CN105635043A - System and method of validate code safety on the basis of cloud calculation - Google Patents
System and method of validate code safety on the basis of cloud calculation Download PDFInfo
- Publication number
- CN105635043A CN105635043A CN201410588174.4A CN201410588174A CN105635043A CN 105635043 A CN105635043 A CN 105635043A CN 201410588174 A CN201410588174 A CN 201410588174A CN 105635043 A CN105635043 A CN 105635043A
- Authority
- CN
- China
- Prior art keywords
- identifying code
- cloud
- code
- server
- validate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention discloses a system and method of validate code safety on the basis of cloud calculation. According to the invention, the safety of network validate codes is effectively improved, and the technology realization difficulty of network validate codes is reduced. The system comprises a validate code cloud, a validate code agent and a validate code cloud server; the validate code cloud is executed in a user browser and is configured to request and display validate codes; the validate code agent is operated in a website server and is configured to verify the correctness of the validate codes; and the validate code cloud server is taken as a cloud server cluster specially providing validate code service and is configured to perform request response, generation, verification and safety protection of validate codes, etc. The method mainly comprises a cloud validate code display request flow and a cloud validate code safety verification flow.
Description
Technical field
The invention belongs to computer network security technology, relate to a kind of identifying code security system based on cloud computing and method.
Background technology
Identifying code, English name CAPTCHA, it is the abbreviation of " CompletelyAutomatedPublicTuringtesttoTellComputersandHum ansApartApart (the full-automatic turing tests distinguishing computer and the mankind) ", the public full auto-programs of to be a kind of user of differentiation be computer and people. The effect of identifying code; briefly; just being used to distinguish current user is machine or people; its objective is; in order to prevent robot malicious registration, log in, pour water, sending advertisement patch, send out rubbish note, turn note; and the personal information of specific user is carried out Brute Force etc., and then stop the attack of website and the acquisition to user's private information, thus protecting the account safety of network security and user.
Traditional verification code technology implementation is, the service model of program B/S Network Based, and each Website server is individually for self and provides identifying code service, and this brings Railway Project:
First, technical problem. Owing to the exploitation of each website is different with the height of the technical capability of guardian, the degree of perfection for the technical scheme of identifying code also has very big-difference, and therefore, the identifying code scheme of substantially most of website is all insecure;
Second, ease of use issues. Each website is required for individually developing verification code system, brings resource repetition, waste problem;
3rd, safety problem. Current verification code functional module realizes as just a submodule of website, and function and technology realize more weak, it is easy to are hacked and crack, bring potential safety hazard.
What the present invention innovated proposes a kind of identifying code security system based on cloud computing and method, identifying code service is provided in the way of cloud computing, the identifying code Cloud Server of the present invention can be accessed in all websites, have only to one section of simple code, all of verification code technology realizes, the identifying code Cloud Server that security control etc. are all realized by the present invention realizes, the identifying code functional module that each website is required for is given special third-party authentication code cloud service provider and is realized, it is effectively improved the safety of network verification code, and, the technology reducing network verification code realizes difficulty, web developers is facilitated to use.
Summary of the invention
The invention discloses a kind of identifying code security system based on cloud computing and method, change traditional identifying code method of servicing based on B/S pattern, the pattern using cloud computing provides identifying code service, the safety of network verification code can be effectively improved, meanwhile, the technology reducing network verification code realizes difficulty.
A kind of identifying code security system based on cloud computing disclosed by the invention and method, it is characterised in that the security service of identifying code is provided by third-party identifying code Cloud Server.
A kind of identifying code security system based on cloud computing disclosed by the invention and method, its feature includes, system is made up of identifying code high in the clouds, identifying code agency and identifying code Cloud Server etc., wherein: identifying code high in the clouds performs in user browser, is responsible for request and the display of identifying code; Identifying code agency operates in Website server, is responsible for the correctness verification of identifying code; Identifying code Cloud Server, as the special Cloud Server cluster providing identifying code service, is responsible for the request response of identifying code, generation, verification, security protection etc.
A kind of identifying code security system based on cloud computing disclosed by the invention and method, its cloud identifying code display request flow process includes:
Browse request Website server display identifying code;
Website server obtains token by identifying code proxy requests identifying code Cloud Server;
Identifying code Cloud Server generates token and returns to Website server;
Website server returns token to browser;
Browser carries the token requests verification code Cloud Server of acquisition;
Identifying code Cloud Server generates identifying code and returns to browser;
Identifying code high in the clouds Receipt Validation code showing in browser.
A kind of identifying code security system based on cloud computing disclosed by the invention and method, its cloud identifying code safety check flow process includes:
Browser sends the identifying code safety check carrying user's input and token asks to Website server;
In Website server, identifying code agency sends and carries user's input and the identifying code safety check of token is asked to identifying code Cloud Server;
The identifying code Cloud Server user to sending over inputs and token carries out correctness verification back-checking result;
In Website server, identifying code agency receives the identifying code check results returned, and determines next step behavior of user according to check results.
A kind of identifying code security system based on cloud computing disclosed by the invention and method, the identifying code method of current all of B/S pattern can be replaced, the third party cloud identifying code service provider that identifying code functional module is given specialty realizes, and improves ease for use, safety.
Accompanying drawing explanation
Fig. 1 is the system construction drawing of a kind of identifying code security system based on cloud computing and method.
Fig. 2 is the cloud identifying code display request flow chart of a kind of identifying code security system based on cloud computing and method.
Fig. 3 is the cloud identifying code check request flow chart of a kind of identifying code security system based on cloud computing and method.
Detailed description of the invention
Below in conjunction with drawings and Examples, the invention will be further described.
As it is shown in figure 1, a kind of identifying code security system based on cloud computing disclosed by the invention and method, system is made up of identifying code high in the clouds 101, identifying code agency 102 and identifying code Cloud Server 103 etc., wherein:
Identifying code high in the clouds 101, performs in user browser, is responsible for request and the display of identifying code;
Identifying code agency 102, operates in Website server, is responsible for the correctness verification of identifying code;
Identifying code Cloud Server 103, as the special Cloud Server cluster providing identifying code service, is responsible for the request response of identifying code, generation, verification, security protection etc.
As in figure 2 it is shown, the identifying code security system based on cloud computing of the application present invention is to Website server, when user accesses the identifying code page with the present invention, the cloud identifying code display request flow process on the page includes:
Browse request Website server display identifying code;
Website server is acted on behalf of 102 requests verification code Cloud Servers by identifying code and is obtained token;
Identifying code Cloud Server 103 generates token and returns to identifying code agency 102 in Website server;
Website server is acted on behalf of 102 by identifying code and is returned token and identifying code high in the clouds code to browser;
In browser, the token requests verification code Cloud Server 103 of acquisition is carried in identifying code high in the clouds 101;
Identifying code Cloud Server 103 generates identifying code and returns to identifying code high in the clouds 101 in browser;
Identifying code high in the clouds 101 Receipt Validation code showing in browser.
As it is shown on figure 3, after user's input validation code is submitted to, cloud identifying code safety check flow process includes:
Browser sends the identifying code safety check carrying user's input and token asks to Website server;
In Website server, identifying code agency 102 transmission carries user's input and the identifying code safety check of token is asked to identifying code Cloud Server 103;
The identifying code Cloud Server 103 user to sending over inputs and token carries out correctness verification back-checking result TRUE/FALSE;
The identifying code check results that in Website server, identifying code agency 102 reception returns, and next step behavior of user is determined according to check results.
Resolve based on system above module and flow process, in order to further concrete image illustrate present invention is described, enumerate related embodiment scheme as follows.
Embodiment one.
Application development interface bag SDK that present system provides is installed to Website server, identifying code Cloud Server 103 provided by the invention obtains website logo code key, the key got and some other parameter are configured in the SDK of Website server.
When user accesses the Website page with verification code system of the present invention, browse request Website server display identifying code; Website server is acted on behalf of 102 requests verification code Cloud Servers by identifying code and is obtained token; Identifying code Cloud Server 103 generates token and returns to identifying code agency 102 in Website server; Website server is acted on behalf of 102 by identifying code and is returned token and identifying code high in the clouds code to browser; In browser, the token requests verification code Cloud Server 103 of acquisition is carried in identifying code high in the clouds 101; Identifying code Cloud Server 103 generates identifying code and returns to identifying code high in the clouds 101 in browser; Identifying code high in the clouds 101 Receipt Validation code showing in browser.
After user's input validation code is submitted to, browser sends the identifying code safety check carrying user's input and token asks to Website server; In Website server, identifying code agency 102 transmission carries user's input and the identifying code safety check of token is asked to identifying code Cloud Server 103; The identifying code Cloud Server 103 user to sending over inputs and token carries out correctness verification back-checking result TRUE/FALSE; The identifying code check results that in Website server, identifying code agency 102 reception returns, and next step behavior of user is determined according to check results.
The above, be only presently preferred embodiments of the present invention, is not intended to limit protection scope of the present invention. All within the spirit and principles in the present invention, any amendment made, equivalent replace, improvement etc., should be included within protection scope of the present invention. Those skilled in the art can give the present invention and be developed based on the system with upper module and functional realiey; and change and extension application without departing from the various technology based on system and method; concrete form with implement relevant, should be included within protection scope of the present invention.
Claims (4)
1. the identifying code security system based on cloud computing and method, it is characterised in that the security service of identifying code is provided by third-party identifying code Cloud Server.
2. as claimed in claim 1 based on the identifying code security system of cloud computing and method, it is characterized in that, system is made up of identifying code high in the clouds, identifying code agency and identifying code Cloud Server etc., wherein: identifying code high in the clouds performs in user browser, is responsible for request and the display of identifying code; Identifying code agency operates in Website server, is responsible for the correctness verification of identifying code; Identifying code Cloud Server, as the special Cloud Server cluster providing identifying code service, is responsible for the request response of identifying code, generation, verification, security protection etc.
3. as claimed in claim 2 based on the identifying code security system of cloud computing and method, it is characterised in that cloud identifying code display request flow process includes:
Browse request Website server display identifying code;
Website server obtains token by identifying code proxy requests identifying code Cloud Server;
Identifying code Cloud Server generates token and returns to Website server;
Website server returns token to browser;
Browser carries the token requests verification code Cloud Server of acquisition;
Identifying code Cloud Server generates identifying code and returns to browser;
Identifying code high in the clouds Receipt Validation code showing in browser.
4. as claimed in claim 3 based on the identifying code security system of cloud computing and method, it is characterised in that cloud identifying code safety check flow process includes:
Browser sends the identifying code safety check carrying user's input and token asks to Website server;
In Website server, identifying code agency sends and carries user's input and the identifying code safety check of token is asked to identifying code Cloud Server;
The identifying code Cloud Server user to sending over inputs and token carries out correctness verification back-checking result;
In Website server, identifying code agency receives the identifying code check results returned, and determines next step behavior of user according to check results.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410588174.4A CN105635043A (en) | 2014-10-29 | 2014-10-29 | System and method of validate code safety on the basis of cloud calculation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410588174.4A CN105635043A (en) | 2014-10-29 | 2014-10-29 | System and method of validate code safety on the basis of cloud calculation |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105635043A true CN105635043A (en) | 2016-06-01 |
Family
ID=56049549
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410588174.4A Pending CN105635043A (en) | 2014-10-29 | 2014-10-29 | System and method of validate code safety on the basis of cloud calculation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105635043A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110098921A (en) * | 2018-01-30 | 2019-08-06 | 北京京东尚科信息技术有限公司 | Verification code generation method, device, application service end and system |
-
2014
- 2014-10-29 CN CN201410588174.4A patent/CN105635043A/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110098921A (en) * | 2018-01-30 | 2019-08-06 | 北京京东尚科信息技术有限公司 | Verification code generation method, device, application service end and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110602052B (en) | Micro-service processing method and server | |
JP6533871B2 (en) | System and method for controlling sign-on to web applications | |
JP6061364B2 (en) | Cloud-assisted methods and services for application security verification | |
CN104134021B (en) | The anti-tamper verification method of software and device | |
CN103428309B (en) | Quick Response Code redirect processing method | |
US10122830B2 (en) | Validation associated with a form | |
CN102355469A (en) | Method for displaying credibility certification for website in address bar of browser | |
CN103106576A (en) | Payment method and payment system based on client side and payment client side | |
CN104158802A (en) | Platform authorization method, platform service side, application client side and system | |
CN102073822A (en) | Method and system for preventing user information from leaking | |
CN102594914A (en) | Remote debugging method based on cloud platform | |
CN105812323A (en) | Method and device for accessing data by crossing network domains | |
CN106961332B (en) | Authority authentication method and device | |
CN104767747A (en) | Click jacking safety detection method and device | |
US20140173693A1 (en) | Cookie Optimization | |
CN105488400A (en) | Comprehensive detection method and system of malicious webpage | |
CN112965955B (en) | Data migration method, device, computer equipment and storage medium | |
CN103378969A (en) | Authorization method, system and third party application system | |
JP2010086435A (en) | Information processing method and computer | |
CN110489957B (en) | Management method of access request and computer storage medium | |
US11075922B2 (en) | Decentralized method of tracking user login status | |
CN112260983B (en) | Identity authentication method, device, equipment and computer readable storage medium | |
CN111935107A (en) | Identity authentication method, device, system, electronic equipment and storage medium | |
CN105635043A (en) | System and method of validate code safety on the basis of cloud calculation | |
KR20150049457A (en) | Method and apparatus for managing authentication information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160601 |