CN105306206B

CN105306206B - Verification interaction method, related device and communication system

Info

Publication number: CN105306206B
Application number: CN201410347824.6A
Authority: CN
Inventors: 张东蕊; 陈远斌; 唐艳平; 宋梁山; 付晓强
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2014-07-21
Filing date: 2014-07-21
Publication date: 2020-06-05
Anticipated expiration: 2034-07-21
Also published as: CN105306206A

Abstract

The embodiment of the invention discloses a verification interaction method, a related device and a communication system. A method of verifying interaction comprising: receiving a verification request message from a client; sending a first verification interaction message containing N1 sub-pictures to the client; the N1 sub pictures are obtained by cutting verification pictures, the N1 sub pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, N1 and N2 are positive integers, N1 is more than 1, and m is an integer more than 4; and if a second verification interactive message containing a spliced picture obtained by splicing the N1 sub-pictures is received from the client, determining a verification result by comparing the spliced picture with the verification picture. The scheme of the embodiment of the invention is beneficial to improving the capability of preventing the brute force of the malicious client in the verification process.

Description

Verification interaction method, related device and communication system

Technical Field

The invention relates to the technical field of Internet protocol security, in particular to a verification interaction method, a related device and a communication system.

Background

The verification code is an additional verification means commonly used in internet services and used for resisting batch malicious clients, and is mainly applied to scenes such as account registration, account login, forum posting, microblog speaking and the like.

The puzzle verification code is a novel verification code, and the server cuts a verification picture into a plurality of sub-pictures and then sends the sub-pictures to the client. The client side splices the multiple sub-pictures to obtain a spliced picture, then sends the spliced picture to the server, and the server determines whether verification is successful according to a comparison result of the spliced picture and an original verification picture.

During research and practice, the inventor of the present invention finds that at least the following technical problems exist in the prior art: some malicious clients use the automata to violently crack the puzzle verification codes, and because some sub-pictures are cut into quadrangles in the prior art, the automata of the malicious clients can obtain correct picture splicing results through a small amount of tests, so that the prior art is weak in capability of preventing violent cracking of the malicious clients.

Disclosure of Invention

The embodiment of the invention provides a verification interaction method, a related device and a communication system, aiming at improving the capability of preventing violent cracking of a malicious client in the verification process.

A first aspect of the present invention provides a method of verifying interaction, comprising:

receiving a verification request message from a client;

sending a first verification interaction message containing N1 sub-pictures to the client; wherein the N1 sub-pictures are obtained by cutting verification pictures, the N1 sub-pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers, the N1 is greater than 1, and the m is an integer greater than 4;

and if a second verification interactive message which is from the client and contains a spliced picture obtained by splicing the N1 sub-pictures is received, comparing the spliced picture with the verification picture to determine a verification result.

A second aspect of the present invention provides a method of verifying interaction, comprising:

sending a verification request message to a server;

receiving a first verification interaction message from the server, wherein the first verification interaction message comprises N1 sub-pictures obtained by cutting a verification picture, wherein the N1 sub-pictures comprise a base picture and N1-1 option pictures, wherein the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, wherein N1 and N2 are positive integers, N1 is greater than 1, and m is an integer greater than 4;

and sending a second verification interactive message containing a spliced picture obtained by splicing the N1 sub-pictures to the server.

A third aspect of the present invention provides a verification interaction apparatus, comprising:

a receiving unit, configured to receive a verification request message from a client;

a sending unit, configured to send a first verification interaction message containing N1 sub-pictures to the client;

wherein the N1 sub-pictures are obtained by cutting verification pictures, the N1 sub-pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers, the N1 is greater than 1, and the m is an integer greater than 4;

and the verification unit is used for comparing the spliced picture with the verification picture to determine a verification result if a second verification interaction message which is from the client and contains the spliced picture obtained by splicing the N1 sub-pictures is received.

A fourth aspect of the present invention provides a verification interaction apparatus, including:

a sending unit, configured to send a verification request message to a server;

a receiving unit, configured to receive a first verification interaction message from the server, where the first verification interaction message includes N1 sub-pictures obtained by cutting a verification picture, where the N1 sub-pictures include a base picture and N1-1 option pictures, where N2 option pictures in the N1-1 option pictures have at least m symmetry axes in shape, where N1 and N2 are positive integers, N1 is greater than 1, and m is an integer greater than 4;

and the verification interaction unit is used for sending a second verification interaction message containing a spliced picture obtained by splicing the N1 sub-pictures to the server.

A fifth aspect of the present invention provides a communication system comprising:

the client is used for sending a verification request message to the server;

the server is used for receiving a verification request message from a client; sending a first verification interaction message containing N1 sub-pictures to the client, wherein the N1 sub-pictures are obtained by cutting verification pictures, the N1 sub-pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers, the N1 is greater than 1, and the m is an integer greater than 4; and if a second verification interactive message which is from the client and contains a spliced picture obtained by splicing the N1 sub-pictures is received, comparing the spliced picture with the verification picture to determine a verification result.

It can be seen that in the scheme provided in the embodiment of the present invention, after receiving a verification request message from a client, a server sends a first verification interaction message including N1 sub-pictures to the client, where the N1 sub-pictures are obtained by cutting a verification picture, the N1 sub-pictures include a base picture and N1-1 option pictures, shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and N2 are positive integers, the N1 is greater than 1, and m is an integer greater than 4. The N2 option pictures in the N1-1 option pictures have m symmetry axes at least larger than 4, and researches show that the more the symmetry axes of the sub pictures are, the more the times of sub picture rotation tests of a malicious client side are, and along with the increase of the number of the option pictures, the number of the symmetry axes of the option pictures is increased, the number of the tests required by brute force cracking of a port of the malicious client side is increased to be close to the increase of geometric progression, so that brute force cracking difficulty is increased to a certain extent, and the scheme is favorable for improving the capability of preventing the brute force cracking of the malicious client side in the verification process.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a schematic flowchart of a verification interaction method according to an embodiment of the present invention;

FIG. 2 is a flow chart of another method for authentication interaction according to an embodiment of the present invention;

fig. 3-a is a schematic diagram of an architecture of a communication system according to an embodiment of the present invention;

3-b is a flow diagram illustrating another method of authentication interaction provided by embodiments of the present invention;

FIG. 3-c is a schematic diagram of a cut verification picture according to an embodiment of the present invention;

fig. 3-d is a schematic diagram of a stitching verification picture according to an embodiment of the present invention;

fig. 3-e is a schematic diagram of an architecture of another communication system provided by an embodiment of the present invention;

fig. 4-a is a schematic structural diagram of another communication system provided by the embodiment of the present invention;

FIG. 4-b is a flow chart of another method for verifying interaction according to an embodiment of the present invention;

fig. 5-a is a schematic structural diagram of another communication system provided by the embodiment of the present invention;

FIG. 5-b is a flow chart of another method for verifying interaction according to an embodiment of the present invention;

FIG. 6 is a flow chart of another method for verifying interaction according to an embodiment of the present invention;

fig. 7-a is a schematic diagram of an architecture of another communication system provided by an embodiment of the present invention;

FIG. 7-b is a flow chart illustrating another method of authentication interaction according to an embodiment of the present invention;

FIG. 8 is a schematic diagram of an authentication interaction device provided by an embodiment of the present invention;

FIG. 9 is a schematic diagram of a server provided by an embodiment of the invention;

FIG. 10 is a schematic diagram of another server provided by embodiments of the present invention;

FIG. 11 is a schematic diagram of another authentication interaction device provided by embodiments of the present invention;

fig. 12 is a schematic diagram of a client according to an embodiment of the present invention;

fig. 13 is a schematic diagram of another client provided by an embodiment of the present invention;

fig. 14 is a schematic diagram of a communication system according to an embodiment of the present invention.

Detailed Description

In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

The following are detailed below.

The terms "first," "second," "third," and "fourth," etc. in the description and claims of the invention and the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.

The following scenario description is first made from the server perspective.

The present invention verifies one embodiment of an interactive method. A method of verifying interaction may comprise: receiving a verification request message from a client; sending a first verification interaction message containing N1 sub-pictures to the client, wherein the N1 sub-pictures are obtained by cutting verification pictures, the N1 sub-pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers, the N1 is greater than 1, and the m is an integer greater than 4; and if a second verification interactive message which is from the client and contains a spliced picture obtained by splicing the N1 sub-pictures is received, comparing the spliced picture with the verification picture to determine a verification result.

Referring to fig. 1, fig. 1 is a schematic flowchart illustrating a verification interaction method according to an embodiment of the present invention. As shown in fig. 1, a verification interaction method provided by an embodiment of the present invention may include:

101. the server receives an authentication request message from the client.

For example, in the scenarios of account registration, account login, forum posting, microblog speaking, etc., the server may receive a verification request message from the client. The verification request message may specifically be a message dedicated to request verification, or may also be a message that is not dedicated to request verification, such as an account registration request mainly used for requesting account registration, an account login request mainly used for requesting account login, a forum posting request mainly used for requesting forum posting, or a microblog posting request mainly used for requesting microblog posting, and the like. That is, in some scenarios, the authentication request message from the client may be a message sent by the client specifically for requesting authentication. In other scenarios, the authentication request message from the client may be a message sent by the client to mainly request other service messages, which will trigger authentication, and thus may also be referred to as an authentication request message. In other words, the authentication request message in the embodiment of the present invention is a message that can trigger authentication.

102. The server may send a first verification interaction message containing N1 sub-pictures to the client.

The N1 sub pictures are obtained by cutting verification pictures, the N1 sub pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers, the N1 is greater than 1, and the m is an integer greater than 4. Wherein the N2 is less than or equal to the N1-1.

For example, the server may cut the verification picture into N1 sub-pictures. Alternatively, the server may instruct a captcha server to cut a verification picture into N1 sub-pictures and obtain N1 sub-pictures from the captcha server that result from cutting the verification picture.

The specific values of N1, N2 and m can be specifically determined according to the specific requirement of verification complexity. For example, the N1 may be equal to 2, 3, 4, 5, 6, 8, 10, 20, 30, or other values. For example, the N2 may be equal to 1, 2, 3, 4, 5, 7, 9, 19, 29, or other values. For example, m may be equal to 5, 6, 7, 10, 30, 50, 100, 300, 1000, or other values.

103. And if the server receives a second verification interactive message which is from the client and contains a spliced picture obtained by splicing the N1 sub-pictures, determining a verification result by comparing the spliced picture with the verification picture.

The server can determine a verification result by comparing the spliced picture with the verification picture, and can also instruct the verification server to determine the verification result by comparing the spliced picture with the verification picture.

The server in this embodiment may be a site server, a game server, an application store server, or the like that can provide services to the client, and of course, the server may also be an authentication server for authentication.

It can be seen that in the scheme provided in this embodiment, after receiving a verification request message from a client, a server sends a first verification interaction message including N1 sub-pictures to the client, where the N1 sub-pictures are obtained by cutting a verification picture, the N1 sub-pictures include a base picture and N1-1 option pictures, where the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and N2 are positive integers, and the N1 is greater than 1, where m is an integer greater than 4. The N2 option pictures in the N1-1 option pictures have m symmetry axes at least larger than 4, and researches show that the more the symmetry axes of the sub pictures are, the more the times of sub picture rotation tests of a malicious client side are, and along with the increase of the number of the option pictures, the number of the symmetry axes of the option pictures is increased, the number of the tests required by brute force cracking of a port of the malicious client side is increased to be close to the increase of geometric progression, so that brute force cracking difficulty is increased to a certain extent, and the scheme is favorable for improving the capability of preventing the brute force cracking of the malicious client side in the verification process.

It will be appreciated that if the shape of the sub-picture is circular, the sub-picture has numerous axes of symmetry. The more the symmetry axes of the sub-pictures serving as the option pictures are, the more the times of the malicious client side for performing the sub-picture rotation test are, and the circular sub-pictures have countless symmetry axes, so that the times of the malicious client side for performing the sub-picture rotation test are theoretically the most numerous times, the brute force cracking difficulty can be increased to a great extent, the capability of preventing the malicious client side from brute force cracking in the verification process can be greatly improved, and the invalid occupation of the malicious client side on internet resources can be reduced.

Optionally, in some possible embodiments of the present invention, if the client is marked as a suspected malicious client, the m is greater than or equal to 20, 30, 53, 87, 100, 200, or 500, or another value greater than 4. If the client is marked as a suspected malicious client, the value obtained by dividing the N2 by the N1-1 is greater than or equal to a second threshold (which may be equal to 0.8, 0.9, 0.95, or 1, for example). If the client is marked as a suspected malicious client, N2 may be greater than 5, 6, 8, 10, 15, or other value greater than 1. For example, the server may set a decision condition to determine whether the client sending the authentication request message is possibly a malicious client according to the frequency or other performance characteristics of the authentication request sent by a certain client, and the specific policy for marking the client as a suspected malicious client is not limited in the embodiment of the present invention. For example, when a client that finds an Internet Protocol (IP) address repeatedly sends a verification request message on the same login page within seconds or minutes, the client can be determined to have a high probability of being a malicious client, and can be marked as a suspected malicious client, and subsequently, a verification code with high cracking difficulty can be sent to the client (the more sub-pictures are, the more sub-picture symmetry axes are, the higher cracking difficulty is), so that the interference effect on the malicious client is enhanced. If the server judges that a certain client is more likely to be a normal client, the server subsequently sends the verification code with lower cracking difficulty so as to reduce the image reading difficulty and the comfort level of the user.

It can be understood that a mechanism for adjusting the verification complexity based on the suspected malicious client mark is introduced, which is beneficial to better considering both the user experience and the anti-cracking capability.

Optionally, in some possible embodiments of the present invention, the determining a verification result by comparing the stitched image with the verification image may include: comparing the spliced picture with the verification picture; if the similarity between the spliced picture and the verification picture is greater than or equal to a first threshold (the first threshold may be, for example, 90%, 95%, 98%, 99% or 100% or other values that can meet the requirement), determining that the verification result is successful; and if the similarity between the spliced picture and the verification picture is smaller than the first threshold value through comparison, determining that the verification result is verification failure.

Optionally, in some possible embodiments of the present invention, a shape of a first option picture of the N2 option pictures is a circle. For example, the first option picture is any one sub-picture of the N2 option pictures. For example, some or all of the N2 option pictures may be circular in shape.

Optionally, in some possible embodiments of the present invention, a shape of a second option picture of the N2 option pictures is a regular k-edge, where k is an integer greater than 4, for example, k is equal to 5, 6, 7, or 10, 35, 57, 108, 390, 1500, or other values. For example, the second option picture may be any one sub-picture of the N2 option pictures. For example, the shape of some or all of the N2 option pictures may be a regular k-polygon.

Optionally, in some possible embodiments of the present invention, a shape of a third option picture of the N2 option pictures is an irregular figure. Although the shape of the third option picture is an irregular figure, the symmetry axis of the third option picture still exceeds 4 in shape. For example, the third option picture may be any one sub-picture of the N2 option pictures. For example, the shape of some or all of the N2 option pictures can be irregular patterns with symmetry axes exceeding 4.

The following scenario description is from the client perspective.

The invention verifies another embodiment of the interactive method. Another method of verification interaction may include: sending a verification request message to a server; receiving a first verification interaction message from the server, wherein the first verification interaction message comprises N1 sub-pictures obtained by cutting verification pictures, the N1 sub-pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, wherein N1 and N2 are positive integers, N1 is greater than 1, and m is an integer greater than 4; and sending a second verification interactive message containing a spliced picture obtained by splicing the N1 sub-pictures to the server.

Referring to fig. 2, fig. 2 is a schematic flowchart of another verification interaction method according to another embodiment of the present invention. As shown in fig. 2, another verification interaction method provided by another embodiment of the present invention may include:

201. the client sends an authentication request message to the server.

The server may receive a verification request message from the client.

202. The client receives a first verification interaction message from the server.

Wherein the first authentication interaction message comprises N1 sub-pictures obtained by cutting the authentication picture.

Wherein the N1 sub-pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, wherein the N1 and the N2 are positive integers and the N1 is greater than 1, and the m is an integer greater than 4.

203. And the client sends a second verification interactive message containing a spliced picture obtained by splicing the N1 sub-pictures to the server. So that the verification server or the server determines the verification result by comparing the spliced picture with the verification picture.

Since the N1-1 option pictures are embedded in the base picture, the client can embed the N1-1 option pictures in the holes formed by cutting the option pictures on the base picture, thereby obtaining a spliced picture.

Optionally, in some possible embodiments of the present invention, if the client is marked as a suspected malicious client, the m is greater than or equal to 20, 30, 53, 87, 100, 200, or 500, or another value greater than 4. If the client is marked as a suspected malicious client, the value obtained by dividing the N2 by the N1-1 is greater than or equal to a second threshold (which may be equal to 0.8, 0.9, 0.95, or 1, for example). If the client is marked as a suspected malicious client, N2 may be greater than 5, 6, 8, 10, 15, or other value greater than 1. For example, the server may set a decision condition to determine whether the client sending the authentication request message is possibly a malicious client according to the frequency or other performance characteristics of the authentication request sent by a certain client, and the specific policy for marking the client as a suspected malicious client is not limited in the embodiment of the present invention. For example, when a client that finds a certain IP address repeatedly sends a verification request message on the same login page within seconds or minutes, the client can be determined to have a high probability of being a malicious client, and can be marked as a suspected malicious client, and subsequently a verification code with high cracking difficulty can be sent to the client (the more sub-pictures are, the more sub-picture symmetry axes are, the higher the cracking difficulty is), so that the interference effect on the malicious client is enhanced. If the server judges that a certain client is more likely to be a normal client, the server subsequently sends the verification code with lower cracking difficulty so as to reduce the image reading difficulty and the comfort level of the user.

Optionally, in some possible embodiments of the present invention, the determining a verification result by comparing the stitched image with the verification image may include: and comparing the spliced picture with the verification picture. If the similarity between the spliced picture and the verification picture is greater than or equal to a first threshold (the first threshold may be, for example, 90%, 95%, 98%, 99% or 100%, or other values that can meet the requirement), the verification result is determined to be successful. And if the similarity between the spliced picture and the verification picture is smaller than the first threshold value through comparison, determining that the verification result is verification failure.

Optionally, the server may further send a verification response message carrying indication information indicating a verification result to the client, and further notify the client of the verification result by displaying the indication. Of course, the server may also notify the client of the verification result by using a hidden indication manner.

Optionally, in some possible embodiments of the present invention, a shape of a second option picture of the N2 option pictures is a regular k-edge, where k is an integer greater than 4, for example, k is equal to 5, 6, 7, 10, or 35, 57, 108, 390, 1500, or other values. For example, the second option picture may be any one sub-picture of the N2 option pictures. For example, the shape of some or all of the N2 option pictures may be a regular k-polygon.

In order to better understand the above solution of the embodiments of the present invention, the following description is made by way of example with some specific application scenarios.

Referring to fig. 3-a, fig. 3-a is a schematic structural diagram of a communication system according to an embodiment of the present invention.

Referring to fig. 3-b, fig. 3-b is a flow chart diagram of another authentication interaction method according to another embodiment of the present invention. The authentication interaction method shown in fig. 3-b can be implemented based on the communication system of the architecture shown in fig. 3-a or a communication system of a modified architecture.

As shown in fig. 3-b, another verification interaction method provided by another embodiment of the present invention specifically includes:

301. the client sends a service request message to the service server.

The service server in this embodiment may be a site server, a game server, an application store server, or other service servers that can provide services to the client.

The service request message may be, for example, an account registration request message, an account login request message, a forum posting request message, a microblog posting request message, or the like.

302. And the service server receives a service request message from the client, and acquires the N1 sub-pictures from the verification code server.

The N1 sub-pictures are obtained by a verification code server by cutting a verification picture, the N1 sub-pictures include a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers, the N1 is greater than 1, and the m is an integer greater than 4.

303. The service server sends a first authentication interaction message containing the N1 sub-pictures to the client.

304. The client receives a first verification interaction message from the service server. And the client sends a second verification interactive message containing a spliced picture obtained by splicing the N1 sub-pictures to the service server.

305. And the service server sends the spliced picture contained in the second verification interactive message to a verification server.

306. The verification server compares the spliced picture with the verification picture to determine a verification result, wherein the verification server can send a notification message carrying indication information for indicating the verification result to the service server.

The verification server can compare the spliced picture with the verification picture; if the similarity between the spliced picture and the verification picture is greater than or equal to a first threshold (the first threshold may be, for example, 90%, 95%, 98%, 99% or 100% or other values that can meet the requirement), determining that the verification result is successful; and if the similarity between the spliced picture and the verification picture is smaller than the first threshold value through comparison, determining that the verification result is verification failure.

The verification server can directly acquire the verification picture from a verification code server, or can acquire the verification picture from the verification code server through a business server.

307. And if the verification result is successful, the service server executes the service corresponding to the service request message. In addition, if the verification result is verification failure, the service server may send a verification failure message to the client.

Referring to fig. 3-c, fig. 3-c illustrates 5 sub-pictures obtained by cutting a verification picture, the 5 sub-pictures including a base picture P01 and 4 option pictures P02 (the 4 option pictures are circular sub-pictures).

The circular sub-picture can enhance the difficulty of detecting the edge similarity, the traditional square sub-picture only has 4 edges, one edge is selected randomly to match the edge similarity, the success rate is high, and the circular sub-picture theoretically increases the infinite possibility.

Referring to fig. 3-d, fig. 3-d illustrates a schematic diagram of sub-picture stitching.

For example, the circular sub-picture enhances the regulation of the rotation angle, and the square can only rotate 90 degrees at a time, and only needs to rotate 4 times in the most ideal case. The circular sub-picture needs to be rotated 6 times in the most ideal case if rotated 60 degrees each time, 12 times in the most ideal case if rotated 30 degrees each time, 36 times in the most ideal case if rotated 10 degrees each time, and so on. And the minimum rotation angle can be dynamically regulated and controlled according to the confrontation condition. Therefore, the circular sub-picture increases the regulation and control flexibility of the rotation angle, and the brute force cracking difficulty can be greatly improved.

In the scheme of the embodiment, the simple interaction is added, the positions of the jigsaw verification codes, which need to be jigsaw, are identified by the circular frames, the anti-edge similarity is matched, and meanwhile, the rotation direction and the angle of the circular shape can be dynamically regulated and controlled, so that the recognition rate of the current automaton to a jigsaw picture is reduced by more than at least one order of magnitude, and the anti-cracking effect can be effectively achieved.

It is to be understood that the authentication code server may be integrated into the authentication server, and the authentication code server and the authentication server may also be integrated into the service server.

Further, referring to fig. 3-e, in the architecture shown in fig. 3-e, the captcha server is integrated into the authentication server. A rule master control server and a material storage server are added to the architecture shown in fig. 3-e. The regular master control server can be used for configuring the puzzle rules (for example, clockwise/counterclockwise, the degree of each rotation, and the like), and the regular master control server can provide the puzzle rules to the verification code server for pulling. The material storage server is used for storing data such as positions, directions and angles required by generation of the jigsaw verification codes and providing the data for the verification code server to pull for use. Of course, the rule master control server and/or the material storage server can also be integrated into the verification server or the verification code server.

Optionally, in some possible embodiments of the present invention, if the client is marked as a suspected malicious client, the m is greater than or equal to 20, 30, 53, 87, 100, 200, or 500, or another value greater than 4. If the client is marked as a suspected malicious client, the value obtained by dividing the N2 by the N1-1 is greater than or equal to a second threshold (which may be equal to 0.8, 0.9, 0.95, or 1, for example). If the client is marked as a suspected malicious client, N2 may be greater than 5, 6, 8, 10, 15, or other value greater than 1. For example, the service server or the authentication server may set a decision condition to determine whether the client sending the authentication request message is possibly a malicious client according to the frequency or other performance characteristics of the authentication request sent by a certain client, and the specific policy that the client is marked as a suspected malicious client is not limited in the embodiment of the present invention. For example, when a client that finds a certain IP address repeatedly sends a verification request message on the same login page within seconds or minutes, the client can be determined to have a high probability of being a malicious client, and can be marked as a suspected malicious client, and subsequently a verification code with high cracking difficulty can be sent to the client (the more sub-pictures are, the more sub-picture symmetry axes are, the higher the cracking difficulty is), so that the interference effect on the malicious client is enhanced. If the service server or the verification server judges that a certain client is more likely to be a normal client, the verification code with lower cracking difficulty is subsequently sent, so that the graph reading difficulty and the comfort level of the user are reduced.

It can be seen that in the scheme provided in this embodiment, after sending a verification request message to a service server, a client receives a first verification interaction message from the service server, where the first verification interaction message includes N1 sub-pictures obtained by cutting a verification picture, where the N1 sub-pictures include a base picture and N1-1 option pictures, and N2 option pictures in the N1-1 option pictures have at least m symmetry axes, where m is an integer greater than 4; and the client sends a second verification interactive message containing a spliced picture obtained by splicing the N1 sub-pictures to the service server, and the service server or the verification server compares the spliced picture with the verification picture to determine a verification result. The N2 option pictures in the N1-1 option pictures have m symmetry axes at least larger than 4, and researches show that the more the symmetry axes of the sub pictures are, the more the times of sub picture rotation tests of a malicious client side are, along with the increase of the number of the option pictures, the number of the symmetry axes of the option pictures is increased, the number of the tests required by brute force cracking of a port of the malicious client side is increased to be close to the increase of geometric progression, so that the brute force cracking difficulty is increased to a certain extent, and the scheme is favorable for improving the capability of preventing the brute force cracking of the malicious client side in the verification process.

Referring to fig. 4-a, fig. 4-a is a schematic structural diagram of a communication system according to an embodiment of the present invention.

Referring to fig. 4-b, fig. 4-b is a flowchart illustrating another authentication interaction method according to another embodiment of the present invention. The authentication interaction method shown in fig. 4-b may be implemented based on the communication system of the architecture shown in fig. 4-a or a communication system of a modified architecture.

As shown in fig. 4-b, another verification interaction method provided by another embodiment of the present invention may include:

401. the client sends a service request message to the service server.

402. And the service server receives an account registration request message from the client, and acquires the N1 sub-pictures from the code verification server.

The N1 sub-pictures are obtained by a verification server through cutting verification pictures, the N1 sub-pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers, the N1 is greater than 1, and the m is an integer greater than 4.

403. The service server sends a first authentication interaction message containing the N1 sub-pictures to the client.

404. The client receives a first verification interaction message from the service server. And the client sends a second verification interactive message containing a spliced picture obtained by splicing the N1 sub-pictures to the service server.

405. And the service server sends the spliced picture contained in the second verification interactive message to a verification server.

406. The verification server compares the spliced picture with the verification picture to determine a verification result, wherein the verification server can send a notification message carrying indication information for indicating the verification result to the service server.

407. And if the verification result is successful, the service server executes the service corresponding to the service request message. In addition, if the verification result is verification failure, the service server may send a verification failure message to the client.

Referring to fig. 5-a, fig. 5-a is a schematic structural diagram of a communication system according to an embodiment of the present invention.

Referring to fig. 5-b, fig. 5-b is a flow chart diagram illustrating another authentication interaction method according to another embodiment of the present invention. The authentication interaction method shown in fig. 5-b may be implemented based on the communication system of the architecture shown in fig. 5-a or a communication system of a modified architecture.

As shown in fig. 5-b, another verification interaction method provided by another embodiment of the present invention specifically may include:

501. the client sends a service request message to the service server.

502. And the service server receives an account registration request message from the client, and cuts the verification picture to obtain N1 sub-pictures.

Wherein the N1 sub-pictures include a base picture and N1-1 option pictures, the shapes of N2 option pictures of the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers and the N1 is greater than 1, the m is an integer greater than 4.

503. The service server sends a first authentication interaction message containing the N1 sub-pictures to the client.

504. The client receives a first verification interaction message from the service server. And the client sends a second verification interactive message containing a spliced picture obtained by splicing the N1 sub-pictures to the service server.

505. And the service server compares the spliced picture with the verification picture to determine a verification result.

The service server can compare the spliced picture with the verification picture; if the similarity between the spliced picture and the verification picture is greater than or equal to a first threshold (the first threshold may be, for example, 90%, 95%, 98%, 99% or 100% or other values that can meet the requirement), determining that the verification result is successful; and if the similarity between the spliced picture and the verification picture is smaller than the first threshold value through comparison, determining that the verification result is verification failure.

506. And if the verification result is successful, the service server executes the service corresponding to the service request message. In addition, if the verification result is verification failure, the service server may send a verification failure message to the client.

Optionally, in some possible embodiments of the present invention, if the client is marked as a suspected malicious client, the m is greater than or equal to 20, 30, 53, 87, 100, 200, or 500, or another value greater than 4. If the client is marked as a suspected malicious client, the value obtained by dividing the N2 by the N1-1 is greater than or equal to a second threshold (which may be equal to 0.8, 0.9, 0.95, or 1, for example). If the client is marked as a suspected malicious client, N2 may be greater than 5, 6, 8, 10, 15, or other value greater than 1. For example, the service server may set a decision condition to determine whether the client sending the authentication request message is possibly a malicious client according to the frequency or other performance characteristics of the authentication request sent by a certain client, and the specific policy for marking the client as a suspected malicious client is not limited in the embodiment of the present invention. For example, when a client that finds a certain IP address repeatedly sends a verification request message on the same login page within seconds or minutes, the client can be determined to have a high probability of being a malicious client, and can be marked as a suspected malicious client, and subsequently a verification code with high cracking difficulty can be sent to the client (the more sub-pictures are, the more sub-picture symmetry axes are, the higher the cracking difficulty is), so that the interference effect on the malicious client is enhanced. If the service server judges that a certain client side is more likely to be a normal client side, the verification code with lower cracking difficulty is sent subsequently, so that the graph reading difficulty and the comfort level of a user are reduced.

It can be seen that in the scheme provided in this embodiment, after sending a verification request message to a service server, a client receives a first verification interaction message from the service server, where the first verification interaction message includes N1 sub-pictures obtained by cutting a verification picture, where the N1 sub-pictures include a base picture and N1-1 option pictures, where N2 option pictures in the N1-1 option pictures have at least m symmetry axes, and m is an integer greater than 4; and the client sends a second verification interactive message containing a spliced picture obtained by splicing the N1 sub-pictures to the service server, and the service server or the verification server compares the spliced picture with the verification picture to determine a verification result. The N2 option pictures in the N1-1 option pictures have m symmetry axes at least larger than 4, and researches show that the more the symmetry axes of the sub pictures are, the more the times of sub picture rotation tests of a malicious client side are, along with the increase of the number of the option pictures, the number of the symmetry axes of the option pictures is increased, the number of the tests required by brute force cracking of a port of the malicious client side is increased to be close to the increase of geometric progression, so that the brute force cracking difficulty is increased to a certain extent, and the scheme is favorable for improving the capability of preventing the brute force cracking of the malicious client side in the verification process.

Referring to fig. 6, fig. 6 is a flowchart illustrating another authentication interaction method according to another embodiment of the present invention. The authentication interaction method shown in fig. 6 may be implemented based on the communication system of the architecture shown in fig. 4-a or a communication system of a modified architecture.

As shown in fig. 6, another verification interaction method provided by another embodiment of the present invention specifically includes:

601. the client sends a service request message to the service server.

602. And the service server receives an account registration request message from the client, and cuts the verification picture to obtain N1 sub-pictures.

603. The service server sends a first authentication interaction message containing the N1 sub-pictures to the client.

604. The client receives a first verification interaction message from the service server. And the client sends a second verification interactive message containing a spliced picture obtained by splicing the N1 sub-pictures to the service server.

605. And the service server sends the spliced picture contained in the second verification interactive message to a verification server.

606. The verification server compares the spliced picture with the verification picture to determine a verification result, wherein the verification server can send a notification message carrying indication information for indicating the verification result to the service server.

607. And if the verification result is successful, the service server executes the service corresponding to the service request message. In addition, if the verification result is verification failure, the service server may send a verification failure message to the client.

Referring to fig. 7-a, fig. 7-a is a schematic structural diagram of a communication system according to an embodiment of the present invention.

Referring to fig. 7-b, fig. 7-b is a flowchart illustrating another authentication interaction method according to another embodiment of the present invention. The authentication interaction method shown in fig. 7-b may be implemented based on the communication system of the architecture shown in fig. 7-a or a communication system of a modified architecture.

As shown in fig. 7-b, another verification interaction method provided by another embodiment of the present invention specifically may include:

701. the client sends a service request message to the service server.

702. And the service server receives an account registration request message from the client, and the service server obtains the N1 sub-pictures from the verification code server. .

And the N1 sub-pictures are obtained by cutting the verification picture by the verification code server. The N1 sub-pictures include a base picture and N1-1 option pictures, the shapes of N2 of the N1-1 option pictures have at least m axes of symmetry, the N1 and the N2 are positive integers and the N1 is greater than 1, the m is an integer greater than 4.

703. The service server sends a first authentication interaction message containing the N1 sub-pictures to the client.

704. The client receives a first verification interaction message from the service server. And the client sends a second verification interactive message containing a spliced picture obtained by splicing the N1 sub-pictures to the service server.

705. And the service server compares the spliced picture with the verification picture to determine a verification result.

706. And if the verification result is successful, the service server executes the service corresponding to the service request message. In addition, if the verification result is verification failure, the service server may send a verification failure message to the client.

The following also provides a related apparatus for implementing the above-described scheme.

Referring to fig. 8, an embodiment of the present invention provides an authentication interaction apparatus 800, which may include:

a receiving unit 810, an authentication unit 830, and a transmitting unit 820.

A receiving unit 810, configured to receive an authentication request message from a client.

A sending unit 820, configured to send a first authentication interaction message containing N1 sub-pictures to the client.

A verification unit 830, configured to determine a verification result by comparing the spliced picture with the verification picture if a second verification interaction message is received from the client and includes the spliced picture obtained by splicing the N1 sub-pictures.

The verification interaction device 800 in this embodiment is a server or is deployed in a server, and the server may be a site server, a game server, an application store server, or the like that can provide services to clients. Of course, the server may also be an authentication server for authentication.

Optionally, the verification unit 830 is specifically configured to, if a second verification interaction message is received from the client and includes a spliced picture obtained by splicing the N1 sub-pictures, compare the spliced picture with the verification picture; if the similarity between the spliced picture and the verification picture is greater than or equal to a first threshold value through comparison, determining that the verification result is successful; and if the similarity between the spliced picture and the verification picture is smaller than the first threshold value through comparison, determining that the verification result is verification failure.

Optionally, in some possible embodiments of the present invention, if the client is marked as a suspected malicious client, the m is greater than or equal to 20, 30, 53, 87, 100, 200, or 500, or another value greater than 4. If the client is marked as a suspected malicious client, the value obtained by dividing the N2 by the N1-1 is greater than or equal to a second threshold (which may be equal to 0.8, 0.9, 0.95, or 1, for example). If the client is marked as a suspected malicious client, N2 may be greater than 5, 6, 8, 10, 15, or other value greater than 1. For example, the verification interaction apparatus 800 may set a decision condition to determine whether the client sending the verification request message is possibly a malicious client according to the frequency or other performance characteristics of the verification request sent by a certain client, and the specific policy that the client is marked as a suspected malicious client is not limited in the embodiment of the present invention. For example, when a client that finds a certain IP address repeatedly sends a verification request message on the same login page within seconds or minutes, the client can be determined to have a high probability of being a malicious client, and can be marked as a suspected malicious client, and subsequently a verification code with high cracking difficulty can be sent to the client (the more sub-pictures are, the more sub-picture symmetry axes are, the higher the cracking difficulty is), so that the interference effect on the malicious client is enhanced. If the verification interaction device 800 determines that a client is more likely to be a normal client, the verification code with lower cracking difficulty is subsequently sent, so as to reduce the image reading difficulty and comfort level of the user.

Some possible schemes of the embodiment are added with simple interaction, the positions of the jigsaw verification codes, which need to be jigsaw, are identified by circular frames, the matching of the anti-edge similarity is achieved, and meanwhile, the rotating direction and the angle of the circular sub-pictures can be dynamically regulated and controlled, so that the recognition rate of the current automaton to one jigsaw picture is reduced by at least one order of magnitude, and the anti-cracking is effectively achieved.

It can be understood that the functions of the functional modules of the verification interaction apparatus 800 in this embodiment may be specifically implemented according to the method in the foregoing method embodiment, and the specific implementation process may refer to the related description of the foregoing method embodiment, which is not described herein again. The verification interaction device 800 may be a server or may be deployed in a server.

It can be seen that, in the scheme of this embodiment, after receiving the authentication request message from the client, the authentication interaction device 800 sends a first authentication interaction message including N1 sub-pictures to the client, where the N1 sub-pictures are obtained by cutting the authentication pictures, the N1 sub-pictures include a base picture and N1-1 option pictures, where the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and N2 are positive integers, and the N1 is greater than 1, where m is an integer greater than 4. The N2 option pictures in the N1-1 option pictures have m symmetry axes at least larger than 4, and researches show that the more the symmetry axes of the sub pictures are, the more the times of sub picture rotation tests of a malicious client side are, and along with the increase of the number of the option pictures, the number of the symmetry axes of the option pictures is increased, the number of the tests required by brute force cracking of a port of the malicious client side is increased to be close to the increase of geometric progression, so that brute force cracking difficulty is increased to a certain extent, and the scheme is favorable for improving the capability of preventing the brute force cracking of the malicious client side in the verification process.

Referring to fig. 9, fig. 9 is a schematic diagram of a server 900 according to an embodiment of the present invention, where the server 900 may include at least one bus 901, at least one processor 902 connected to the bus 901, and at least one memory 903 connected to the bus 901.

Wherein the processor 902 invokes code stored in the memory 903 for receiving a verification request message from a client via the bus 901; sending a first verification interaction message containing N1 sub-pictures to the client, wherein the N1 sub-pictures are obtained by cutting verification pictures, the N1 sub-pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers, the N1 is greater than 1, and the m is an integer greater than 4; and if a second verification interactive message which is from the client and contains a spliced picture obtained by splicing the N1 sub-pictures is received, comparing the spliced picture with the verification picture to determine a verification result.

Wherein the N2 is less than or equal to the N1-1.

For example, the processor 902 may cut the verification picture into N1 sub-pictures. Alternatively, the server may instruct a captcha server to cut a verification picture into N1 sub-pictures and obtain N1 sub-pictures from the captcha server that result from cutting the verification picture.

The server 900 in this embodiment may be a site server, a game server, an application store server, or the like that can provide services to clients.

It can be understood that the functions of the functional modules of the server 900 in this embodiment may be specifically implemented according to the method in the foregoing method embodiment, and the specific implementation process may refer to the relevant description of the foregoing method embodiment, which is not described herein again.

The server 900 in this embodiment may be a site server, a game server, an application store server, or the like that can provide services to clients, and of course, the server may also be an authentication server for authentication.

It can be seen that in the solution provided in this embodiment, after receiving a verification request message from a client, the server 900 sends a first verification interaction message including N1 sub-pictures to the client, where the N1 sub-pictures are obtained by cutting a verification picture, where the N1 sub-pictures include a base picture and N1-1 option pictures, where the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and N2 are positive integers, and the N1 is greater than 1, where m is an integer greater than 4. The N2 option pictures in the N1-1 option pictures have m symmetry axes at least larger than 4, and researches show that the more the symmetry axes of the sub pictures are, the more the times of sub picture rotation tests of a malicious client side are, and along with the increase of the number of the option pictures, the number of the symmetry axes of the option pictures is increased, the times of tests required by brute force cracking of a port of a malicious client side are increased to be close to the increase of geometric progression, so that brute force cracking difficulty is increased to a certain extent, and the scheme is favorable for improving the capability of preventing the brute force cracking of the malicious client side in the verification process.

Referring to fig. 10, fig. 10 is a block diagram of a server 1000 according to another embodiment of the present invention. The server 1000 may include: at least 1 processor 1001, at least 1 network interface 1004, memory 1005, and at least 1 communication bus 1002. A communication bus 1002 is used to enable connection communications between these components. Wherein the server 1000 optionally comprises a user interface 1003 including a display (e.g. a touch screen, a liquid crystal display, a Holographic (or projection) display, etc.), a pointing device (e.g. a mouse, a trackball (or touch screen, etc.), a camera and/or a sound pick-up, etc.

The memory 1005, which may include both read-only memory and random access memory, provides instructions and data to the processor 1001. Some of the memory 1005 may also include non-volatile random access memory.

In some embodiments, memory 1005 stores the following elements, executable modules or data structures, or a subset thereof, or an expanded set thereof:

the operating system 10051, which comprises various system programs, is used to implement various basic services and to process hardware-based tasks.

The application module 10052 contains various applications for implementing various application services.

The application module 10052 includes, but is not limited to, a receiving unit 810, an authentication unit 830, a transmitting unit 820, and the like.

In an embodiment of the present invention, processor 1001 receives an authentication request message from a client by calling a program or instructions stored in memory 1005; sending a first verification interaction message containing N1 sub-pictures to the client, wherein the N1 sub-pictures are obtained by cutting verification pictures, the N1 sub-pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers, the N1 is greater than 1, and the m is an integer greater than 4; and if a second verification interactive message which is from the client and contains a spliced picture obtained by splicing the N1 sub-pictures is received, comparing the spliced picture with the verification picture to determine a verification result.

Wherein the N2 is less than or equal to the N1-1.

For example, the processor 1001 may cut the verification picture into N1 sub-pictures. Alternatively, the server may instruct a captcha server to cut a verification picture into N1 sub-pictures and obtain N1 sub-pictures from the captcha server that result from cutting the verification picture.

The server 1000 in this embodiment may be a site server, a game server, an application store server, or the like that can provide services to clients.

It can be understood that the functions of the functional modules of the server 1000 in this embodiment may be specifically implemented according to the method in the foregoing method embodiment, and the specific implementation process may refer to the relevant description of the foregoing method embodiment, which is not described herein again.

The server 1000 in this embodiment may be a site server, a game server, an application store server, or the like that can provide services to clients, and of course, the server 1000 may also be an authentication server for authentication.

It can be seen that in the solution provided in this embodiment, after receiving a verification request message from a client, the server 1000 sends a first verification interaction message including N1 sub-pictures to the client, where the N1 sub-pictures are obtained by cutting a verification picture, where the N1 sub-pictures include a base picture and N1-1 option pictures, where shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and N2 are positive integers, and the N1 is greater than 1, where m is an integer greater than 4. The N2 option pictures in the N1-1 option pictures have m symmetry axes at least larger than 4, and researches show that the more the symmetry axes of the sub pictures are, the more the times of sub picture rotation tests of a malicious client side are, and along with the increase of the number of the option pictures, the number of the symmetry axes of the option pictures is increased, the times of tests required by brute force cracking of a port of a malicious client side are increased to be close to the increase of geometric progression, so that brute force cracking difficulty is increased to a certain extent, and the scheme is favorable for improving the capability of preventing the brute force cracking of the malicious client side in the verification process.

Referring to fig. 11, an embodiment of the present invention further provides an authentication interaction apparatus 1100, which may include:

a sending unit 1110, a receiving unit 1120, and a verification interaction unit 1130.

A sending unit 1110, configured to send an authentication request message to a server.

A receiving unit 1120 configured to receive a first verification interaction message from the server, the first verification interaction message including N1 sub-pictures obtained by cutting a verification picture, wherein the N1 sub-pictures include a base picture and N1-1 option pictures, wherein shapes of N2 option pictures of the N1-1 option pictures have at least m symmetry axes, wherein N1 and N2 are positive integers, N1 is greater than 1, and m is an integer greater than 4.

A verification interaction unit 1130, configured to send a second verification interaction message including a spliced picture obtained by splicing the N1 sub pictures to the server.

The server may receive a verification request message from the client.

Since the N1-1 option pictures are embedded in the base picture, the verification interaction device 1100 can embed the N1-1 option pictures in the holes formed by cutting the option pictures on the base picture, thereby obtaining a stitched picture.

The server in this embodiment may be a site server, a game server, an application store server, or other business servers that can provide services to the client.

Optionally, in some possible embodiments of the present invention, a shape of a second option picture of the N2 option pictures is a regular k-edge, where k is an integer greater than 4, for example, k is equal to 5, 6, 7, 10, or 35, 57, 108, 390, 1500, or another value. For example, the second option picture may be any one sub-picture of the N2 option pictures. For example, the shape of some or all of the N2 option pictures may be a regular k-polygon.

It can be understood that the functions of the functional modules of the verification interaction device 1100 in this embodiment may be specifically implemented according to the method in the foregoing method embodiment, and the specific implementation process may refer to the related description of the foregoing method embodiment, which is not described herein again. The verification interaction device 1100 can be a client or deployed in a client.

It can be seen that, in the technical solution of this embodiment, after the verification interaction device 1100 sends a verification request message to the server, a first verification interaction message is received from the server, where the first verification interaction message includes N1 sub-pictures obtained by cutting the verification picture, where N1 sub-pictures include a base picture and N1-1 option pictures, where N2 option pictures in the N1-1 option pictures have at least m symmetry axes, and m is an integer greater than 4; the verification interaction device 1100 sends a second verification interaction message including a spliced picture obtained by splicing the N1 sub-pictures to the server, so that the server determines a verification result by comparing the spliced picture with the verification picture. Since the shape of the N2 option pictures in the N1-1 option pictures has m symmetry axes at least greater than 4, it is found that the more the symmetry axes of the sub pictures are, the more the times of sub-picture rotation tests performed by the malicious verification interaction device 1100 are, and as the number of the option pictures is increased, the number of the symmetry axes of the option pictures is increased, and the number of tests required by brute force cracking of the malicious verification interaction device 1100 is also increased by a large amount close to the geometric progression, which increases the brute force cracking difficulty to a certain extent.

Referring to fig. 12, fig. 12 is a schematic diagram of a client 1200 according to an embodiment of the present invention, where the client 1200 may include at least one bus 1201, at least one processor 1202 connected to the bus 1201, and at least one memory 1203 connected to the bus 1201.

Wherein, the processor 1202 calls the code stored in the memory 1203 to send the authentication request message to the server through the bus 1201; receiving a first verification interaction message from the server, the first verification interaction message including N1 sub-pictures obtained by cutting a verification picture, the N1 sub-pictures including a base picture and N1-1 option pictures, shapes of N2 option pictures of the N1-1 option pictures having at least m symmetry axes, wherein the N1 and the N2 are positive integers and the N1 is greater than 1, and the m is an integer greater than 4; and sending a second verification interactive message containing a spliced picture obtained by splicing the N1 sub-pictures to the server.

The server may receive a verification request message from the client.

It can be understood that the functions of the functional modules of the client 1200 in this embodiment may be specifically implemented according to the method in the foregoing method embodiment, and the specific implementation process may refer to the relevant description of the foregoing method embodiment, which is not described herein again.

It can be seen that, after sending the authentication request message to the server, the client 1200 in this embodiment receives a first authentication interaction message from the server, where the first authentication interaction message includes N1 sub-pictures obtained by cutting the authentication picture, where N1 sub-pictures include a base picture and N1-1 option pictures, where N2 option pictures in the N1-1 option pictures have at least m symmetry axes, and m is an integer greater than 4; the client 1200 sends a second verification interaction message including a spliced picture obtained by splicing the N1 sub-pictures to the server, so that the server determines a verification result by comparing the spliced picture with the verification picture. Since the N2 option pictures in the N1-1 option pictures have m symmetry axes at least larger than 4, researches show that the more the symmetry axes of the sub pictures are, the more the times of sub picture rotation tests of a malicious client side are, the more the number of the symmetry axes of the option pictures is increased along with the increase of the number of the option pictures, the test times required by brute force cracking of a port of the malicious client side are greatly increased to be close to geometric progression, so that brute force cracking difficulty is increased to a certain extent, and the scheme is favorable for improving the capability of preventing brute force cracking of the malicious client side in the verification process.

Referring to fig. 13, fig. 13 is a block diagram of a client 1300 according to another embodiment of the present invention. The client 1300 may include: at least 1 processor 1301, at least 1 network interface 1304, memory 1305, and at least 1 communication bus 1302. A communication bus 1302 is used to enable communications among the components. The client 1300 optionally includes a user interface 1303 including a display (e.g., a touch screen, a liquid crystal display, a Holographic (or projection), a pointing device (e.g., a mouse, a trackball (or touch screen), a camera and/or a sound pickup device).

Memory 1305, which may include both read-only memory and random-access memory, provides instructions and data to the processor 1301. Some of the memory 1305 may also include non-volatile random access memory.

In some embodiments, memory 1305 stores the following elements, executable modules or data structures, or a subset thereof, or an expanded set thereof:

the operating system 13051, which contains various system programs for implementing various basic services and for handling hardware-based tasks.

The application module 13052 contains various applications for implementing various application services.

The application module 13052 includes, but is not limited to, a sending unit 1110, a receiving unit 1120, a verification interaction unit 1130, and the like.

In an embodiment of the invention, processor 1301 sends an authentication request message to the server by calling a program or instructions stored in memory 1305; receiving a first verification interaction message from the server, the first verification interaction message including N1 sub-pictures obtained by cutting a verification picture, the N1 sub-pictures including a base picture and N1-1 option pictures, shapes of N2 option pictures of the N1-1 option pictures having at least m symmetry axes, wherein the N1 and the N2 are positive integers and the N1 is greater than 1, and the m is an integer greater than 4; and sending a second verification interactive message containing a spliced picture obtained by splicing the N1 sub-pictures to the server.

The server may receive a verification request message from the client.

It can be understood that the functions of the functional modules of the client 1300 in this embodiment may be specifically implemented according to the method in the foregoing method embodiment, and the specific implementation process may refer to the relevant description of the foregoing method embodiment, which is not described herein again.

It can be seen that, after sending the authentication request message to the server, the client 1300 in this embodiment receives a first authentication interaction message from the server, where the first authentication interaction message includes N1 sub-pictures obtained by cutting the authentication picture, where N1 sub-pictures include a base picture and N1-1 option pictures, and N2 option pictures in the N1-1 option pictures have at least m symmetry axes, where m is an integer greater than 4; the client 1300 sends a second verification interaction message including a spliced picture obtained by splicing the N1 sub-pictures to the server, so that the server determines a verification result by comparing the spliced picture with the verification picture. Since the N2 option pictures in the N1-1 option pictures have m symmetry axes at least larger than 4, researches show that the more the symmetry axes of the sub pictures are, the more the times of sub picture rotation tests of a malicious client side are, the more the number of the symmetry axes of the option pictures is increased along with the increase of the number of the option pictures, the test times required by brute force cracking of a port of the malicious client side are greatly increased to be close to geometric progression, so that brute force cracking difficulty is increased to a certain extent, and the scheme is favorable for improving the capability of preventing brute force cracking of the malicious client side in the verification process.

Referring to fig. 14, an embodiment of the present invention further provides a communication system, which may include:

a client 1410, and a server 1420.

The client 1410 is configured to send an authentication request message to the server 1420.

A server 1420 for receiving an authentication request message from a client; sending a first verification interaction message containing N1 sub-pictures to the client, wherein the N1 sub-pictures are obtained by cutting verification pictures, the N1 sub-pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers, the N1 is greater than 1, and the m is an integer greater than 4; and if a second verification interactive message which is from the client and contains a spliced picture obtained by splicing the N1 sub-pictures is received, comparing the spliced picture with the verification picture to determine a verification result.

Since the N1-1 option pictures are embedded in the base picture, the client 1410 can embed the N1-1 option pictures in the holes formed by cutting the option pictures on the base picture, thereby obtaining a stitched picture.

The server 1420 in this embodiment may be a site server, a game server, an application store server, or other business servers that can provide services to clients. The server 1420 may also be an authentication server for authentication.

Optionally, in some possible embodiments of the invention, if the client 1410 is marked as a suspected malicious client, the m is greater than or equal to 20, 30, 53, 87, 100, 200 or 500 or another value greater than 4. If the client 1410 is marked as a suspected malicious client, the value obtained by dividing the N2 by the N1-1 is greater than or equal to a second threshold (wherein the second threshold may be equal to 0.8, 0.9, or 0.95, 1, for example). If the client 1410 is marked as a suspected malicious client, the N2 may be greater than 5, 6, or 8, 10, 15, or other value greater than 1. For example, the server 1420 may set a decision condition to determine whether the client 1410 sending the verification request message is likely to be a malicious client according to the frequency or other performance characteristics of the verification request sent by a certain client 1410, and the specific policy for marking the client 1410 as a suspected malicious client is not limited in the embodiments of the present invention. For example, when a client that finds a certain IP address repeatedly sends a verification request message on the same login page within seconds or minutes, the client can be determined to have a high probability of being a malicious client, and can be marked as a suspected malicious client, and subsequently a verification code with high cracking difficulty can be sent to the client (the more sub-pictures are, the more sub-picture symmetry axes are, the higher the cracking difficulty is), so that the interference effect on the malicious client is enhanced. If the server 1420 determines that a client is more likely to be a normal client, the verification code with lower cracking difficulty is subsequently sent, so as to reduce the difficulty and comfort level of reading the image of the user.

Optionally, the server 1420 may further send a verification response message carrying indication information indicating a verification result to the client 1410, and further notify the client 1410 of the verification result by displaying the indication. Of course, the server 1420 may also notify the client 1410 of the verification result by using implicit indication.

In this embodiment, the server 1420 may be a site server, a game server, an application store server, or the like that can provide services to the client, and of course, the server 1420 may also be an authentication server for authentication.

It can be seen that, after the client 1410 sends the authentication request message to the server 1420, the client 1410 receives a first authentication interaction message from the server 1420, where the first authentication interaction message includes N1 sub-pictures obtained by cutting the authentication pictures, where N1 sub-pictures include a base picture and N1-1 option pictures, where N2 option pictures in the N1-1 option pictures have at least m symmetry axes, and m is an integer greater than 4; the client 1410 sends a second verification interaction message including a spliced picture obtained by splicing the N1 sub-pictures to the server 1420, so that the server 1420 determines a verification result by comparing the spliced picture with the verification picture. Since the N2 option pictures in the N1-1 option pictures have m symmetry axes at least larger than 4, researches show that the more the symmetry axes of the sub pictures are, the more the times of sub picture rotation tests of a malicious client side are, the more the number of the symmetry axes of the option pictures is increased along with the increase of the number of the option pictures, the test times required by brute force cracking of a port of the malicious client side are greatly increased to be close to geometric progression, so that brute force cracking difficulty is increased to a certain extent, and the scheme is favorable for improving the capability of preventing brute force cracking of the malicious client side in the verification process.

An embodiment of the present invention further provides a computer storage medium, where the computer storage medium may store a program, and when the program is executed, the program includes some or all of the steps of any one of the verification interaction methods described in the above method embodiments.

It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.

In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some interfaces, devices or units, and may be an electric or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.

The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims

1. A method of verifying interaction, comprising:

receiving a verification request message from a client;

sending a first verification interaction message containing N1 sub-pictures to the client;

wherein the N1 sub-pictures are obtained by cutting verification pictures, the N1 sub-pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers, the N1 is greater than 1, and the m is an integer greater than 4; the N1-1 option pictures are rotatable pictures; when the client is a suspected malicious client, the minimum rotation angle of the N2 option pictures is smaller than the rotation angle of the N2 option pictures when the client is not a suspected malicious client, and/or when the client is a suspected malicious client, the value of m is larger than the value of m when the client is not a suspected malicious client;

2. The method of claim 1, wherein if the client is marked as a suspected malicious client, the m is greater than or equal to 20, and/or the value of N2 divided by N1 "1 is greater than or equal to a second threshold, and/or N2 is greater than 5.

3. The method of claim 1, wherein the determining a verification result by comparing the stitched image and the verification image comprises:

comparing the spliced picture with the verification picture; if the similarity between the spliced picture and the verification picture is greater than or equal to a first threshold value through comparison, determining that the verification result is successful; and if the similarity between the spliced picture and the verification picture is smaller than the first threshold value through comparison, determining that the verification result is verification failure.

4. The method according to any one of claims 1 to 3, wherein the shape of a first option picture of the N2 option pictures is circular; and/or the shape of a second option picture in the N2 option pictures is a regular k-edge, wherein k is an integer greater than 4; and/or the shape of the third option picture in the N2 option pictures is an irregular figure.

5. A method for verifying interaction is applied to a client, and is characterized by comprising the following steps:

sending a verification request message to a server;

receiving a first verification interaction message from the server, wherein the first verification interaction message comprises N1 sub-pictures obtained by cutting a verification picture, wherein the N1 sub-pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers, the N1 is greater than 1, and the m is an integer greater than 4; the N1-1 option pictures are rotatable pictures; when the client is a suspected malicious client, the minimum rotation angle of the N2 option pictures is smaller than the rotation angle of the N2 option pictures when the client is not a suspected malicious client, and/or when the client is a suspected malicious client, the value of m is larger than the value of m when the client is not a suspected malicious client;

6. The method of claim 5,

a first option picture of the N2 option pictures is circular in shape; and/or the shape of a second option picture of the N2 option pictures is a positive k-edge, wherein k is an integer greater than 4; and/or the shape of the third option picture in the N2 option pictures is an irregular figure.

7. An authentication interaction apparatus, comprising:

8. The apparatus of claim 7,

the verification unit is specifically configured to compare the spliced picture with the verification picture if a second verification interaction message is received from the client and includes the spliced picture obtained by splicing the N1 sub-pictures; if the similarity between the spliced picture and the verification picture is greater than or equal to a first threshold value through comparison, determining that the verification result is successful; and if the similarity between the spliced picture and the verification picture is smaller than the first threshold value through comparison, determining that the verification result is verification failure.

9. The apparatus of claim 7, wherein if the client is marked as a suspected malicious client, the m is greater than or equal to 20, and/or the value of N2 divided by N1 "1 is greater than or equal to a second threshold, and/or N2 is greater than 5.

10. The apparatus according to any one of claims 7 to 9, wherein a first option picture of the N2 option pictures is circular in shape; and/or the shape of a second option picture in the N2 option pictures is a regular k-edge, wherein k is an integer greater than 4; and/or the shape of the third option picture in the N2 option pictures is an irregular figure.

11. An authentication interaction device applied to a client side, comprising:

a sending unit, configured to send a verification request message to a server;

a receiving unit, configured to receive a first verification interaction message from the server, where the first verification interaction message includes N1 sub-pictures obtained by cutting a verification picture, where the N1 sub-pictures include a base picture and N1-1 option pictures, where N2 option pictures in the N1-1 option pictures have at least m symmetry axes in shape, where N1 and N2 are positive integers, and N1 is greater than 1, and m is an integer greater than 4; the N1-1 option pictures are rotatable pictures; when the client is a suspected malicious client, the minimum rotation angle of the N2 option pictures is smaller than the rotation angle of the N2 option pictures when the client is not a suspected malicious client, and/or when the client is a suspected malicious client, the value of m is larger than the value of m when the client is not a suspected malicious client;

12. The apparatus of claim 11,

13. A communication system, comprising:

the client is used for sending a verification request message to the server;

the server is used for receiving a verification request message from a client; sending a first verification interaction message containing N1 sub-pictures to the client, wherein the N1 sub-pictures are obtained by cutting verification pictures, the N1 sub-pictures comprise a base picture and N1-1 option pictures, the shapes of N2 option pictures in the N1-1 option pictures have at least m symmetry axes, the N1 and the N2 are positive integers, the N1 is greater than 1, and the m is an integer greater than 4; the N1-1 option pictures are rotatable pictures; when the client is a suspected malicious client, the minimum rotation angle of the N2 option pictures is smaller than the rotation angle of the N2 option pictures when the client is not a suspected malicious client, and/or when the client is a suspected malicious client, the value of m is larger than the value of m when the client is not a suspected malicious client; and if a second verification interactive message which is from the client and contains a spliced picture obtained by splicing the N1 sub-pictures is received, comparing the spliced picture with the verification picture to determine a verification result.

14. The communication system of claim 13,

15. A readable storage medium, having stored thereon a computer program, characterized in that the computer program, when being executed by a processor, carries out the steps of the method of verifying an interaction according to any one of claims 1 to 6.

16. A computer device, comprising: a processor and a memory;

the memory is used for storing programs;

the processor is configured to execute the memory-stored program to implement the steps of the method of verifying interaction as claimed in any one of claims 1-4.

17. A computer device, comprising: a processor and a memory;

the memory is used for storing programs;

the processor is configured to execute the memory-stored program to implement the steps of the method of verifying interaction as claimed in any one of claims 5 to 6.