounts.If shift action (a2-w2)-> (a9-w9), both unmatch so, authenticating user identification failure, server can generate the positional information at element to be selected and each element to be selected place in displaying interface again at random, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and first matched data corresponding with verification task, and subsequent step, even authentication failed circulates and enters step 120 to step 160.For in reality during with matrix form marker element position, its concrete principle and aforementioned process are similar, are not described in detail in this.
Wherein, to record the form of the second matched data consistent with the form of server record the first matched data for user side.
In addition, after described the second matched data and described the first matched data do not match, also comprise:
Step S161, for user ID corresponding to the described verification request of obtaining, the number of times that statistics does not match;
Step S162, in the time that the number of times not matching meets threshold condition, locks user ID.
Such as verification unsuccessfully exceedes 5 times, temporarily lock proper account.And can send locking information to the corresponding mobile terminal of user, guarantee user information safety.
The present embodiment is first except being issued to by verification task the mobile terminal that user side is corresponding, also the to be selected element corresponding with verification task and each element to be selected are directly sent to user side in the positional information of showing place in interface according to the IP address information of user side, then generate and show that interface generates displaying interface in the positional information of showing place in interface by element to be selected described in user side basis and each element to be selected.For fishing website, when the webpage of its emulating server, need to obtain server and be dynamically issued to the information of user side, and in aforementioned this process, server sends information according to the IP address information of user side, user just can generate corresponding displaying interface after the information that receives server transmission, this is for fishing website, and its technical difficulty of obtaining increases greatly, thereby has reduced the risk that user profile is revealed.
Secondly, server be sent to the element to be selected of user side and each element to be selected in the positional information of showing place in interface according to the dynamic change of verification task, therefore, in the time that client is shown it, it shows that content is also dynamic change.And this is on 1 basis, further improves the technical difficulty of fishing website simulation, thereby further reduced the risk that user profile is revealed.
Again, server is handed down to the verification task of the mobile terminal that user side is corresponding, with the matched data of mating in server, can there is in form difference in both, in the time of checking, need user to carry out operational processes according to verification task at user side, and this operational processes also improves the technical difficulty of fishing website simulation greatly, also reduced the risk that user profile is revealed.
With reference to Fig. 2, it shows the schematic flow sheet of a kind of safety certifying method embodiment bis-of the application, specifically can comprise:
Step 210, receives the verification being triggered by user side and obtains request;
Step 220, obtain request according to described verification, generate element to be selected and each element to be selected in the positional information of showing place in interface, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and first matched data corresponding with verification task; Described element is non-ly can descriptively show card element; Described non-can descriptively show that card element comprises can not be by the directly element of input of the character on keyboard;
Step 230, is sent to mobile terminal corresponding to the described verification request of obtaining by described verification task;
Step 240, is sent to user side by element described to be selected and each element to be selected in the positional information of showing place in interface;
Step 250, receives the second matched data that user side sends; Described the second matched data operates acquisition according to user to the element of showing interface by user side; Described displaying interface is generated in the positional information of showing place in interface by element to be selected described in user side basis and each element to be selected;
Step 260, compares described the second matched data and described the first matched data, carries out authentication according to comparative result.
In the present embodiment, can be preset one non-ly can descriptively show card element database, in step 220, can descriptively show the random element of selecting card element database from non-, to generate element to be selected and each element to be selected in the positional information of showing place in interface, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and first matched data corresponding with verification task.
In the present embodiment, non-can descriptively show card element also may be defined as user be not easy oral account character, the time that this dvielement may be described for user is long.
At the present embodiment Figure 3 shows that example, server can descriptively show that from non-demonstrate,proving element database selects 9 elements Fig. 3 at random, and confirm that at random the positional information of 9 elements in nine grids is (such as Fig. 4,9 position examples of nine grids), generate verification task for can be as: " please the φ in 9 palace lattice being dragged to β position ", and record the first matched data is (w2, φ)-> (w7, β).
Wherein the first matched data can adopt a record position equity form as described in embodiment mono-, it is not limited at this.
Above-mentioned verification task is sent to user mobile phone corresponding to the verification request of obtaining by server so; By 9 elements in figure and in 9 palace lattice the position of doing be sent to user side (such as computer), user side the above-mentioned Information generation based on receiving as the displaying interface of Fig. 3.
User need to drag to β position by φ in the displaying interface of Fig. 3 of user side, when user carries out after above-mentioned shift action, user side can respective record (w2, φ)-> (w7, β) as the second matched data, then send it to server, server compares the second matched data and the first matched data.If matched, authentication is passed through, if do not matched, and authentication failure.
The present embodiment step principle similar to embodiment described in Fig. 1 is similar, is not described in detail in this.
The present embodiment employing is non-can descriptively show card element, described non-can descriptively show that card element comprises can not be by the directly element of input of the character on keyboard, so because it cannot directly input in inputting interface, and then need employing to show the step that these elements of interface operate, thereby avoid the page structure of the simple user of reception input validation code in prior art, the fail safe that improves flow for authenticating ID.Further, for fishing website to user's swindle of conversing, while requiring user to inform check code, can descriptively to show that the time is described in card element and operating process thereof long due to non-for the present embodiment, and there is the authentication time limit in targeted website in the situation that, greatly reduce the probability that fishing website successfully obtains the verification task of user's oral account, thereby on overall probability, improved the possibility that subscriber identity information is gone fishing.
With reference to Fig. 5, it shows the structural representation of the embodiment of a kind of security certification system of the application, specifically can comprise:
Server 310 and user side 320;
Described server 310 comprises:
Check request receiver module 311, obtains request for receiving the verification being triggered by user side;
Checking data generation module 312, for obtaining request according to described verification, generate element to be selected and each element to be selected in the positional information of showing place in interface, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and first matched data corresponding with verification task;
The first sending module 313, for being sent to described verification task mobile terminal corresponding to the described verification request of obtaining;
The second sending module 314, for by element described to be selected and each element to be selected in the positional information of showing place, interface, be sent to user side;
The second matched data receiver module 315, the second matched data sending for receiving user side;
Coupling authentication module 316, for described the second matched data and described the first matched data are compared, carries out authentication according to comparative result;
Described user side 320 comprises:
Show interface generation module 321, generate and show interface in the positional information of showing place, interface for element to be selected described in basis and each element to be selected;
The second matched data generation module 322, for operating and obtain the second matched data the element at described displaying interface according to user;
The second matched data sending module 323, for being sent to server by the second matched data.
Wherein, described generation verification task and the first corresponding matched data comprise:
The first notification module, for notifying user by described displaying interface, the position of at least one element of appointment and another object element moving to; Element to be selected described in the element of described appointment belongs to;
The first matching data records module, for the shift action information that records the element to described appointment as the first matched data.
In described user side, described the second matched data generation module comprises:
Shift action receiver module, receives user to showing the move operation of interface element since the element of a position for user side;
The second matching data records module, for according to mobile starting position and end position, records the shift action information of described element as the second matched data.
Preferably, described element is non-ly can descriptively show card element; Described non-can descriptively show that card element comprises can not be by the directly element of input of the character on keyboard.
Wherein, described displaying interface generation module comprises:
Active module, for described in receiving when browser corresponding to user side that server sends wait selecting element and each wait selecting element in the time showing the positional information at place, interface, activate the independent process with respect to browser process;
Independent generation module, for being generated and show interface in the positional information of showing place, interface by element to be selected described in described independent process basis and each element to be selected.
Wherein, after the second matched data generation module, comprise:
The 3rd sending module, sends described the second matched data to server for user side by described independent process.
Wherein, described the second sending module comprises:
Encrypt sending module, for being sent to user side by described after selecting element and each positional information encryption wait selecting element at displaying place, interface;
Further, described displaying interface generation module comprises:
Deciphering generation module, described in obtaining for the deciphering of described user side, element to be selected and each element to be selected, in the positional information of showing place, interface, and generate and show interface.
Wherein, described coupling authentication module comprises:
The first coupling authentication module, matches authentication success for working as described the second matched data and described the first matched data;
The second coupling authentication module, do not match for working as described the second matched data and described the first matched data, authentification failure, reenter according to described verification and obtain request, generate element to be selected and each element to be selected in the positional information of showing place in interface, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and the step of first matched data corresponding with verification task.
Preferably, after described the second matched data and described the first matched data do not match, also comprise:
For user ID corresponding to the described verification request of obtaining, the number of times that statistics does not match;
In the time that the number of times not matching meets threshold condition, lock user ID.
It should be noted that, for said method embodiment, for simple description, therefore it is all expressed as to a series of combination of actions, but those skilled in the art should know, the application is not subject to the restriction of described sequence of movement, because according to the application, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and related action and module might not be that the application is necessary.
For system embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, relevant part is referring to the part explanation of embodiment of the method.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed is and the difference of other embodiment, between each embodiment identical similar part mutually referring to.
The present invention can be used in numerous general or special purpose computingasystem environment or configuration.For example: personal computer, server computer, handheld device or portable set, plate equipment, multicomputer system, system, network PC, minicom, mainframe computer based on microprocessor, comprise distributed computing environment (DCE) of above any system or equipment etc.
The present invention can describe in the general context of the computer executable instructions of being carried out by computer, for example program module.Usually, program module comprises and carries out particular task or realize routine, program, object, assembly, data structure of particular abstract data type etc.Also can in distributed computing environment (DCE), put into practice the present invention, in these distributed computing environment (DCE), be executed the task by the teleprocessing equipment being connected by communication network.In distributed computing environment (DCE), program module can be arranged in the local and remote computer-readable storage medium including memory device.
Finally, also it should be noted that, in this article, relational terms such as the first and second grades is only used for an entity or operation to separate with another entity or operating space, and not necessarily requires or imply and between these entities or operation, have the relation of any this reality or sequentially.
Those of ordinary skills should further recognize, unit and the algorithm steps of each example of describing in conjunction with embodiment disclosed herein, can realize with electronic hardware, computer software or the combination of the two, for the interchangeability of hardware and software is clearly described, composition and the step of each example described according to function in the above description in general manner.These functions are carried out with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can realize described function with distinct methods to each specifically should being used for, but this realization should not thought and exceeds the application's scope.
A kind of safety certifying method and the system that above the application are provided, be described in detail, applied principle and the execution mode of specific case to the application herein and set forth, the explanation of above embodiment is just for helping to understand the application's method and core concept thereof; , for one of ordinary skill in the art, according to the application's thought, all will change in specific embodiments and applications, in sum, this description should not be construed as the restriction to the application meanwhile.

Claims (10)

1. a safety certifying method, is characterized in that, comprising:
Receive the verification being triggered by user side and obtain request;
Obtain request according to described verification, generate element to be selected and each element to be selected in the positional information of showing place in interface, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and first matched data corresponding with verification task;
Described verification task is sent to mobile terminal corresponding to the described verification request of obtaining;
Element described to be selected and each element to be selected are sent to user side in the positional information of showing place in interface;
Receive the second matched data that user side sends; Described the second matched data operates acquisition according to user to the element of showing interface by user side; Described displaying interface is generated in the positional information of showing place in interface by element to be selected described in user side basis and each element to be selected;
Described the second matched data and described the first matched data are compared, carry out authentication according to comparative result.
2. method according to claim 1, is characterized in that,
Described generation verification task comprises:
Notify user by described displaying interface, the position of at least one element of appointment and another object element moving to; Element to be selected described in the element of described appointment belongs to;
Further, the first matched data corresponding to described generation verification task comprises:
Record the shift action information of described designed element as the first matched data.
3. method according to claim 2, is characterized in that, described the second matched data is operated to obtain to the element at described displaying interface according to user by user side and comprises:
User side receives user to showing the move operation of interface element since the element of a position;
According to mobile starting position and end position, record the shift action information of described element as the second matched data.
4. method according to claim 1, is characterized in that,
Described element is non-ly can descriptively show card element; Described non-can descriptively show that card element comprises can not be by the directly element of input of the character on keyboard.
5. method according to claim 1, is characterized in that, described displaying interface is generated and comprises in the positional information of showing place in interface by element to be selected described in user side basis and each element to be selected:
When browser corresponding to user side receive that server sends described in wait selecting element and each wait selecting element in the time showing the positional information at place in interface, activate the independent process with respect to browser process;
Generate and show interface in the positional information of showing place in interface by element to be selected described in described independent process basis and each element to be selected.
6. method according to claim 5, is characterized in that, user, described displaying interface is operated to obtain after the second matched data to comprise:
User side sends described the second matched data to server by described independent process.
7. the method described in one of them according to claim 1 to 6, is characterized in that, described element described to be selected and each element to be selected is comprised showing in interface that the positional information at place is sent to user side:
By described wait selecting element and each wait selecting element showing that the positional information at place is sent to user side after encrypting in interface;
Further, described displaying interface is generated and comprises in the positional information of showing place in interface by element to be selected described in user side basis and each element to be selected:
The positional information at element to be selected and each element to be selected place in displaying interface described in described user side deciphering obtains, and generate displaying interface.
8. method according to claim 1, is characterized in that, describedly carries out authentication according to comparative result and comprises:
When described the second matched data and described the first matched data match, authentication success;
When described the second matched data and described the first matched data do not match, authentification failure, reenter according to described verification and obtain request, generate element to be selected and each element to be selected in the positional information of showing place in interface, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and the step of first matched data corresponding with verification task.
9. method according to claim 8, is characterized in that, after described the second matched data and described the first matched data do not match, also comprises:
For user ID corresponding to the described verification request of obtaining, the number of times that statistics does not match;
In the time that the number of times not matching meets threshold condition, lock user ID.
10. a security certification system, is characterized in that, comprising:
Server and user side;
Described server comprises:
Check request receiver module, obtains request for receiving the verification being triggered by user side;
Checking data generation module, for obtaining request according to described verification, generate element to be selected and each element to be selected in the positional information of showing place in interface, with, generate with described in element to be selected and each element to be selected in the corresponding verification task of positional information of showing place in interface, and first matched data corresponding with verification task;
The first sending module, for being sent to described verification task mobile terminal corresponding to the described verification request of obtaining;
The second sending module, for by element described to be selected and each element to be selected in the positional information of showing place, interface, be sent to user side;
The second matched data receiver module, the second matched data sending for receiving user side;
Coupling authentication module, for described the second matched data and described the first matched data are compared, carries out authentication according to comparative result;
Described user side comprises:
Show interface generation module, generate and show interface in the positional information of showing place, interface for element to be selected described in basis and each element to be selected;
The second matched data generation module, for operating and obtain the second matched data the element at described displaying interface according to user;
The second matched data sending module, for being sent to server by the second matched data.
CN201210440068.2A 2012-11-06 2012-11-06 A kind of safety certifying method and system Active CN103812822B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210440068.2A CN103812822B (en) 2012-11-06 2012-11-06 A kind of safety certifying method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210440068.2A CN103812822B (en) 2012-11-06 2012-11-06 A kind of safety certifying method and system

Publications (2)

Publication Number Publication Date
CN103812822A true CN103812822A (en) 2014-05-21
CN103812822B CN103812822B (en) 2017-03-01

Family

ID=50709032

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210440068.2A Active CN103812822B (en) 2012-11-06 2012-11-06 A kind of safety certifying method and system

Country Status (1)

Country Link
CN (1) CN103812822B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991590A (en) * 2015-02-15 2016-10-05 阿里巴巴集团控股有限公司 Method and system for verifying user identity, client, and server
CN106161020A (en) * 2015-03-27 2016-11-23 阿里巴巴集团控股有限公司 A kind of identity authentication method and device
WO2017166297A1 (en) * 2016-04-01 2017-10-05 华为技术有限公司 Wifi hotpot portal authentication method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101236675A (en) * 2008-01-30 2008-08-06 信雅达系统工程股份有限公司 Method for checking bank terminal equipment legitimacy by user mobile phones SMS
US20090235327A1 (en) * 2008-03-11 2009-09-17 Palo Alto Research Center Incorporated Selectable captchas
CN101651546A (en) * 2009-09-11 2010-02-17 福建天晴在线互动科技有限公司 Method for off-line generation of dynamic password and debarkation authentication and synchronization of server
CN102047281A (en) * 2008-02-15 2011-05-04 卡普查爱德有限责任公司 CAPTCHA advertising
CN102103670A (en) * 2009-12-22 2011-06-22 迪斯尼实业公司 Human verification by contextually iconic visual public turing test
CN102164141A (en) * 2011-04-24 2011-08-24 陈珂 Method for protecting security of account
US20120254971A1 (en) * 2011-04-01 2012-10-04 Telefonaktiebolaget L M Ericsson (Publ) Captcha method and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101236675A (en) * 2008-01-30 2008-08-06 信雅达系统工程股份有限公司 Method for checking bank terminal equipment legitimacy by user mobile phones SMS
CN102047281A (en) * 2008-02-15 2011-05-04 卡普查爱德有限责任公司 CAPTCHA advertising
US20090235327A1 (en) * 2008-03-11 2009-09-17 Palo Alto Research Center Incorporated Selectable captchas
CN101651546A (en) * 2009-09-11 2010-02-17 福建天晴在线互动科技有限公司 Method for off-line generation of dynamic password and debarkation authentication and synchronization of server
CN102103670A (en) * 2009-12-22 2011-06-22 迪斯尼实业公司 Human verification by contextually iconic visual public turing test
US20120254971A1 (en) * 2011-04-01 2012-10-04 Telefonaktiebolaget L M Ericsson (Publ) Captcha method and system
CN102164141A (en) * 2011-04-24 2011-08-24 陈珂 Method for protecting security of account

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991590A (en) * 2015-02-15 2016-10-05 阿里巴巴集团控股有限公司 Method and system for verifying user identity, client, and server
CN105991590B (en) * 2015-02-15 2019-10-18 阿里巴巴集团控股有限公司 A kind of method, system, client and server for verifying user identity
US10528710B2 (en) 2015-02-15 2020-01-07 Alibaba Group Holding Limited System and method for user identity verification, and client and server by use thereof
CN106161020A (en) * 2015-03-27 2016-11-23 阿里巴巴集团控股有限公司 A kind of identity authentication method and device
CN106161020B (en) * 2015-03-27 2019-08-09 阿里巴巴集团控股有限公司 A kind of identity authentication method and device
WO2017166297A1 (en) * 2016-04-01 2017-10-05 华为技术有限公司 Wifi hotpot portal authentication method and device

Also Published As

Publication number Publication date
CN103812822B (en) 2017-03-01

Similar Documents

Publication Publication Date Title
JP5777804B2 (en) Web-based security authentication system and method
CN107004080A (en) Environment sensing security token
CN108229956A (en) Network bank business method, apparatus, system and mobile terminal
CN108989346A (en) The effective identity trustship agility of third party based on account concealment authenticates access module
CN103312664B (en) Form validation methods, devices and systems
CN103023657B (en) Security verification system based on distributed network transaction
CN102098315A (en) Secure login method, device and system for client
CN112131564B (en) Method, device, equipment and medium for encrypting data communication
JP2008269610A (en) Protecting sensitive data intended for remote application
CN101334884A (en) Method and system for enhancing bank transfer safety
KR20170140215A (en) Methods and systems for transaction security
CN104125230A (en) Short message authentication service system and authentication method
CN101924734A (en) Identity authentication method and authentication device based on Web form
CN104657860A (en) Mobile banking security authentication method
CN103812822A (en) Method and system for safety certificate
CN103051618A (en) Terminal authentication equipment and network authentication method
CN109495458A (en) A kind of method, system and the associated component of data transmission
CN101425901A (en) Control method and device for customer identity verification in processing terminals
CN104021322A (en) Electronic signature method, electronic signature equipment and electronic signature client
CN105468957A (en) Safety keyboard for network transaction
US20230419325A1 (en) Method for processing an operation involving secret data, terminal, system and corresponding computer program
JPWO2016013048A1 (en) Method and system for generating a sign code used to securely transfer money
Xie et al. VOAuth: A solution to protect OAuth against phishing
CN202495949U (en) Information safety device with enhanced safety
CN111489211A (en) Billing processing method, billing processing device and billing processing medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 1195178

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: GR

Ref document number: 1195178

Country of ref document: HK

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20191216

Address after: P.O. Box 31119, grand exhibition hall, hibiscus street, 802 West Bay Road, Grand Cayman, Cayman Islands

Patentee after: Innovative advanced technology Co., Ltd

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Patentee before: Alibaba Group Holding Co., Ltd.