CN105007255A - Verification method, server and system - Google Patents
Verification method, server and system Download PDFInfo
- Publication number
- CN105007255A CN105007255A CN201410163415.0A CN201410163415A CN105007255A CN 105007255 A CN105007255 A CN 105007255A CN 201410163415 A CN201410163415 A CN 201410163415A CN 105007255 A CN105007255 A CN 105007255A
- Authority
- CN
- China
- Prior art keywords
- identification information
- information
- identifying code
- server
- incidence relation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
Abstract
The embodiments of the invention disclose a verification method, a server and a system. The realization process of the method comprises the following steps: a server receiving an operation instruction from a terminal; after it is confirmed that the operation instruction needs to be verified, obtaining a verification code question for sending to the terminal; the answer to the verification code question is identification information of an object having an association relation with an object oriented by the operation instruction; and receiving verification information from the terminal, if the verification information is the same as the identification information, confirming that verification succeeds, and otherwise, confirming that the verification fails. Through obtaining the verification code question and enabling the answer to the verification code question to be the verification information of the object having the association relation with the object oriented by the operation instruction, verification codes get rid of the limitation that "what is seen is what is obtained", so that artificial codes can be successfully rejected. The scheme provided by the invention provides a verification scheme which rejects the artificial code safety and efficiently.
Description
Technical field
The present invention relates to communication technical field, particularly a kind of verification method, server, and system.
Background technology
Turing test (the Completely Automated PublicTuring test to tell Computers and Humans Apart of full-automatic differentiation computer and the mankind, CAPTCHA), also referred to as identifying code, the public full auto-programs of to be a kind of user of differentiation be computer and people.In CAPTCHA test, the computer as server can automatically generate a problem and be answered by user.This problem can be passed judgment on by Practical computer teaching, but must only have the mankind to answer.Because computer cannot answer the problem of CAPTCHA, so answer the user of ging wrong just can be considered to the mankind.
Artificial stamp is the meaning utilizing artificial a large amount of input validation code.Because identifying code image generating technologies cost and difficulty all will well below image decoding recognition technologies, last decoding technique is transformed into use artificial intelligence gradually from automation, and namely hirer goes decoding, instead of researches and develops new decode system.Specialize in the staff of stamp, we are called a yard work.
Known based on introducing above: the public full auto-programs of identifying code to be a kind of user of differentiation be computer and people.Its malicious act such as automated procedures carry out Brute Force password, brush ticket, forum pour water that can effectively prevent bad person from using.Because identifying code automation recognition technology all will far away higher than identifying code image generating technologies from cost or difficulty, present identifying code identification is transformed into the artificial stamp mode of use from automation gradually.And traditional identifying code to tackle automaton more than sufficient, but tackle artificial stamp and just seem helpless.
The most general identifying code solution is What You See Is What You Get formula identifying code at present.
General principle is as follows: server provides image X; This image normally server according to certain rule generation; User observes image X, finds numeral, English character or Chinese character Y in image; The character string Y that oneself understands by user submits to server; The answer Y ' that the Y that user inputs by server is corresponding with original image X contrasts, if Y and Y ' is completely the same, then assert that active user is human user, if Y and Y ' is inconsistent, then assert that active user is non-human user.
For above scheme, as long as collect enough samples, use some OCR technology to carry out learning and training, just can develop very soon can automaton program traditional image authentication code is identified.Even the image authentication code improved, if its context vault is huge not, still also can by automaton identification.For character identifying code, if capital and small letter character and numeral, only have at most 62.Therefore above scheme is anti-cracks ability.In addition, to same identifying code picture, proprietary input results is all the same, cannot distinguish real user input in input or code work according to the input of user.Therefore, above scheme cannot resist artificial stamp.
In order to resist artificial stamp, also been proposed dynamic verification code technology.General principle is as follows: server provides dynamic image X, this image normally server according to certain rule generation; Information in dynamic image be not disposable whole display but show with the form of loop play; User observes dynamic image X, finds numeral, English character or Chinese character Y in image; It is complete that dynamic image needs time T all to show.The character string Y that oneself understands by user submits to server, the Y ' that the Y that user inputs by server is corresponding with original image X contrasts, if completely the same, then assert that active user is human user, if inconsistent, then assert that active user is non-human user.
Adopt dynamic verification code technology, although the operating efficiency of yard work can be reduced, can not thoroughly contain artificial stamp.This is because utilize dynamic play dynamic image to need the feature of time T, the identifying code number allowing yard work input within the unit interval tails off; But code work still can input correct identifying code.In addition, dynamic verification code is for the normal user used, and also needed wait time T, loses time, and verification efficiency is low.
Proof scheme introduction based on above identifying code can find, above two proof schemes all can not resist artificial stamp efficiently.
Summary of the invention
Embodiments provide a kind of verification method, server, and system, for providing a kind of proof scheme can resisting artificial stamp efficiently.
A kind of verification method, comprising:
Server receives the operational order of self terminal;
After confirmation needs are verified described operational order, obtain identifying code problem, and send to described terminal; The answer of described identifying code problem is the identification information that the object pointed to described operational order has the object of incidence relation;
Receive the authorization information from described terminal, if described authorization information is identical with described identification information, then confirms to be verified, otherwise determine authentication failed.
A kind of server, comprising:
Instruction reception unit, for receiving the operational order of self terminal;
Identifying code acquiring unit, for after confirmation needs are verified described operational order, obtains identifying code problem; The answer of described identifying code problem is the identification information that the object pointed to described operational order has the object of incidence relation;
Identifying code transmitting element, sends to described terminal for the identifying code problem obtained by described identifying code acquiring unit;
Information receiving unit, for receiving the authorization information from described terminal;
Authentication unit, if the described authorization information received for described information receiving unit is identical with described identification information, then confirms to be verified, otherwise determines authentication failed.
A kind of verification system, comprising: server and terminal; The server of any one that wherein said server provides for the embodiment of the present invention.
As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages: by obtaining identifying code problem, and make the answer of identifying code problem be the identification information that the object pointed to described operational order has the object of incidence relation, like this, the limitation of identifying code is departed from " What You See Is What You Get " formula, can successfully resist artificial stamp; The identification information context vault that object in addition owing to pointing to operational order has the object of incidence relation is huge storehouse, makes automaton None-identified.In addition, the program does not need to use dynamic verification code, can avoid needing playing that dynamic image is lost time, verification efficiency is low and thoroughly can not resist the various problems such as artificial stamp.Therefore above scheme provides the proof scheme can resisting artificial stamp safely and efficiently.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing used required in describing embodiment is briefly introduced, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is embodiment of the present invention method flow schematic diagram;
Fig. 2 is embodiment of the present invention identifying code problem interface schematic diagram;
Fig. 3 is embodiment of the present invention server architecture schematic diagram;
Fig. 4 is embodiment of the present invention server architecture schematic diagram;
Fig. 5 is embodiment of the present invention verification system structural representation;
Fig. 6 is embodiment of the present invention verification system structural representation;
Fig. 7 is embodiment of the present invention method flow schematic diagram;
Fig. 8 is embodiment of the present invention server architecture schematic diagram;
Fig. 9 is embodiment of the present invention server architecture schematic diagram.
Embodiment
In order to make the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, the present invention is described in further detail, and obviously, described embodiment is only a part of embodiment of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making other embodiments all obtained under creative work prerequisite, belong to the scope of protection of the invention.
Embodiments provide a kind of verification method, as shown in Figure 1, comprising:
101: server receives the operational order of self terminal;
Aforesaid operations instruction, can carry out the arbitrary operational order of self terminal, such as checks the operational order of spatial information, the operational order sending information first, the operational order that logs in first etc.Concrete operational order, can be the operational order that may need arbitrarily to carry out verifying, the embodiment of the present invention will not limit this.
102: after confirmation needs to verify aforesaid operations instruction, obtain identifying code problem, and send to above-mentioned terminal; The answer of above-mentioned identifying code problem is the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation;
In addition, in embodiments of the present invention, following scheme can also be adopted to improve fail safe further: above-mentioned identifying code problem is different from a front identifying code problem of above-mentioned terminal, and answer corresponding to this identifying code is also different from the answer of a front identifying code problem.
In embodiments of the present invention, identification information is that the object that operational order points to has the identification information of the object of incidence relation, and identification information is used to identification of object, is kept at server side and preserves.Behaviour instruction point to object, be then operational order for object, such as: in login process, logging request for account be exactly a comparatively common class.The acquiring way of above-mentioned incidence relation can be obtained by various databases such as the buddy lists of cell phone address book, instant messaging, and the concrete source embodiment of the present invention can refuse uniqueness restriction.Identification information is used to mark " object ", in cell phone address book, as a rule can with cell-phone number as identification information, and the buddy list of instant messaging, then can adopt the data such as instant messaging account or Real Name as identification information.Based on different incidence relations, the identification information for identification of object can also be such as: native place, native place, location, cell-phone number, even identification card number etc.Although these information are objects that aforesaid operations instruction is pointed to have the privately owned identification information of the object of incidence relation, but based on specific application scenarios, some information should be that the user of transmit operation instruction should know, such as: in social networks, cell-phone number, name, the information such as native place or location of this object.These information, can leave the server side providing respective application to serve in, obtain in the process of identifying code and can extract these information.Due to identification information, for code work, cannot know, therefore can resist artificial stamp.The database of these information is huge in addition, and automaton also cannot crack.
For the identifying code problem of identification information, can directly put question to identification information, also can process identification information and obtain default identification information, this default identification information can carry out suitable prompting to a side user of transmit operation instruction like this.Such as in instant messaging related application, assuming that the cell-phone number of good friend's (above-mentioned object) is 18888888888; Directly carrying out enquirement to identification information can be as follows: please input good friend's cell-phone number; If default identification information, can then send 1888888 in the lump? 8 give above-mentioned terminal demonstration to user, so user it will be appreciated that: please input good friend's name, and prompting in addition " 1888888 8 " concrete scheme is as follows: further, said method, also comprises: obtain the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation, and according to pre-defined rule, above-mentioned identification information is generated default identification information; Above-mentioned identifying code problem comprises above-mentioned default identification information.
Alternatively, the embodiment of the present invention additionally provides the acquisition scheme of identification information, incidence relation data and identification information can leave this locality in, also may leave on the server providing respective application to serve, specific as follows: the identification information that the object that above-mentioned acquisition and aforesaid operations instruction are pointed to has the object of incidence relation comprises: to determine the object that aforesaid operations instruction is pointed to, and from local data base, obtain the incidence relation data of the object pointed to aforesaid operations instruction, determine that the object pointed to above-mentioned behaviour's instruction has the object of incidence relation according to above-mentioned incidence relation data, and obtain the identification information that the object pointed to above-mentioned behaviour's instruction determined has the object of incidence relation, or, determine the object that aforesaid operations instruction is pointed to, and determine the information server at the incidence relation data place of the object pointed to aforesaid operations instruction, and from above-mentioned information server, obtain the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation.
For identification information, owing to being no longer the mode of " What You See Is What You Get ", user is needed to think deeply answer, therefore suitable prompting can be carried out to user, this prompting can perform according to certain rule, such as: assuming that the name of object corresponding to above-mentioned identification information is Liu Jinxing and is primary school classmate, so can remind the information of primary school classmate.Specific as follows: further, said method, also comprises: extract the information related item of above-mentioned identification information as information, and above-mentioned information is sent to above-mentioned terminal.
For identification information, owing to being no longer the mode of " What You See Is What You Get ", user is needed to think deeply answer, therefore suitable prompting can be carried out to user, this prompting is except use Word message is reminded, image information can also be used remind, as long as it is just passable that this image and answer have contacting of inherence, such as: the identification information of the name in aforementioned citing, then can extract the head portrait of object corresponding to above-mentioned identification information as information, specific as follows: alternatively, the information related item of the above-mentioned identification information of said extracted comprises as information: extract the image information relevant to above-mentioned default identification information as information.
Alternatively, the embodiment of the present invention additionally provides the preferable examples of identification information, it should be noted that the exhaustive of the not all optional identification information of the citing of following identification information, following identification information can use as preferred scheme, specific as follows: above-mentioned identification information comprises: the object pointed to aforesaid operations instruction has the communication account of the object of incidence relation.
The identification information employing object in the embodiment of the present invention is reminded, so in some scenarios, the user of transmit operation instruction does not also know the answer of this problem, such as network good friend then likely and do not know the Real Name of above-mentioned object registration, the good friend in the reality such as colleague Tong Xue relatives then should know the Real Name of above-mentioned object; Again such as: colleague's network good friend may and do not know, these information of Ji Guan school, but Tong Xue relatives then normally should know.Due to, the mode that the identification information of the embodiment of the present invention gives incidence relation is extracted, therefore can guarantee that the user identity of identifying code problem and transmit operation instruction adapts to completely, thus raising is verified rate, the identifying code avoiding possible inappropriate enquirement to cause is irrational cannot be passed through.
103: receive the authorization information from above-mentioned terminal, if above-mentioned authorization information is identical with above-mentioned identification information, then confirms to be verified, otherwise determine authentication failed.
The embodiment of the present invention, by obtaining identifying code problem, and the answer of identifying code problem is made to be the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation, like this, the limitation of identifying code is departed from " What You See Is What You Get " formula, can successfully resist artificial stamp; The identification information context vault that object in addition owing to pointing to operational order has the object of incidence relation is huge storehouse, makes automaton None-identified.In addition, the program does not need to use dynamic verification code, can avoid needing playing that dynamic image is lost time, verification efficiency is low and thoroughly can not resist the various problems such as artificial stamp.Therefore above scheme provides the proof scheme can resisting artificial stamp safely and efficiently.
Following examples are by with default identification information, and information is together as sending to the checking message of terminal to be example, is described in detail, specific as follows:
This document elaborates basic thought and the principle of content of the present invention from following 3 parts:
Background: refer to that server is supplied to the check data that user carries out identifying code flow process;
Problem: refer to the mode that server desired user processes the data provided before, such as, traditional image authentication code, its problem be exactly " what the character in image is? "
Answer: the expected result referring to an identifying code, if user to the answer of ging wrong, just can think human user.
The background of the embodiment of the present invention is through after server process, based on friend relation chain and cell phone address book, and the validation database of this user set up according to certain rule.Needing to issue (as account number login, operation scenario etc.) in the scene of identifying code, Stochastic choice and this certain phone number user-dependent (as certain instant messaging good friend cell-phone number etc.), require that a few positions in its input handset number (as: latter four) complete checking.
The problem of inventive embodiments identifying code can be such as: please input good friend A(good friend name) latter four of cell-phone number.
Accordingly, the correct option of the problem of inventive embodiments identifying code should be server stores, latter four of the real handset of this good friend number.
As shown in Figure 2, problem is: please input latter four of good friend's Miller cell-phone number.The cell-phone number that input frame has Miller default " 1888888 " as prompting.When answer that user inserts that and if only if is mated completely with the answer that server end stores, be just verified.
Above scheme, by following feature, has following advantage:
1, the identifying code that the embodiment of the present invention adopts substantially increases to be prevented cracking ability:
First, the identifying code that the embodiment of the present invention adopts has abandoned traditional method based on machine synthetic image background, but by user good friend name, head image data generating pictures; Because user's friend relation data have diversity, therefore the scale of identifying code picture library is unlikely to single, effectively can avoid that automaton is exhaustive to be cracked.
Secondly, because the friend relation data of each user are different, this just make each user the graphical verification code that pulls different from other people, make automaton to carry out extensive batch operation.
2, artificial stamp can be resisted:
Based on the identifying code of friend relation data, each user the problem that pulls are all problems relevant to identification informations such as good friend's cell-phone numbers, this kind of problem derives from true relation chain, and other people are difficult to know, and therefore can effectively resist artificial stamp.
3, do not need the picture distinguishing distortion, distortion, Consumer's Experience is better:
First, the feature of exam pool determines that answer only needs input numeral, more succinct than input alphabet;
Secondly, compared to conventional authentication code, identifying code does not need to distinguish image, the user's understanding cost greatly reduced;
Again, compare dynamic verification code, do not need Waiting Graph picture to show complete, see that problem can input, reduce user time cost.
Finally, owing to not needing to load identifying code image, while saving customer flow, interface display fluency is also improved.
Above scheme, owing to doing exam pool with userspersonal information's (good friend's phone number of cell phone address book and instant messaging record), answer has privacy, can effectively resist artificial stamp.Can only require importation phone number, prevent phone number privacy compromise; In addition, a people has multiple good friend, and namely people has and multiplely verifies number, and each conversion checking number, can prevent single phone number by Brute Force.
The embodiment of the present invention additionally provides a kind of server, as shown in Figure 3, comprising:
Instruction reception unit 301, for receiving the operational order of self terminal;
Identifying code acquiring unit 302, for after confirmation needs to verify aforesaid operations instruction, obtains identifying code problem; The answer of above-mentioned identifying code problem is the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation;
Identifying code transmitting element 303, sends to above-mentioned terminal for the identifying code problem obtained by above-mentioned identifying code acquiring unit 302;
Information receiving unit 304, for receiving the authorization information from above-mentioned terminal;
Authentication unit 305, if the above-mentioned authorization information received for above-mentioned information receiving unit 304 is identical with above-mentioned identification information, then confirms to be verified, otherwise determines authentication failed.
Aforesaid operations instruction, can carry out the arbitrary operational order of self terminal, such as checks the operational order of spatial information, the operational order sending information first, the operational order that logs in first etc.Concrete operational order, can be the operational order that may need arbitrarily to carry out verifying, the embodiment of the present invention will not limit this.
In addition, in embodiments of the present invention, following scheme can also be adopted to improve fail safe further: above-mentioned identifying code problem is different from a front identifying code problem of above-mentioned terminal, and answer corresponding to this identifying code is also different from the answer of a front identifying code problem.
The embodiment of the present invention, by obtaining identifying code problem, and the answer of identifying code problem is made to be the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation, like this, the limitation of identifying code is departed from " What You See Is What You Get " formula, can successfully resist artificial stamp; The identification information context vault that object in addition owing to pointing to operational order has the object of incidence relation is huge storehouse, makes automaton None-identified.In addition, the program does not need to use dynamic verification code, can avoid needing playing that dynamic image is lost time, verification efficiency is low and thoroughly can not resist the various problems such as artificial stamp.Therefore above scheme provides the proof scheme can resisting artificial stamp safely and efficiently.
In embodiments of the present invention, identification information is that the object that operational order points to has the identification information of the object of incidence relation, and identification information is used to identification of object, is kept at server side and preserves.Behaviour instruction point to object, be then operational order for object, such as: in login process, logging request for account be exactly a comparatively common class.The acquiring way of above-mentioned incidence relation can be obtained by various databases such as the buddy lists of cell phone address book, instant messaging, and the concrete source embodiment of the present invention can refuse uniqueness restriction.Identification information is used to mark " object ", in cell phone address book, as a rule can with cell-phone number as identification information, and the buddy list of instant messaging, then can adopt the data such as instant messaging account or Real Name as identification information.Based on different incidence relations, the identification information for identification of object can also be such as: native place, native place, location, cell-phone number, even identification card number etc.Although these information are objects that aforesaid operations instruction is pointed to have the privately owned identification information of the object of incidence relation, but based on specific application scenarios, some information should be that the user of transmit operation instruction should know, such as: in social networks, cell-phone number, name, the information such as native place or location of this object.These information, can leave the server side providing respective application to serve in, obtain in the process of identifying code and can extract these information.Due to identification information, for code work, cannot know, therefore can resist artificial stamp.The database of these information is huge in addition, and automaton also cannot crack.
For the identifying code problem of identification information, can directly put question to identification information, also can process identification information and obtain default identification information, this default identification information can carry out suitable prompting to a side user of transmit operation instruction like this.Such as in instant messaging related application, assuming that the cell-phone number of good friend's (above-mentioned object) is 18888888888; Directly carrying out enquirement to identification information can be as follows: please input good friend's cell-phone number; If default identification information, can then send 1888888 in the lump? 8 give above-mentioned terminal demonstration to user, so user it will be appreciated that: please input good friend's name, and prompting in addition " 1888888 8 " concrete scheme is as follows: further, further, and above-mentioned identifying code acquiring unit 302, also there is for obtaining the object pointed to aforesaid operations instruction the identification information of the object of incidence relation, and according to pre-defined rule, above-mentioned identification information is generated default identification information; Above-mentioned identifying code problem comprises above-mentioned default identification information.
Alternatively, the embodiment of the present invention additionally provides the acquisition scheme of identification information, incidence relation data and identification information can leave this locality in, also may leave on the server providing respective application to serve, specific as follows: alternatively, above-mentioned identifying code acquiring unit 302, for determining the object that aforesaid operations instruction is pointed to, and from local data base, obtain the incidence relation data of the object pointed to aforesaid operations instruction, determine that the object pointed to above-mentioned behaviour's instruction has the object of incidence relation according to above-mentioned incidence relation data, and obtain the identification information that the object pointed to above-mentioned behaviour's instruction determined has the object of incidence relation, or, determine the object that aforesaid operations instruction is pointed to, and determine the information server at the incidence relation data place of the object pointed to aforesaid operations instruction, and from above-mentioned information server, obtain the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation.
For identification information, owing to being no longer the mode of " What You See Is What You Get ", user is needed to think deeply answer, therefore suitable prompting can be carried out to user, this prompting can perform according to certain rule, such as: assuming that the name of object corresponding to above-mentioned identification information is Liu Jinxing and is primary school classmate, so can remind the information of primary school classmate.Specific as follows: further, as shown in Figure 4, above-mentioned server also comprises:
Information extraction unit 401, for extracting the information related item of above-mentioned identification information as information;
Identifying code transmitting element 303, also for above-mentioned information is sent to above-mentioned terminal.
For identification information, owing to being no longer the mode of " What You See Is What You Get ", user is needed to think deeply answer, therefore suitable prompting can be carried out to user, this prompting is except use Word message is reminded, image information can also be used remind, as long as it is just passable that this image and answer have contacting of inherence, such as: the identification information of the name in aforementioned citing, then can extract the head portrait of object corresponding to above-mentioned identification information as information, specific as follows: alternatively, above-mentioned information extraction unit 401, for extracting the image information relevant to above-mentioned default identification information as information.
Alternatively, the embodiment of the present invention additionally provides the preferable examples of identification information, it should be noted that the exhaustive of the not all optional identification information of the citing of following identification information, following identification information can use as preferred scheme, specific as follows: above-mentioned identifying code acquiring unit 302, there is for obtaining the object pointed to aforesaid operations instruction the communication account of the object of incidence relation.
The identification information employing object in the embodiment of the present invention is reminded, so in some scenarios, the user of transmit operation instruction does not also know the answer of this problem, such as network good friend then likely and do not know the Real Name of above-mentioned object registration, the good friend in the reality such as colleague Tong Xue relatives then should know the Real Name of above-mentioned object; Again such as: colleague's network good friend may and do not know, these information of Ji Guan school, but Tong Xue relatives then normally should know.Due to, the mode that the identification information of the embodiment of the present invention gives incidence relation is extracted, therefore can guarantee that the user identity of identifying code problem and transmit operation instruction adapts to completely, thus raising is verified rate, the identifying code avoiding possible inappropriate enquirement to cause is irrational cannot be passed through.
The embodiment of the present invention additionally provides a kind of verification system, as shown in Figure 5, comprising: server 501 and terminal 502; Wherein, the server of any one that provides for the embodiment of the present invention of above-mentioned server 501.
The embodiment of the present invention, by obtaining identifying code problem, and the answer of identifying code problem is made to be the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation, like this, the limitation of identifying code is departed from " What You See Is What You Get " formula, can successfully resist artificial stamp; The identification information context vault that object in addition owing to pointing to operational order has the object of incidence relation is huge storehouse, makes automaton None-identified.In addition, the program does not need to use dynamic verification code, can avoid needing playing that dynamic image is lost time, verification efficiency is low and thoroughly can not resist the various problems such as artificial stamp.Therefore above scheme provides the proof scheme can resisting artificial stamp safely and efficiently.
The embodiment of the present invention additionally provides another kind of verification system, as shown in Figure 6, comprising: Web(webpage) server 601, authentication server 602, identifying code generation server 603, incidence relation server 604 and terminal 605;
The embodiment of the present invention additionally provides another kind of verification system, as shown in Figure 6, comprising: Web(webpage) server 601, authentication server 602, identifying code generation server 603, incidence relation server 604 and terminal 605;
The function of each equipment of above-mentioned verification system is as follows:
Terminal 605: user accesses Web server 601 by the terminal 605 of terminal 605 by URL(uniform resource locator) (UniformResource Locator, URL); And Receipt Validation code problem is shown to user, receives the answer of user and send to authentication server 602.
Web server 601: receiving terminal 605 is by the access of URL(uniform resource locator) (Uniform ResourceLocator, URL), and Web server 601 returns the identifying code picture pulled from identifying code generation server 603 and is presented to user.
Authentication server 602: obtain identifying code from generation server and generate and sign one to one be handed down to terminal 605 by Web server 601 again with identifying code; Whether the answer that verified users is filled in and signature mate.
Identifying code generation server 603: for the user-dependent phone number (as: phone number of certain instant messaging good friend) of Stochastic choice one with transmit operation request, intercepts a few positions in phone number according to pre-defined rule.Then be stored in the medium code to be verified server of internal memory to obtain.
Incidence relation server 604: for storing the incidence relation data between user.Be used for generating identifying code picture for identifying code generation server 603.
As Fig. 7, shown in, based on above system configuration, the concrete scheme flow process that the embodiment of the present invention provides is as follows:
701: terminal receives the operational order of user, and operational order is sent to Web server;
The operational order received is transmitted to authentication server by 702:Web server;
703: authentication server, according to above-mentioned solicit operation backlog information, if determine that above-mentioned solicit operation item needs to verify, then sends identifying code request message to identifying code generation server;
Above-mentioned identifying code request message can carry the object information that operational order points to, and the user profile of terminal.
704: after identifying code generation server receives identifying code request message, send information acquisition request to incidence relation server;
This information acquisition request can carry the object information that operational order points to, and the user profile of terminal.
705: the object that incidence relation server points to according to aforesaid operations instruction in information acquisition request, obtain the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation, and the identification information object pointed to aforesaid operations instruction got with the object of incidence relation sends to identifying code generation server;
706: identifying code generation server, the above-mentioned object pointed to aforesaid operations instruction received is had the identification information of the object of incidence relation and generates identifying code problem; The answer of above-mentioned identifying code problem is the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation; And the answer of identifying code problem and identifying code problem is sent to authentication server;
707: after identifying code server receives the answer of identifying code problem and identifying code problem, identifying code problem is sent to Web server;
The identifying code problem received is transmitted to terminal by 708:Web server;
709: after terminal receives identifying code problem, display identifying code problem, and the authorization information that user inputs is sent to Web server;
The authorization information received is sent to authentication server by 710:Web server;
711: authentication server determines that whether the authorization information received is identical with the answer of identifying code problem, if identical, then confirm to be verified, otherwise determine authentication failed.
The embodiment of the present invention additionally provides another kind of server, as shown in Figure 8, comprising: receiver 801, reflector 802, processor 803 and memory 804;
Wherein, above-mentioned processor 803, performs for controlling: the operational order receiving self terminal; After confirmation needs to verify aforesaid operations instruction, obtain identifying code problem, and send to above-mentioned terminal; The answer of above-mentioned identifying code problem is the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation; Receive the authorization information from above-mentioned terminal, if above-mentioned authorization information is identical with above-mentioned identification information, then confirms to be verified, otherwise determine authentication failed.
Aforesaid operations instruction, can carry out the arbitrary operational order of self terminal, such as checks the operational order of spatial information, the operational order sending information first, the operational order that logs in first etc.Concrete operational order, can be the operational order that may need arbitrarily to carry out verifying, the embodiment of the present invention will not limit this.
The embodiment of the present invention, by obtaining identifying code problem, and the answer of identifying code problem is made to be the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation, like this, the limitation of identifying code is departed from " What You See Is What You Get " formula, can successfully resist artificial stamp; The identification information context vault that object in addition owing to pointing to operational order has the object of incidence relation is huge storehouse, makes automaton None-identified.In addition, the program does not need to use dynamic verification code, can avoid needing playing that dynamic image is lost time, verification efficiency is low and thoroughly can not resist the various problems such as artificial stamp.Therefore above scheme provides the proof scheme can resisting artificial stamp safely and efficiently.
In addition, in embodiments of the present invention, following scheme can also be adopted to improve fail safe further: above-mentioned identifying code problem is different from a front identifying code problem of above-mentioned terminal, and answer corresponding to this identifying code is also different from the answer of a front identifying code problem.
In embodiments of the present invention, identification information is that the object that operational order points to has the identification information of the object of incidence relation, and identification information is used to identification of object, is kept at server side and preserves.Behaviour instruction point to object, be then operational order for object, such as: in login process, logging request for account be exactly a comparatively common class.The acquiring way of above-mentioned incidence relation can be obtained by various databases such as the buddy lists of cell phone address book, instant messaging, and the concrete source embodiment of the present invention can refuse uniqueness restriction.Identification information is used to mark " object ", in cell phone address book, as a rule can with cell-phone number as identification information, and the buddy list of instant messaging, then can adopt the data such as instant messaging account or Real Name as identification information.Based on different incidence relations, the identification information for identification of object can also be such as: native place, native place, location, cell-phone number, even identification card number etc.Although these information are objects that aforesaid operations instruction is pointed to have the privately owned identification information of the object of incidence relation, but based on specific application scenarios, some information should be that the user of transmit operation instruction should know, such as: in social networks, cell-phone number, name, the information such as native place or location of this object.These information, can leave the server side providing respective application to serve in, obtain in the process of identifying code and can extract these information.Due to identification information, for code work, cannot know, therefore can resist artificial stamp.The database of these information is huge in addition, and automaton also cannot crack.
For the identifying code problem of identification information, can directly put question to identification information, also can process identification information and obtain default identification information, this default identification information can carry out suitable prompting to a side user of transmit operation instruction like this.Such as in instant messaging related application, assuming that the cell-phone number of good friend's (above-mentioned object) is 18888888888; Directly carrying out enquirement to identification information can be as follows: please input good friend's cell-phone number; If default identification information, can then send 1888888 in the lump? 8 give above-mentioned terminal demonstration to user, so user it will be appreciated that: please input good friend's name, and prompting in addition " 1888888 8 " concrete scheme is as follows: further, above-mentioned processor 803, also performs for controlling: obtain the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation, and according to pre-defined rule, above-mentioned identification information is generated default identification information; Above-mentioned identifying code problem comprises above-mentioned default identification information.
Alternatively, the embodiment of the present invention additionally provides the acquisition scheme of identification information, incidence relation data and identification information can leave this locality in, also may leave on the server providing respective application to serve, specific as follows: above-mentioned processor 803, perform for controlling: the identification information that the object that above-mentioned acquisition and aforesaid operations instruction are pointed to has the object of incidence relation comprises: determine the object that aforesaid operations instruction is pointed to, and from local data base, obtain the incidence relation data of the object pointed to aforesaid operations instruction, determine that the object pointed to above-mentioned behaviour's instruction has the object of incidence relation according to above-mentioned incidence relation data, and obtain the identification information that the object pointed to above-mentioned behaviour's instruction determined has the object of incidence relation, or, determine the object that aforesaid operations instruction is pointed to, and determine the information server at the incidence relation data place of the object pointed to aforesaid operations instruction, and from above-mentioned information server, obtain the identification information that the object pointed to aforesaid operations instruction has the object of incidence relation.
For identification information, owing to being no longer the mode of " What You See Is What You Get ", user is needed to think deeply answer, therefore suitable prompting can be carried out to user, this prompting can perform according to certain rule, such as: assuming that the name of object corresponding to above-mentioned identification information is Liu Jinxing and is primary school classmate, so can remind the information of primary school classmate.Specific as follows: further, above-mentioned processor 803, also performs for controlling: extract the information related item of above-mentioned identification information as information, and above-mentioned information is sent to above-mentioned terminal.
For identification information, owing to being no longer the mode of " What You See Is What You Get ", user is needed to think deeply answer, therefore suitable prompting can be carried out to user, this prompting is except use Word message is reminded, image information can also be used remind, as long as it is just passable that this image and answer have contacting of inherence, such as: the identification information of the name in aforementioned citing, then can extract the head portrait of object corresponding to above-mentioned identification information as information, specific as follows: alternatively, above-mentioned processor 803, perform for controlling: the information related item of the above-mentioned identification information of said extracted comprises as information: extract the image information relevant to above-mentioned default identification information as information.
Alternatively, the embodiment of the present invention additionally provides the preferable examples of identification information, it should be noted that the exhaustive of the not all optional identification information of the citing of following identification information, following identification information can use as preferred scheme, specific as follows: above-mentioned processor 803, comprise for the above-mentioned identification information controlling to obtain: the object pointed to aforesaid operations instruction has the communication account of the object of incidence relation.
The identification information employing object in the embodiment of the present invention is reminded, so in some scenarios, the user of transmit operation instruction does not also know the answer of this problem, such as network good friend then likely and do not know the Real Name of above-mentioned object registration, the good friend in the reality such as colleague Tong Xue relatives then should know the Real Name of above-mentioned object; Again such as: colleague's network good friend may and do not know, these information of Ji Guan school, but Tong Xue relatives then normally should know.Due to, the mode that the identification information of the embodiment of the present invention gives incidence relation is extracted, therefore can guarantee that the user identity of identifying code problem and transmit operation instruction adapts to completely, thus raising is verified rate, the identifying code avoiding possible inappropriate enquirement to cause is irrational cannot be passed through.
Fig. 9 is a kind of server architecture schematic diagram that the embodiment of the present invention provides, this server 900 can produce larger difference because of configuration or performance difference, one or more central processing units (central processing units can be comprised, CPU) 922(such as, one or more processors) and memory 932, one or more store storage medium 930(such as one or more mass memory units of application program 942 or data 944).Wherein, memory 932 and storage medium 930 can be of short duration storages or store lastingly.The program being stored in storage medium 930 can comprise one or more modules (diagram does not mark), and each module can comprise a series of command operatings in server.Further, central processing unit 922 can be set to communicate with storage medium 930, and server 900 performs a series of command operatings in storage medium 930.
Server 900 can also comprise one or more power supplys 926, one or more wired or wireless network interfaces 950, one or more input/output interfaces 958, and/or, one or more operating systems 941, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM etc.
Step in above-described embodiment performed by server can based on the server architecture shown in this Fig. 9.
It should be noted that in above-mentioned server example, included unit is carry out dividing according to function logic, but is not limited to above-mentioned division, as long as can realize corresponding function; In addition, the concrete title of each functional unit, also just for the ease of mutual differentiation, is not limited to protection scope of the present invention.
In addition, one of ordinary skill in the art will appreciate that all or part of step realized in above-mentioned each embodiment of the method is that the hardware that can carry out instruction relevant by program completes, corresponding program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
These are only the present invention's preferably embodiment; but protection scope of the present invention is not limited thereto; anyly be familiar with those skilled in the art in the technical scope that the embodiment of the present invention discloses, the change that can expect easily or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (13)
1. a verification method, is characterized in that, comprising:
Server receives the operational order of self terminal;
After confirmation needs are verified described operational order, obtain identifying code problem, and send to described terminal; The answer of described identifying code problem is the identification information that the object pointed to described operational order has the object of incidence relation;
Receive the authorization information from described terminal, if described authorization information is identical with described identification information, then confirms to be verified, otherwise determine authentication failed.
2. method according to claim 1, is characterized in that, also comprise:
Obtain the identification information that the object pointed to described operational order has the object of incidence relation, and according to pre-defined rule, described identification information is generated default identification information;
Described identifying code problem comprises described default identification information.
3. method according to claim 2, it is characterized in that, the identification information that the object that described acquisition and described operational order point to has the object of incidence relation comprises:
Determine the object that described operational order points to, and from local data base, obtain the incidence relation data of the object pointed to described operational order, determine that the object pointed to described behaviour's instruction has the object of incidence relation according to described incidence relation data, and obtain the identification information that the object pointed to described behaviour's instruction determined has the object of incidence relation, or, determine the object that described operational order points to, and determine the information server at the incidence relation data place of the object pointed to described operational order, and from described information server, obtain the identification information that the object pointed to described operational order has the object of incidence relation.
4. method according to claims 1 to 3 any one, is characterized in that, also comprise:
Extract the information related item of described identification information as information, and described information is sent to described terminal.
5. method according to claim 4, it is characterized in that, the information related item of the described identification information of described extraction comprises as information: extract the image information relevant to described default identification information as information.
6. method according to claims 1 to 3 any one, is characterized in that,
Described identification information comprises: the object pointed to described operational order has the communication account of the object of incidence relation.
7. a server, is characterized in that, comprising:
Instruction reception unit, for receiving the operational order of self terminal;
Identifying code acquiring unit, for after confirmation needs are verified described operational order, obtains identifying code problem; The answer of described identifying code problem is the identification information that the object pointed to described operational order has the object of incidence relation;
Identifying code transmitting element, sends to described terminal for the identifying code problem obtained by described identifying code acquiring unit;
Information receiving unit, for receiving the authorization information from described terminal;
Authentication unit, if the described authorization information received for described information receiving unit is identical with described identification information, then confirms to be verified, otherwise determines authentication failed.
8. server according to claim 7, is characterized in that,
Described identifying code acquiring unit, also has the identification information of the object of incidence relation, and according to pre-defined rule, described identification information is generated default identification information for obtaining the object pointed to described operational order; Described identifying code problem comprises described default identification information.
9. server according to claim 8, is characterized in that,
Described identifying code acquiring unit, for determining the object that described operational order points to, and from local data base, obtain the incidence relation data of the object pointed to described operational order, determine that the object pointed to described behaviour's instruction has the object of incidence relation according to described incidence relation data, and obtain the identification information that the object pointed to described behaviour's instruction determined has the object of incidence relation, or, determine the object that described operational order points to, and determine the information server at the incidence relation data place of the object pointed to described operational order, and from described information server, obtain the identification information that the object pointed to described operational order has the object of incidence relation.
10. server according to claim 7 to 9 any one, is characterized in that, described server also comprises:
Information extraction unit, for extracting the information related item of described identification information as information;
Identifying code transmitting element, also for described information is sent to described terminal.
11. servers according to claim 10, is characterized in that,
Described information extraction unit, for extracting the image information relevant to described default identification information as information.
12. according to claim 7 to 9 any one server, it is characterized in that,
Described identifying code acquiring unit, has the communication account of the object of incidence relation for obtaining the object pointed to described operational order.
13. 1 kinds of verification systems, comprising: server and terminal; It is characterized in that, described server is the server of claim 7 to 12 any one.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410163415.0A CN105007255A (en) | 2014-04-22 | 2014-04-22 | Verification method, server and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410163415.0A CN105007255A (en) | 2014-04-22 | 2014-04-22 | Verification method, server and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105007255A true CN105007255A (en) | 2015-10-28 |
Family
ID=54379779
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410163415.0A Pending CN105007255A (en) | 2014-04-22 | 2014-04-22 | Verification method, server and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105007255A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105516133A (en) * | 2015-12-08 | 2016-04-20 | 腾讯科技(深圳)有限公司 | User identity verification method, server and client |
| CN106332054A (en) * | 2016-10-20 | 2017-01-11 | 广东欧珀移动通信有限公司 | Method and device for identifying verification in data migration |
| WO2017076186A1 (en) * | 2015-11-03 | 2017-05-11 | 腾讯科技(深圳)有限公司 | Sliding verification method and apparatus for handheld mobile device |
| CN107872438A (en) * | 2016-09-28 | 2018-04-03 | 腾讯科技(深圳)有限公司 | A kind of verification method, device and terminal |
| CN110543754A (en) * | 2018-05-29 | 2019-12-06 | 武汉极意网络科技有限公司 | memory, verification code implementation method, device and equipment |
| CN113836509A (en) * | 2021-09-23 | 2021-12-24 | 百度在线网络技术(北京)有限公司 | Information acquisition method and device, electronic equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040010698A1 (en) * | 2002-05-30 | 2004-01-15 | Rolfe Andrew R. | Digital certificate system incorporating voice biometric processing |
| CN102361479A (en) * | 2011-06-24 | 2012-02-22 | 上海合合信息科技发展有限公司 | Method and system for obtaining designated information |
| CN103138921A (en) * | 2011-11-22 | 2013-06-05 | 阿里巴巴集团控股有限公司 | Method and system for verifying identity information |
-
2014
- 2014-04-22 CN CN201410163415.0A patent/CN105007255A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040010698A1 (en) * | 2002-05-30 | 2004-01-15 | Rolfe Andrew R. | Digital certificate system incorporating voice biometric processing |
| CN102361479A (en) * | 2011-06-24 | 2012-02-22 | 上海合合信息科技发展有限公司 | Method and system for obtaining designated information |
| CN103138921A (en) * | 2011-11-22 | 2013-06-05 | 阿里巴巴集团控股有限公司 | Method and system for verifying identity information |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017076186A1 (en) * | 2015-11-03 | 2017-05-11 | 腾讯科技(深圳)有限公司 | Sliding verification method and apparatus for handheld mobile device |
| CN105516133A (en) * | 2015-12-08 | 2016-04-20 | 腾讯科技(深圳)有限公司 | User identity verification method, server and client |
| CN105516133B (en) * | 2015-12-08 | 2019-12-13 | 腾讯科技(深圳)有限公司 | User identity verification method, server and client |
| CN107872438A (en) * | 2016-09-28 | 2018-04-03 | 腾讯科技(深圳)有限公司 | A kind of verification method, device and terminal |
| CN106332054A (en) * | 2016-10-20 | 2017-01-11 | 广东欧珀移动通信有限公司 | Method and device for identifying verification in data migration |
| CN106332054B (en) * | 2016-10-20 | 2018-03-27 | 广东欧珀移动通信有限公司 | The method and device of Data Migration authentication |
| CN110543754A (en) * | 2018-05-29 | 2019-12-06 | 武汉极意网络科技有限公司 | memory, verification code implementation method, device and equipment |
| CN113836509A (en) * | 2021-09-23 | 2021-12-24 | 百度在线网络技术(北京)有限公司 | Information acquisition method and device, electronic equipment and storage medium |
| CN113836509B (en) * | 2021-09-23 | 2024-03-01 | 百度在线网络技术(北京)有限公司 | Information acquisition method, device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10050952B2 (en) | Smart phone login using QR code | |
| US8485438B2 (en) | Mobile computing device authentication using scannable images | |
| CN105007255A (en) | Verification method, server and system | |
| US8613066B1 (en) | Techniques for user authentication | |
| CN111241517B (en) | Method and device for constructing biological feature verification question-answer library | |
| US10110521B2 (en) | Communication support system | |
| CN104283682A (en) | Method, device and system conducting verification through verification codes | |
| CN104618315B (en) | A kind of method, apparatus and system of verification information push and Information Authentication | |
| CN105024814A (en) | Verifying method, server and system | |
| US9747434B1 (en) | Authenticating with an external device by providing a message having message fields arranged in a particular message field order | |
| CN103927464A (en) | Common validation method, and method, device and system for generating two dimensional code | |
| WO2014012476A1 (en) | Method and system of login authentication | |
| CN105208013A (en) | Cross-device high-security non-password login method | |
| CN110162994A (en) | Authority control method, system, electronic equipment and computer readable storage medium | |
| CN103036680A (en) | Realm name certification system and method based on biological feature recognition | |
| CN106470145B (en) | Instant messaging method and device | |
| US20200285836A1 (en) | Systems and methods for secure user logins with facial recognition and blockchain | |
| CN107040518A (en) | A kind of private clound server log method and system | |
| CN106385506A (en) | Information notification management method and device | |
| CN104104657A (en) | Information validation method, server, terminal and system | |
| WO2021159669A1 (en) | Secure system login method and apparatus, computer device, and storage medium | |
| CN105162604A (en) | Feature image identification based verification method and system, and verification server | |
| CN104618356B (en) | Auth method and device | |
| KR20150133055A (en) | An electronic attendance method with a wireless access point | |
| US8495716B1 (en) | Systems and methods for facilitating online authentication from untrusted computing devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151028 |
|
| RJ01 | Rejection of invention patent application after publication |