CN104038346A - Verification method and system - Google Patents
Verification method and system Download PDFInfo
- Publication number
- CN104038346A CN104038346A CN201410286470.9A CN201410286470A CN104038346A CN 104038346 A CN104038346 A CN 104038346A CN 201410286470 A CN201410286470 A CN 201410286470A CN 104038346 A CN104038346 A CN 104038346A
- Authority
- CN
- China
- Prior art keywords
- user
- identifying code
- grade
- integration
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a verification method and a verification system. The verification method includes following steps: a) receiving a web access request and accessory user information, sent by a user; b) confirming a verification code grade provided for the user according to the received user information, wherein the verification code grade is confirmed according to a user experience degree grade and the fact that whether a machine cracking difficulty grade is added; c) obtaining a verification code corresponding to the verification code grade according to the confirmed verification code grade, and sending the verification code to the user; d) receiving a verification code input by the user according to the verification code corresponding to the verification code grade and performing verification; e) returning a verification result to the user. According to the verification method and the verification system, the verification code grade is confirmed based on friendliness of the user and cracking difficulty of a machine, and therefore not only are network insecurity and inequity behaviors such as malicious password cracking, ticket brushing and forum irrigation, but also the common user can obtain good user experience.
Description
Technical field
The present invention relates to a kind of user authentication method of internet access, particularly a kind of verification method and system that cracks grade of difficulty based on user experience grade and machine.
Background technology
At present, along with the development of computer technology, Internet technology is more and more ripe.In the Internet, exist the different identifying code of form, the object of identifying code is in order to distinguish people and machine.Now each large website identifying code is all at the identifying code that uses same form, but often database has certain limit, will integral replacing becomes the identifying code of another kind of type if be cracked.Although each large website is constantly strengthened to crack at identifying code in difficulty to some extent in the up-to-date technology of exploitation, but the increase of validation difficulty is not fine conversely for user experience, because simple identifying code is just passable for domestic consumer, increasing cracks difficulty only can allow user experience worse.
The method that generates at present identifying code is divided into following 5 steps:
1. identifying code is deposited in to identifying code storehouse;
2. obtain the checking request of user at accession page;
3. send identifying code to user;
4. user fills in checking and feeds back and be uploaded to Website server;
5. the Validation Answer Key that couple user fills in mates and checks to verify with corresponding identifying code answer.
If identifying code is cracked, the common way in website is to upgrade identifying code storehouse, and the identifying code of wherein storage is replaced to the identifying code that a kind of difficulty is larger, and then repeats above 2-4 step.In the situation that some violation operation person (as network hacker) exists, can allow a large amount of domestic consumers also experience highly difficult identifying code if directly increase validation difficulty, the very big like this user experience that reduces domestic consumer, even may cause customer loss.And some identifying code is to adopt different identifying codes according to different domain names, like this also have same problem, access the existing cracker Ye You of the user domestic consumer of same domain name, can not all users all adopt identical identifying code.
Therefore, need a kind of energy effective method and system to solve the problems referred to above, both can ensure that identifying code is difficult for being broken, also can guarantee not hurt user and experience.
Summary of the invention
The object of the present invention is to provide a kind of verification method, said method comprising the steps of: a) receive from user's web access request and subsidiary user profile; B) determine and offer this user's identifying code grade according to the user profile receiving, whether wherein said identifying code grade is according to user experience grade and add machine to crack grade of difficulty to determine; C) according to described definite identifying code grade, obtain the identifying code corresponding with this identifying code grade, and described identifying code is sent to user; D) receiving user feeds back and verifies according to the identifying code of described identifying code input; And e) result of checking is returned to user.
Preferably, described in, step b comprises following sub-step: b1) according to received user profile renewal user's integration, the web before wherein said integral representation user accesses behavioural characteristic; B2) determine user's Experience Degree grade and determine accordingly user's identifying code grade according to described user's integration; B3) judge whether to increase machine and crack difficulty and change user's identifying code grade, if desired crack difficulty and determine user's corresponding identifying code grade according to machine.
Preferably, in described step b3, determine whether to add machine to crack difficulty according to the type of the degree of violation operation record in user profile or user's operation pages.
According to a further aspect in the invention, a kind of verification system is provided, comprise web server, identifying code server and identifying code storehouse, wherein, described web server is for receiving from the user access request of client and subsidiary user profile, determine the identifying code grade that offers this user according to the user profile receiving, send described request and definite extremely described identifying code server of identifying code grade, obtain the identifying code corresponding with this identifying code grade and send to described user, receive the identifying code feedback from user's input of client, and be sent to described identifying code server, described identifying code server obtains corresponding identifying code according to the identifying code grade receiving in described identifying code storehouse, and described identifying code is sent it back to described web server, the identifying code feedback that receives user's input is carried out identifying code checking, and triggers further operation according to the result, identifying code lab setting is the identifying code with multiple area stores different brackets, wherein, whether described identifying code grade is according to user experience grade and add machine to crack grade of difficulty to determine.
Preferably, the operation note of the domain name, user that described user profile is selected from integration, user's access of the last login of user under such page, post record, user's violation operation record, continuous wrong input validation code number of times, change one or more in identifying code number of times continuously, wherein said integral representation user web before accesses behavioural characteristic.
Preferably, determine that described identifying code grade comprises the steps: a) to upgrade according to received user profile user's integration, the web access behavioural characteristic before wherein said integral representation user; B) determine user's Experience Degree grade and determine accordingly user's identifying code grade according to described user's integration; C) judge whether to increase machine and crack difficulty and change user's identifying code grade; If desired crack difficulty and determine user's corresponding identifying code grade according to machine.
Preferably, described integration is hiding sightless for user.
The information of the integration that preferably, described integration was logined according to user's last time, last visit information and this access is accumulated calculating.
Preferably, every factor in described this visit information comprises weight factor separately.
Preferably, determine whether to add machine to crack difficulty according to the type of the degree of violation operation record in user profile or user's operation pages.
Crack difficulty based on user-friendliness and machine and determine identifying code grade according to of the present invention, dangerous, the unfair behavior of network such as both can prevent that malice decryption, brush ticket, forum from pouring water, can make again domestic consumer have good user and experience.
The description and the follow-up detailed description that should be appreciated that aforementioned cardinal principle are exemplary illustration and explanation, should the restriction to the claimed content of the present invention with do.
Brief description of the drawings
With reference to the accompanying drawing of enclosing, the more object of the present invention, function and advantage are illustrated the following description by embodiment of the present invention, wherein:
Fig. 1 be according to an embodiment of the present invention crack the schematic block diagram of the verification system of difficulty based on user experience grade and machine;
Fig. 2 be according to an embodiment of the present invention crack the indicative flowchart of the verification method of difficulty based on user experience grade and machine;
Fig. 3 be according to the present invention another execution mode crack the indicative flowchart of the verification method of difficulty based on user experience grade and machine;
Fig. 4 shows the indicative flowchart of definite method of identifying code grade according to an embodiment of the invention.
Embodiment
By reference to example embodiment, object of the present invention and function and will be illustrated for the method that realizes these objects and function.But the present invention is not limited to following disclosed example embodiment; Can be realized it by multi-form.The essence of specification is only to help various equivalent modifications Integrated Understanding detail of the present invention.
Hereinafter, embodiments of the invention will be described with reference to the drawings.In the accompanying drawings, identical Reference numeral represents same or similar parts, or same or similar step.
In the present invention, any information for verifying providing to user is provided related identifying code, comprising but be not limited to: inform that user inputs the prompting problem of which kind of content or signal language, prompting user inputs option of which kind of content etc.Identifying code answer involved in the present invention is the information corresponding with identifying code, comprising but be not limited to: the correct option of prompting problem or signal language or default answer.Identifying code involved in the present invention feedback, the information of inputting according to identifying code for user.
Fig. 1 shows the schematic block diagram that cracks the verification system of difficulty based on user experience grade and machine.As shown in Figure 1, verification system according to the present invention comprises client 110, web server 120, identifying code server 130 and identifying code storehouse 140.Fig. 1 (a) shows the situation of identifying code server 130 and identifying code storehouse 140 for entity separately, and Fig. 1 (b) shows the situation that identifying code server 130 and identifying code storehouse 140 are integrated.
Client 110 is used to user that the interface of access web server 120 is provided, for receive the prompting from the requirement checking of web server 120 in the time accessing web page, the checking request of user to access pages is sent to web server 120, and user profile is sent to web server 120 together with checking request, and provide the interface of input validation code feedback for user.Described user profile includes but not limited to operation note under such page of domain name that user accesses, user, post record, user's violation operation record, continuous wrong input validation code number of times, changes one or more in identifying code number of times continuously.Client 110 receives the result for the identifying code feedback of user's input, in another execution mode of the present invention, this the result is sent to client 110 by web server 120, and in another execution mode of the present invention, client 110 is obtained the result from identifying code server 130.The identifying code feedback sending as user is consistent with corresponding identifying code answer, be proved to be successful, in one embodiment, user will be allowed to carry out subsequent operation, as allow user access server, allow user to browse the information of being asked, allow user to obtain Query Result etc., in another embodiment, user will receive the prompting being proved to be successful; As inconsistent with corresponding identifying code answer in the identifying code feedback that user sends, authentication failed, in one embodiment, user will receive the prompting of authentication failed, in another embodiment, user will rest on current page.When the identifying code feedback that sends as user is inconsistent with identifying code storehouse, client 110 can send checking request again, or by web server 120 denied access.User profile can will be updated.
Preferably, described client 110 is for example desktop computer, laptop computer, smart phone, personal digital assistant (PDA), panel computer, game machine, Multi-featured Mobile Terminal or comprises computing function and any other equipment of its communication ability.Client 110 preferably visits web server 120 by network, and described network is selected from least one in cable network, WiFi, Zigbee, WLAN, GPRS, cellular network, GSM network, 3G network, LTE network or cdma network, bluetooth, NFC, infrared ray, ultrasonic wave, Wireless USB, RFID.
Web server 120 receives the accessing page request sending from client 110 and the user profile that checking is asked and client 110 is sent, and records this user profile.Web server 120 can determine that user current user experience grade and machine crack grade of difficulty according to the user profile of collecting, and cracks grade of difficulty according to the current user experience grade of user and machine and determine identifying code grade.In an embodiment of the present invention, web server 120 also can be used for identifying code request that client 110 is sent and accordingly determined identifying code grade be sent to identifying code server 130 and verify.In an embodiment of the present invention, web server 120 also can receive the result returning from identifying code server 130, and this result is back to client 110 again.For example, return to if receive from identifying code server 130 result being proved to be successful, web server 120 returns to client 110, and user will be allowed to carry out ensuing operation, as login web server, browsing information, browse queries result etc.; As receive from identifying code server 130 and return to the inconsistent result of checking, web server 120 users return to the prompting of client 110 authentication faileds.The in the situation that of authentication failed, web server 120 can return to client 110 and point out user again to verify, or returns to the prompting that refusal client 110 is accessed.When in the situation that allows client 110 again to verify, web server 120 is gone back the operation information (as verified number of times etc.) that recording user is verified again, joins in user's operation note.
Identifying code server 130 is for depositing identifying code in identifying code storehouse 140, in described identifying code storehouse, obtain corresponding identifying code, and described identifying code is sent it back to described web server, the identifying code feedback that receives user's input is carried out identifying code checking, and triggers further operation according to the result.According to one embodiment of present invention, identifying code is divided into different brackets by identifying code server 130, is that identifying code is enclosed corresponding class letter according to the grade of identifying code.Preferably, identifying code storehouse 140 is divided into multiple regions, stores respectively the identifying code of different brackets.Identifying code server 130 obtains corresponding identifying code according to the identifying code grade receiving from web server 120 identifying code storehouse 140, for example, can obtain according to class letter or according to memory location.The identifying code obtaining is sent back to web server 120 by identifying code server 130, then by web server 120, the identifying code obtaining is sent to client 110.Preferably, the mark corresponding to this identifying code is sent to web server 120 by identifying code server 130 simultaneously.The mark of identifying code is sent to client 110 by web server 120, and preferably writes in the cookies of client 110.The identifying code feedback that what identifying code server 130 also forwarded web server 120 inputted by user is carried out identifying code checking, and triggers further operation according to the result.Described further operational example, as allowed user to access web server, is back to the prompting that client 110 is proved to be successful, and allows user's login etc., or points out user rs authentication failure and resend the operations such as identifying code.For example, in another execution mode of the present invention, client 110 is obtained the result from identifying code server 130.
Identifying code storehouse 140 is for storing identifying code.Because identifying code according to the present invention is divided into multiple grades, therefore identifying code storehouse 140 is divided into multiple regions, stores respectively the identifying code of different brackets.Identifying code storehouse 140 can be positioned at identifying code server 130 inside, or is the entity of individualism.According to one embodiment of present invention, the content that store in identifying code storehouse 140 can comprise identifying code and identifying code answer, identifying code for sending to user in the time that user sends checking request by client, and identifying code answer for mating to verify with this identifying code answer feedback in the time that user feeds back by client input validation code.In one embodiment, the identifying code answer that identifying code is corresponding with it for example, with identical mark (key) mark.
Fig. 2 be according to an embodiment of the present invention crack the indicative flowchart of the verification method of difficulty based on user experience grade and machine.As shown in Figure 2, comprising the following steps according to the verification method 200 of this execution mode of the present invention:
In step 205, user sends the request of access web server 120 by client 110, and described request for example logs in accession page, Query Information etc.User's access request is accompanied with user profile.The operation note of the domain name, user that described user profile includes but not limited to integration information, user's access of the last login of user under such page, post record, user's violation operation record, continuous wrong input validation code number of times, change one or more etc. in identifying code number of times continuously.
In step 210, web server 120 has received access request and user profile that client 110 sends, determines the identifying code grade that offers this user according to user profile.According to a preferred embodiment of the invention, web server 120 determines user experience grade and judges whether to add machine to crack grade of difficulty according to user profile, then cracks difficulty and determine user's identifying code grade according to user experience grade and machine.User experience grade and machine crack difficulty and determine that the method for identifying code grade will describe in detail by Fig. 4 below.
In step 215, access request and definite identifying code grade are sent to identifying code server 130 by web server 120, to obtain the identifying code corresponding with this identifying code grade.
In step 220, identifying code server 130 obtains corresponding identifying code according to the identifying code grade receiving in identifying code storehouse.Wherein, the identifying code in identifying code storehouse is divided into different brackets by identifying code server 130, is that identifying code is enclosed corresponding class letter according to the grade of identifying code, preferably identifying code storehouse is divided into multiple regions, stores respectively the identifying code of different brackets.
In step 225, the identifying code obtaining is sent it back web server 120 by identifying code server 130.Preferably, the mark corresponding to this identifying code (as key) is sent to web server 120 by identifying code server 130.
In step 230, web server 120 is sent to client 110 by the identifying code of acquisition so that user's input validation code feeds back to verify.Preferably, web server 120 will be sent to client 110 corresponding to the mark of this identifying code, and preferably the mark of identifying code will write in the cookies of client 110.
In step 235, identifying code is presented on the identifying code page that user accesses by client 110, and user verifies according to identifying code input validation code feedback.
In step 240, the identifying code feedback of user's input is sent to web server 120 by client 110.
In step 245, web server 120 is forwarded to identifying code server 130 by the identifying code feedback of user's input and verifies.
In step 250, identifying code server 130 is verified the identifying code feedback of user's input.Particularly, identifying code server 130 mates the identifying code feedback of reception with the identifying code that sends to before user, thereby verifies.In an embodiment of the present invention, identifying code server 130 obtains the identifying code answer of corresponding this identifying code in identifying code storehouse, the received identifying code feedback identifying code answer corresponding with this compared, as identical in the two, the match is successful, is proved to be successful, as not identical in the two, it fails to match, authentication failed.
In step 255, the result of checking is sent back to web server 120 by identifying code server 130.
In step 260, the result of checking is sent back to client 110 by web server 120.
What Figure 3 shows that according to the present invention another execution mode cracks the indicative flowchart of the verification method of difficulty based on user experience grade and machine.The main distinction of the verification method shown in verification method and Fig. 2 of this execution mode is, after step 350, in step 355, the result of checking is sent it back client 110 by identifying code server 130, and do not need through web server 120.
According to execution mode disclosed by the invention, as be proved to be successful, the identifying code feedback that for example user sends is consistent with identifying code answer, triggering following is operated, for example allow user access server, allow user to browse asked information, allow user to obtain Query Result, allow user's login or client to show the prompting being proved to be successful, etc., as authentication failed, the identifying code feedback that for example user sends is inconsistent with identifying code answer, points out user rs authentication failure or user will rest on current page.User profile will be updated.Client 110 can send checking request again, or by web server 120 denied access.
As shown in Figure 4, show the indicative flowchart of determining according to an embodiment of the invention the method for identifying code grade.Comprise the following steps according to definite method 400 of the identifying code grade of the embodiment of the present invention:
In step 410, collect the user's who sends access request information.The operation note of the domain name, user that user profile can include but not limited to information, integration, the access of the last login of user under such page, post record, user's violation operation record, continuous wrong input validation code number of times, change one or more etc. in identifying code number of times continuously.
In step 420, upgrade user's integration according to user profile.According to embodiments of the invention, when each user accesses web server, preferably realize the division of user gradation in the mode of user integral, namely the behavioural characteristic of user web access is calculated as to the feature that specific mark represents that user is current.More preferably, this user integral is hiding sightless for user.
According to one embodiment of present invention, in the time that user accesses web server first, for user creates an initial integration, in the time that user operates or again accesses, on the basis of inferior initial integration, constantly upgrade.Example as implied above is the situation that user's integration constantly reduces along with user's abnormal operation behavior, also can adopt the situation that constantly increases integration along with user's normal running behavior.
According to one embodiment of present invention, user's integration can be accumulated calculating, can be according to integration, the visit information of last time and the information of this access of user's last time login, as the integration of this login of the renewal users such as access domain name, IP address, user's accounts information, user's historical operation record, continuous errors validity code input number of times.According to an embodiment, can carry out by following formula the calculating of user integral:
Before the current integration=user of user, once access integration-a
1× IP address score-a
2× identifying code input score
Wherein, whether IP address score is for example same city by the login and the last visit that judge user, is to be 0, otherwise is 1.Whether identifying code input score for example exceedes some for continuous input error number of times before this identifying code, for example, in the time that input number of times exceedes three times continuously, be 1, otherwise be 0.More preferably, can also add weight factor a for every factor in this visit information
1, a
2, be that it gives different weighted values corresponding to different Considerations.
According to one embodiment of present invention, for example, a new user's initial integration can be set 0 point, when user carries out the operation of normal specification, after completing, once-through operation just can increase corresponding integration, add 5 points as sent out one section of subsides, reply adds 1 point, and online hours accumulative total adds 3 points etc. for 2 hours.Preferably, in order to prevent that malicious user from improving integration at short notice to improve authority, can set the upper limit of integral that every day, each user increased, for example, increase at most 30 points.In the time that user carries out malice or operation lack of standardization, can reduce corresponding user integral.The situations such as such as user pours water, continuous wrong input validation code, change lack of standardization, the unsafe acts such as identifying code continuously, or the continuous input error identifying code of user, and user posts and reported and be verified, user's malice is reported other people.Can set corresponding rule different malicious acts is deducted to different marks.For example, crack identifying code when user operation records is identified as by machine program means malice, can strengthen mark deduction degree, pour water and once subtract 300 and grade as machine.If the information that user issues relates to illegal information and also user's integration can be reduced to more even zero clearings.
In step 430, determine user's Experience Degree grade and determine accordingly user's identifying code grade according to user's integration.
Preferably, can divide multiple intervals by user's integration, by different integrating ranges corresponding to different user experience grades.For example, user experience grade can be divided into Three Estate, high-grade, middle grade and inferior grade, correspond respectively to the integration of different point number intervals, for example inferior grade is divided corresponding to 0-300, and middle grade is corresponding to 300-1000, high-gradely divides etc. corresponding to 1000-1500.User experience grade also can be divided into more grades, and is not limited to Three Estate.User experience grade matches with identifying code grade afterwards, and higher grade can corresponding to user, the Experience Degree in the time carrying out identifying code checking be better.For example, different identifying code grades is corresponding to different Experience Degree grades:
When user experience grade is high-grade, corresponding identifying code grade is the 1st grade, and under these level, user's Experience Degree is best, and for example identifying code can be and dedicate user in mode intuitively, and user can think deeply and directly find out authorization information;
When user experience grade is middle grade, corresponding identifying code grade is the 2nd grade, under these level, user's Experience Degree is medium, for example user need to provide correct authorization information by simple computation, as the identifying code that is prompted to user is 3+2, and user need to input 5 could pass through checking;
When user experience grade is inferior grade, corresponding identifying code grade is the 3rd grade, and under these level, user's Experience Degree is poor, and for example user need to carry out some logic considerations just can provide correct authorization information.
According to the description of above-mentioned steps 420, the different operating that user's integration carries out along with each login changes, in the time that user integral reaches certain value, user experience grade corresponding to user can improve, and after this to become user experience high-grade for this user's authentication code matches.More preferably, when user integral reaches after certain threshold value, can also be set as not needing identifying code.
According to one embodiment of present invention, while login due to user, its user profile all can be recorded at every turn, and recalculate its integration, therefore in the time that user logins input validation code again, the grade of identifying code will change corresponding to the change of integration, this can be user this log in regaining identifying code and change.But for example pouring water of carrying out for user or the operation behavior that other need to manually be appraised and decided, after determining, when user during at next operation corresponding to the identifying code rank of Experience Degree will change.For example, when user posts next time, may just become more simple identifying code form because of the raising of identifying code rank.If manually determine that the time is longer, when the Experience Degree rank of determining user changes, user exits and logs in, and user changes identifying code grade at the upper Shi Caihui that once logs in.Adjustment to user integral is preferably realized by web server.In the time that user accesses specific domain name, for example, when the page of access security sensitivity, the identifying code input that exceedes some in certain hour can cause identifying code locking, thus within a certain period of time user cannot obtain identifying code and cause user cannot operate within this period of time.
Preferably, if user has, the operation of specification safety, other good users evaluate, long landing time, hide integration lifting grade thereby can increase user, thereby and operation in violation of rules and regulations and continuous several times mistake input validation code can reduce integration reduction identifying code grade.According to a preferred embodiment of the present invention, integration form with interval division in web server exists, and does not directly demonstrate grade, only mates by corresponding identifying code grade.
In step 440, judge whether to increase machine and crack difficulty and change for user user's identifying code grade.If do not needed, directly enter step 460, if desired enter step 450.According to a preferred embodiment of the invention, in the time that user had violation operation behavior, the violation operation behavior of web server meeting recording user, in the time that user needs input validation code next time, system can increase extra proving program to improve the fail safe of access.Such as user's of described unlawful practice malice post behavior, in the short time, refresh continuously the behaviors such as identifying code.The information that Web server can be collected user judges wherein whether there is operation note in violation of rules and regulations, thereby determines user's identifying code grade by additionally adding machine to crack difficulty.Also can determine whether to add machine to crack difficulty by the type of user's operation pages, for example, when user's login operates the higher page of security level required, as change password or transaction page.
In step 450, in the time having determined that need to additionally add machine to crack difficulty determines user's identifying code grade, crack difficulty and determine user's corresponding identifying code grade according to the machine adding.According to one embodiment of present invention, the identifying code grade that has added machine to crack difficulty can be divided into following Three Estate:
The machine of high user experience cracks difficulty, and corresponding identifying code grade is the 4th grade, and under these level, identifying code can be simple short-message verification code, for example, send the identifying code of digital form to user;
The machine of middle user experience cracks difficulty, and corresponding identifying code grade is the 5th grade, under these level, identifying code can be the short-message verification code with arithmetic, for example send numeral to user, allow user carry out simple arithmetic, using correct operation result as identifying code;
The machine of low user experience cracks difficulty, corresponding identifying code grade is the 6th grade, and under these level, identifying code can be the short-message verification code with logical problem, for example send the problem of some simple general knowledge to user, using correct option or correct option option as identifying code.
The grade classification that machine cracks difficulty is similar to the method in step 430 above, can determine user's Experience Degree grade and determine accordingly user's identifying code grade according to user's integration.Preferably, can divide multiple intervals by user's integration, by different integrating ranges corresponding to different user experience grades.For example, user experience grade can be divided into Three Estate, high-grade, middle grade and inferior grade, correspond respectively to the integration of different point number intervals, for example inferior grade is divided corresponding to 0-300, and middle grade is corresponding to 300-1000, high-gradely divides etc. corresponding to 1000-1500.User experience grade also can be divided into more grades, and is not limited to Three Estate.User experience grade matches with identifying code grade afterwards, and higher grade can corresponding to user, the Experience Degree in the time carrying out identifying code checking be better.
In the time having determined that need to additionally add machine to crack difficulty determines user's identifying code grade, user enters behind checking interface, can directly on user terminal, not show identifying code, but show identifying code by other channels, for example be shown as other channel Receipt Validation codes such as user's input handset number or email address, carry out the checking of identifying code.
If user is violation record not, distribute to so user's identifying code and only can in the identifying code grade that cracks difficulty without machine, select (for example identifying code 1-3 grade).If user has record in violation of rules and regulations, distribute to so his identifying code and will in the identifying code grade that cracks difficulty with machine, select (for example identifying code 4-6 grade).If after having in violation of rules and regulations record, user operation records transfers to well, distribute to so he identifying code will then get back in identifying code grade 1-3 and select.
Crack difficulty according to user-friendliness grade of the present invention and machine and determine identifying code grade, according to the corresponding identifying code of described identifying code ratings match, same grade also can have multiple identifying code type and can generate at random.Identifying code for example can comprise, picture validation code, picture arithmetic expression or photo arithmetic expression that disturb the font conversion of conventional pictures identifying code, shadow region, color filling disturbs, font overlaps interference or photo form, computing between computing or three numbers between two numbers; With the identifying code of logic, for example more several pictures, find out different one or find out the similar problems that need logic consideration such as locality correct; Note or mail identifying code, for example, send digital verification code.With the short-message verification code of arithmetic, send numeral to user, allow user carry out simple arithmetic and obtain result as identifying code, with the short-message verification code of logical problem, send the problem of some simple general knowledge to user, correct option or correct option option are as identifying code etc.
According to verification method and the system that cracks difficulty based on user experience grade and machine of the present invention, can crack difficulty according to user-friendliness and machine and determine identifying code grade.Dangerous, the unfair behavior of network such as so both can prevent that malice decryption, brush ticket, forum from pouring water, can make again domestic consumer have good user and experience.
In conjunction with the explanation of the present invention and the practice that disclose here, other embodiment of the present invention are easy to expect and understand for those skilled in the art.Illustrate with embodiment and be only considered to exemplary, true scope of the present invention and purport limit by claim.
Claims (14)
1. a verification method, comprises the following steps:
A) receive from user's web access request and subsidiary user profile;
B) determine and offer this user's identifying code grade according to the user profile receiving, whether wherein said identifying code grade is according to user experience grade and add machine to crack grade of difficulty to determine;
C) according to described definite identifying code grade, obtain the identifying code corresponding with this identifying code grade, and described identifying code is sent to user;
D) receiving user feeds back and verifies according to the identifying code of described identifying code input; And
E) result of checking is returned to user.
2. verification method as claimed in claim 1, the operation note of the domain name, user that wherein said user profile is selected from integration, user's access of the last login of user under such page, post record, user's violation operation record, continuous wrong input validation code number of times, change one or more in identifying code number of times continuously, wherein said integral representation user web before accesses behavioural characteristic.
3. verification method as claimed in claim 1, wherein said step b comprises following sub-step:
B1) according to received user profile renewal user's integration, the web access behavioural characteristic before wherein said integral representation user;
B2) determine user's Experience Degree grade and determine accordingly user's identifying code grade according to described user's integration;
B3) judge whether to increase machine and crack difficulty and change user's identifying code grade, if desired crack difficulty and determine user's corresponding identifying code grade according to machine.
4. verification method as claimed in claim 2 or claim 3, wherein said integration for user be hide sightless.
5. verification method as claimed in claim 3, wherein said integration accumulate calculating according to the information of the integration of user's last time login, last visit information and this access.
6. verification method as claimed in claim 5, every factor in wherein said this visit information comprises weight factor separately.
7. verification method as claimed in claim 3, determines whether to add machine to crack difficulty according to the type of the degree of violation operation record in user profile or user's operation pages in wherein said step b3.
8. a verification system, comprises web server, identifying code server and identifying code storehouse, wherein,
Described web server is for receiving from the user access request of client and subsidiary user profile, determine the identifying code grade that offers this user according to the user profile receiving, send described request and definite extremely described identifying code server of identifying code grade, obtain the identifying code corresponding with this identifying code grade and send to described user, receive the identifying code feedback from user's input of client, and be sent to described identifying code server;
Described identifying code server obtains corresponding identifying code according to the identifying code grade receiving in described identifying code storehouse, and described identifying code is sent it back to described web server, the identifying code feedback that receives user's input is carried out identifying code checking, and triggers further operation according to the result;
Identifying code lab setting is the identifying code with multiple area stores different brackets;
Wherein, whether described identifying code grade is according to user experience grade and add machine to crack grade of difficulty to determine.
9. verification system as claimed in claim 8, the operation note of the domain name, user that wherein said user profile is selected from integration, user's access of the last login of user under such page, post record, user's violation operation record, continuous wrong input validation code number of times, change one or more in identifying code number of times continuously, wherein said integral representation user web before accesses behavioural characteristic.
10. verification system as claimed in claim 8, wherein determines that described identifying code grade comprises the steps:
A) according to received user profile renewal user's integration, the web access behavioural characteristic before wherein said integral representation user;
B) determine user's Experience Degree grade and determine accordingly user's identifying code grade according to described user's integration;
C) judge whether to increase machine and crack difficulty and change user's identifying code grade; If desired crack difficulty and determine user's corresponding identifying code grade according to machine.
11. verification systems as claimed in claim 10, wherein said integration is hiding sightless for user.
12. verification systems as claimed in claim 10, wherein said integration accumulate calculating according to the information of the integration of user's last time login, last visit information and this access.
13. verification systems as claimed in claim 10, every factor in wherein said this visit information comprises weight factor separately.
14. verification systems as claimed in claim 10, wherein determine whether to add machine to crack difficulty according to the type of the degree of violation operation record in user profile or user's operation pages.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410286470.9A CN104038346B (en) | 2014-06-24 | 2014-06-24 | A kind of verification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410286470.9A CN104038346B (en) | 2014-06-24 | 2014-06-24 | A kind of verification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104038346A true CN104038346A (en) | 2014-09-10 |
| CN104038346B CN104038346B (en) | 2018-06-26 |
Family
ID=51468943
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410286470.9A Active CN104038346B (en) | 2014-06-24 | 2014-06-24 | A kind of verification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104038346B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104200140A (en) * | 2014-09-28 | 2014-12-10 | 北京奇虎科技有限公司 | Method and device providing verification code |
| CN105046141A (en) * | 2015-06-12 | 2015-11-11 | 北京京东尚科信息技术有限公司 | Self-daptive verification code design method and system |
| CN105681043A (en) * | 2015-12-30 | 2016-06-15 | 深圳市鼎芯无限科技有限公司 | User identity double verification method and device |
| CN106033619A (en) * | 2015-03-20 | 2016-10-19 | 深圳市腾讯计算机系统有限公司 | Picture verification code generating method, device and system |
| CN106295278A (en) * | 2016-08-11 | 2017-01-04 | 深圳市金立通信设备有限公司 | A kind of method sending checking information and terminal |
| CN106790110A (en) * | 2016-12-26 | 2017-05-31 | 携程旅游网络技术(上海)有限公司 | Identifying code anti-crack method and system based on business datum |
| CN107959657A (en) * | 2016-10-14 | 2018-04-24 | 腾讯科技(深圳)有限公司 | A kind of method, server and the system of identifying code management |
| CN108446907A (en) * | 2017-02-16 | 2018-08-24 | 阿里巴巴集团控股有限公司 | Safe checking method and device |
| CN109284584A (en) * | 2017-07-21 | 2019-01-29 | 北京京东尚科信息技术有限公司 | Verification method and device |
| CN110263530A (en) * | 2019-05-30 | 2019-09-20 | 阿里巴巴集团控股有限公司 | The discrimination method and device of password resetting request |
| CN111414609A (en) * | 2020-03-19 | 2020-07-14 | 腾讯科技(深圳)有限公司 | Object verification method and device |
| CN111918224A (en) * | 2020-07-28 | 2020-11-10 | 广州市百果园信息技术有限公司 | Short message verification method, device, equipment and storage medium |
| CN112948812A (en) * | 2021-03-29 | 2021-06-11 | 天津车之家数据信息技术有限公司 | Verification code distribution method, computing device and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101557427A (en) * | 2009-05-11 | 2009-10-14 | 阿里巴巴集团控股有限公司 | Method for providing diffluent information and realizing the diffluence of clients, system and server thereof |
| CN201984534U (en) * | 2011-01-20 | 2011-09-21 | 北京开心人信息技术有限公司 | System for realizing secondary picture verification code |
| CN102255880A (en) * | 2011-01-20 | 2011-11-23 | 北京开心人信息技术有限公司 | Secondary picture verification code realization method and system |
| CN102300182A (en) * | 2011-09-07 | 2011-12-28 | 飞天诚信科技股份有限公司 | Short-message-based authentication method, system and device |
| CN102315955A (en) * | 2010-06-30 | 2012-01-11 | 上海薄荷信息科技有限公司 | Control method for setting obstruction for junk information and corresponding control device |
| CN102314445A (en) * | 2010-06-30 | 2012-01-11 | 上海薄荷信息科技有限公司 | Control method for arranging user messages and corresponding information management system |
| CN102508848A (en) * | 2011-09-30 | 2012-06-20 | 靳鑫 | Human-computer intelligent interaction method and system |
| US20120323556A1 (en) * | 2011-06-15 | 2012-12-20 | Chen Ti-Chih | System and method for using pinyin and a dynamic memory state for modifying a hanyu vocabulary test |
| CN103268566A (en) * | 2013-05-23 | 2013-08-28 | 新疆卡尔罗媒体科技有限公司 | Social network platform system and interaction method |
-
2014
- 2014-06-24 CN CN201410286470.9A patent/CN104038346B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101557427A (en) * | 2009-05-11 | 2009-10-14 | 阿里巴巴集团控股有限公司 | Method for providing diffluent information and realizing the diffluence of clients, system and server thereof |
| CN102315955A (en) * | 2010-06-30 | 2012-01-11 | 上海薄荷信息科技有限公司 | Control method for setting obstruction for junk information and corresponding control device |
| CN102314445A (en) * | 2010-06-30 | 2012-01-11 | 上海薄荷信息科技有限公司 | Control method for arranging user messages and corresponding information management system |
| CN201984534U (en) * | 2011-01-20 | 2011-09-21 | 北京开心人信息技术有限公司 | System for realizing secondary picture verification code |
| CN102255880A (en) * | 2011-01-20 | 2011-11-23 | 北京开心人信息技术有限公司 | Secondary picture verification code realization method and system |
| US20120323556A1 (en) * | 2011-06-15 | 2012-12-20 | Chen Ti-Chih | System and method for using pinyin and a dynamic memory state for modifying a hanyu vocabulary test |
| CN102300182A (en) * | 2011-09-07 | 2011-12-28 | 飞天诚信科技股份有限公司 | Short-message-based authentication method, system and device |
| CN102508848A (en) * | 2011-09-30 | 2012-06-20 | 靳鑫 | Human-computer intelligent interaction method and system |
| CN103268566A (en) * | 2013-05-23 | 2013-08-28 | 新疆卡尔罗媒体科技有限公司 | Social network platform system and interaction method |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104200140B (en) * | 2014-09-28 | 2018-05-01 | 北京奇虎科技有限公司 | The offer method and device of identifying code |
| CN104200140A (en) * | 2014-09-28 | 2014-12-10 | 北京奇虎科技有限公司 | Method and device providing verification code |
| CN106033619A (en) * | 2015-03-20 | 2016-10-19 | 深圳市腾讯计算机系统有限公司 | Picture verification code generating method, device and system |
| CN105046141A (en) * | 2015-06-12 | 2015-11-11 | 北京京东尚科信息技术有限公司 | Self-daptive verification code design method and system |
| CN105681043A (en) * | 2015-12-30 | 2016-06-15 | 深圳市鼎芯无限科技有限公司 | User identity double verification method and device |
| CN106295278A (en) * | 2016-08-11 | 2017-01-04 | 深圳市金立通信设备有限公司 | A kind of method sending checking information and terminal |
| CN107959657A (en) * | 2016-10-14 | 2018-04-24 | 腾讯科技(深圳)有限公司 | A kind of method, server and the system of identifying code management |
| CN106790110A (en) * | 2016-12-26 | 2017-05-31 | 携程旅游网络技术(上海)有限公司 | Identifying code anti-crack method and system based on business datum |
| CN106790110B (en) * | 2016-12-26 | 2020-04-07 | 携程旅游网络技术(上海)有限公司 | Verification code anti-cracking method and system based on service data |
| CN108446907A (en) * | 2017-02-16 | 2018-08-24 | 阿里巴巴集团控股有限公司 | Safe checking method and device |
| CN108446907B (en) * | 2017-02-16 | 2021-06-18 | 创新先进技术有限公司 | Safety verification method and device |
| CN109284584B (en) * | 2017-07-21 | 2021-03-02 | 北京京东尚科信息技术有限公司 | Verification method and device |
| CN109284584A (en) * | 2017-07-21 | 2019-01-29 | 北京京东尚科信息技术有限公司 | Verification method and device |
| CN110263530A (en) * | 2019-05-30 | 2019-09-20 | 阿里巴巴集团控股有限公司 | The discrimination method and device of password resetting request |
| CN110263530B (en) * | 2019-05-30 | 2023-12-08 | 创新先进技术有限公司 | Authentication method and device for password reset request |
| CN111414609A (en) * | 2020-03-19 | 2020-07-14 | 腾讯科技(深圳)有限公司 | Object verification method and device |
| CN111414609B (en) * | 2020-03-19 | 2024-01-26 | 腾讯科技(深圳)有限公司 | Object verification method and device |
| CN111918224A (en) * | 2020-07-28 | 2020-11-10 | 广州市百果园信息技术有限公司 | Short message verification method, device, equipment and storage medium |
| CN111918224B (en) * | 2020-07-28 | 2022-03-04 | 广州市百果园信息技术有限公司 | Short message verification method, device, equipment and storage medium |
| CN112948812A (en) * | 2021-03-29 | 2021-06-11 | 天津车之家数据信息技术有限公司 | Verification code distribution method, computing device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104038346B (en) | 2018-06-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104038346A (en) | Verification method and system | |
| US11916896B2 (en) | Systems and methods for blockchain validation of user identity and authority | |
| CN104038502A (en) | Verification method and system | |
| US10630693B1 (en) | Adaptive Authentication | |
| US11762975B2 (en) | Verification of access to secured electronic resources | |
| JP6514218B2 (en) | Client authentication using social data | |
| US9087187B1 (en) | Unique credentials verification | |
| US8904494B2 (en) | System and method to facilitate compliance with COPPA for website registration | |
| US9300643B1 (en) | Unique credentials verification | |
| US11917050B1 (en) | Systems and methods for generating a blockchain-based user profile | |
| CN101729548A (en) | Method for fault-tolerant user information authentication | |
| US11848943B2 (en) | Centralized threat intelligence | |
| EP2775417A1 (en) | Computer implemented multi-factor authentication | |
| US20160173484A1 (en) | User authentication based on other applications | |
| TWI718291B (en) | Service provision system, service provision method, and computer program | |
| US8930708B2 (en) | Web-based security authentication | |
| CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
| TR201810890T4 (en) | A method and system that protects against identity theft or copy abuse. | |
| US10469482B2 (en) | Encrypted data retrieval systems and methods to provide access to encrypted data | |
| CN104378343A (en) | Network account password regain method, device and system | |
| US10917400B1 (en) | Online security center | |
| CN109831310B (en) | Identity verification method, system, equipment and computer readable storage medium | |
| CN105099998A (en) | Identity information authentication method, device and system | |
| US11855976B2 (en) | Utilizing behavioral features to authenticate a user entering login credentials | |
| CN106878244A (en) | A kind of authenticity proves information providing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |