CN107204959B

CN107204959B - Verification method, device and system of verification code

Info

Publication number: CN107204959B
Application number: CN201610151493.8A
Authority: CN
Inventors: 蒋海滔
Original assignee: Alibaba Group Holding Ltd
Current assignee: Alibaba Group Holding Ltd
Priority date: 2016-03-16
Filing date: 2016-03-16
Publication date: 2020-07-24
Anticipated expiration: 2036-03-16
Also published as: CN107204959A

Abstract

The application discloses a verification method, a verification device and a verification system of a verification code. Wherein, the method comprises the following steps: a first server receives a first request sent by a terminal; the first server responds to the first request and generates response information, wherein the response information at least comprises a verification code carrier and first verification code information corresponding to the verification code carrier; the first server at least returns an authentication code carrier and encrypted first authentication code information to the terminal, wherein the authentication code carrier is used for indicating the terminal to input second authentication code information, and the encrypted first authentication code information is used for indicating the second server to authenticate the second authentication code information in a second request sent by the terminal. The method and the device solve the technical problem that cross-region verification has time delay.

Description

Verification method, device and system of verification code

Technical Field

The application relates to the field of internet, in particular to a verification method, a verification device and a verification system of a verification code.

Background

In the prior art, in a large website, a plurality of verification code servers may be arranged at a plurality of positions, such as a plurality of verification code servers deployed in beijing, shanghai, hangzhou, guangzhou, and the like. When the user terminal requests the authentication code from these servers and authenticates, there may be a case where: the user takes the verification code picture from the server deployed in Shanghai, but the user is allocated to the server deployed in Beijing to perform verification when verifying the verification code after inputting the verification code. In the traditional method, the check code is stored in a KV server (key value storage server), when the check code is verified, whether the check code is correct or not can be judged by comparing values in the KV server, synchronization of information of the check code is carried out on different servers across regions by the KV server, and if the synchronization delay exceeds the validity period of the check code, user verification failure and poor experience can be caused.

As shown in fig. 1, in the prior art, a user requesting a verification code from a server may be implemented by the following steps:

step S101: the user requests a page from the application.

Step S102, the application program returns an authentication page to the user, wherein the authentication page can request to input a user name and a password, and the authentication page carries the UR L address of the authentication code server pointing to the authentication resource (namely, the code fetching server).

Step S103, the user uses the UR L address to access the code fetching server.

Step S104: the code fetching server requests the verification code picture and the picture result from the KV storage. The picture result is the picture result carried in the verification code picture.

Step S105: and the code fetching server sends the verification code picture to the user.

Step S106: and the code fetching server writes the picture result and the session information into KV for storage.

Wherein the session information is carried in an access request of the user to access the code fetching server by using the UR L address.

As shown in fig. 2, in the prior art, when a user sends an authentication code to a server to request authentication, the following steps are performed:

step S201: the user submits a request for an authentication code to the application.

Step S202: the application program sends the verification code request to the corresponding verification server.

Step S203: and the verification server acquires the picture result and performs verification.

Optionally, the verification server obtains the picture result corresponding to the session information from the KV storage, however, if the verification server is not the same server as the code fetching server in fig. 1, the verification server needs to obtain the picture result from the code fetching server, and then performs verification based on the picture result, as described above, if the two servers are deployed in different areas, there is a time delay, which may cause the user verification to fail.

Step S204: and the verification server deletes the session information and the picture result stored in the KV memory.

Step S205: the authentication server returns an authentication result.

Aiming at the problem of verification delay in cross-region verification, an effective solution is not provided at present.

Disclosure of Invention

The embodiment of the application provides a verification method, a verification device and a verification system of a verification code, and aims to at least solve the technical problem of verification time delay in cross-region verification.

According to an aspect of an embodiment of the present application, there is provided a verification method of a verification code, including: a first server receives a first request sent by a terminal; the first server responds to the first request and generates response information, wherein the response information at least comprises a verification code carrier and first verification code information corresponding to the verification code carrier; the first server at least returns an authentication code carrier and encrypted first authentication code information to the terminal, wherein the authentication code carrier is used for indicating the terminal to input second authentication code information, and the encrypted first authentication code information is used for indicating the second server to authenticate the second authentication code information in a second request sent by the terminal.

According to an aspect of an embodiment of the present application, there is provided a verification method of a verification code, including: the method comprises the steps that a second server receives a second request sent by a terminal, wherein the second request carries encrypted first verification code information and second verification code information, the second request is used for requesting to verify the second verification code information by using the encrypted first verification code information, the encrypted first verification code information is sent to the terminal by the first server, the second verification code information is information input by the terminal based on a verification code carrier sent by the first server, and the verification code carrier corresponds to the first verification code information; the second server verifies the second verification code information using the encrypted first verification code information in response to the second request.

According to an aspect of an embodiment of the present application, there is provided a verification method of a verification code, including: the terminal sends a first request to a first server; the terminal receives response information returned by the first server in response to the first request, wherein the response information at least comprises an authentication code carrier and encrypted first authentication code information; the terminal acquires second verification code information based on the verification code carrier; the terminal generates a second request, wherein the second request at least comprises second verification code information and encrypted first verification code information; and the terminal sends a second request to the second server, wherein the second request is used for verifying the second verification code information by using the encrypted first verification code information.

According to an aspect of an embodiment of the present application, there is provided a verification system of a verification code, including: the first server is used for receiving a first request sent by the terminal and responding to the first request to generate response information, wherein the response information at least comprises a verification code carrier and first verification code information corresponding to the verification code carrier; the first server is also used for returning at least the verification code carrier and the encrypted first verification code information to the terminal; the second server is used for receiving a second request sent by the terminal, wherein the second request carries encrypted first verification code information and second verification code information, the second request is used for requesting to verify the second verification code information by using the encrypted first verification code information, and the second verification code information is information input by the terminal based on a verification code carrier sent by the first server; the second server is further configured to verify the second verification code information using the encrypted first verification code information in response to the second request.

According to another aspect of the embodiments of the present application, there is provided an apparatus for verifying a verification code, where the apparatus for verifying a verification code is disposed on a first server, and includes: a first receiving unit, configured to receive a first request sent by a terminal; the first response unit is used for responding to the first request and generating response information, wherein the response information at least comprises the verification code carrier and first verification code information corresponding to the verification code carrier; and the first returning unit is used for the first server to return at least the verification code carrier and the encrypted first verification code information to the terminal, wherein the verification code carrier is used for indicating the terminal to input second verification code information, and the encrypted first verification code information is used for indicating the second server to verify the second verification code information in a second request sent by the terminal.

According to another aspect of the embodiments of the present application, there is also provided an apparatus for verifying a verification code, disposed on a second server, the apparatus including: the second receiving unit is used for receiving a second request sent by the terminal, wherein the second request carries encrypted first verification code information and second verification code information, the second request is used for requesting to verify the second verification code information by using the encrypted first verification code information, the encrypted first verification code information is sent to the terminal by the first server, the second verification code information is information input by the terminal based on a verification code carrier sent by the first server, and the verification code carrier corresponds to the first verification code information; and a second response unit, configured to instruct the second server to verify the second verification code information using the encrypted first verification code information in response to the second request.

According to another aspect of the embodiments of the present application, there is also provided a verification apparatus for a verification code, which is disposed on a terminal, and includes: a first sending unit, configured to send a first request to a first server; a third receiving unit, configured to receive response information returned by the first server in response to the first request, where the response information at least includes the authentication code carrier and the encrypted first authentication code information; an acquisition unit configured to acquire second verification code information based on the verification code carrier; the generating unit is used for generating a second request, and the second request at least comprises second verification code information and encrypted first verification code information; and a second sending unit, configured to send a second request to the second server, where the second request is used to verify the second verification code information by using the encrypted first verification code information.

In this embodiment, with the adoption of the embodiment of the present application, when the first server sends the verification code carrier to the terminal, the first server sends the encrypted verification code information to the terminal at the same time, when the terminal requests to verify the input second verification code information, the first encrypted verification code information is sent to the second server together, and the server can verify the second verification code information based on the encrypted first verification code information. In the above embodiment, even if the first server and the second server are not the same server, the second server does not need to obtain the first verification code information from the first server, and the second server can directly verify the second verification code information by using the first verification code information sent by the terminal, without information interaction between the two servers, so that when the first server and the second server perform cross-region verification, no time delay exists, verification of the verification code can be quickly realized, and the problem of verification time delay in cross-region verification in the prior art is solved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:

FIG. 1 is an interaction flow diagram for obtaining a captcha, according to the prior art;

FIG. 2 is an interaction flow diagram for validating a validation code, according to the prior art;

fig. 3 is a block diagram of a hardware structure of a computer terminal of a verification method of a verification code according to an embodiment of the present application

FIG. 4 is a first flowchart of a verification method of a verification code according to an embodiment of the present application;

FIG. 5 is an interaction diagram one of a verification method for a captcha according to an embodiment of the present application;

FIG. 6 is a flow chart II of a verification method of a verification code according to an embodiment of the present application;

FIG. 7 is an interaction diagram two of a verification method of a captcha according to an embodiment of the present application;

FIG. 8 is a flow chart III of a verification method of a verification code according to an embodiment of the present application;

FIG. 9 is a schematic diagram of a verification system for a verification code according to an embodiment of the present application;

FIG. 10 is a first schematic diagram of an apparatus for verifying a verification code according to an embodiment of the present application;

FIG. 11 is a second schematic diagram of an apparatus for verifying a verification code according to an embodiment of the present application;

FIG. 12 is a third schematic diagram of an apparatus for validating a passcode according to an embodiment of the present application; and

fig. 13 is a fourth flowchart of a verification method of a verification code according to an embodiment of the present application.

Detailed Description

In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

First, terms related to the present application are explained as follows:

data encryption: the data is changed through the secret key, a third party cannot obtain the original information, the information cannot be forged and falsified, and the data can be decrypted only by the secret key to obtain the original information.

And (3) replaying: an attacker sends a packet which is received by a target host, and is particularly used for authenticating the packet received by the user identity in the authentication (such as verification code verification of the application) process to achieve the aim of deceiving the system, wherein the packet is mainly used for the identity authentication process and the security of authentication is damaged.

And (3) preventing replay: and storing whether the record request is processed or not through KV, and if so, rejecting the processing.

Example 1

There is also provided, in accordance with an embodiment of the present application, an embodiment of a method for validating code, it being noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer-executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than here.

The method provided by the first embodiment of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Taking the example of the method running on the computer terminal, fig. 3 is a hardware structure block diagram of the computer terminal of the verification method of the verification code according to the embodiment of the present application. As shown in fig. 3, the computer terminal 10 may include one or more (only one shown) processors 302 (the processors 302 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA, etc.), a memory 304 for storing data, and a transmitting device 306 for communication functions. It will be understood by those skilled in the art that the structure shown in fig. 3 is only an illustration and is not intended to limit the structure of the electronic device. For example, the computer terminal 10 may also include more or fewer components than shown in FIG. 3, or have a different configuration than shown in FIG. 3.

The memory 304 may be used to store software programs and modules of application software, such as program instructions/modules corresponding to the verification method of the verification code in the embodiment of the present application, and the processor 302 executes various functional applications and data processing by running the software programs and modules stored in the memory 304, that is, implementing the verification method of the verification code described above. The memory 304 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 304 may further include memory located remotely from the processor 302, which may be connected to the computer terminal 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The transmission device 306 is used for receiving or sending data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the computer terminal 10. In one example, the transmission device 306 includes a Network Interface Controller (NIC) that can be connected to other Network devices through a base station to communicate with the internet. In one example, the transmission device 306 can be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.

Under the operating environment, the application provides a verification method of the verification code as shown in fig. 4. Fig. 4 is a first flowchart of a verification method of a verification code according to an embodiment of the present application. As shown in fig. 4, this scheme can be implemented by the following steps:

step S402: the first server receives a first request sent by the terminal. The first request is used for requesting to acquire the verification code;

step S404: the first server responds to the first request and generates response information, wherein the response information at least comprises a verification code carrier and first verification code information corresponding to the verification code carrier;

step S406: the first server at least returns an authentication code carrier and encrypted first authentication code information to the terminal, wherein the authentication code carrier is used for indicating the terminal to input second authentication code information, and the encrypted first authentication code information is used for indicating the second server to authenticate the second authentication code information in a second request sent by the terminal.

By adopting the embodiment of the application, the first server sends the encrypted first verification code information to the terminal when sending the verification code carrier to the terminal, the terminal sends the encrypted first verification code information to the second server when requesting to verify the input second verification code information, and the server can verify the second verification code information based on the encrypted first verification code information. In the above embodiment, even if the first server and the second server are not the same server, the second server does not need to obtain the first verification code information from the first server, and the second server can directly verify the second verification code information by using the first verification code information sent by the terminal, without information interaction between the two servers, so that when the first server and the second server perform cross-region verification, no time delay exists, verification of the verification code can be quickly realized, and the problem of verification time delay in cross-region verification in the prior art is solved.

The verification code carrier in the above embodiment may be a verification code picture, that is, a picture carrying verification code information, for example, the first server may first generate a character of the first verification code information, randomly twist the character of the first verification code information, write the twisted character on a canvas, and generate a picture, that is, the picture carrying the verification code, that is, the verification code carrier.

The first identifying code information in the above embodiments may be character information carried on the identifying code carrier, and if the information carried on an identifying code picture is "1234", the first identifying code information is "1234".

Specifically, in the above-described embodiment, after the terminal requests access to a target application server (such as a login request, an order placement request, or a registration request), the terminal receives the UR L address (i.e., an authentication resource address) for accessing the first server, generates a first request based on the UR L, after the first server receives the first request sent by the terminal, the first server generates response information including at least an authentication code carrier and first authentication code information corresponding to the authentication code carrier in response to the first request, after the response information is generated, the response information is sent to the terminal, after the terminal receives the response information of the first server, the authentication code carrier in the response information is displayed on a screen of the terminal, and a user can input second authentication code information by operating an input box on the screen of the terminal.

Wherein the second server determines based on the application account, if the target application server determines that the application account belongs to the account in shanghai, the second server sends the authentication request (i.e., the second request) to the second server deployed in shanghai.

In the above embodiment, the required first identifying code information is stored in the user side (i.e., the terminal in the above embodiment) in an encrypted manner, and when the terminal requests for verification, the encrypted first identifying code information and the input second identifying code information are submitted to the server side together, so that a data security effect is achieved, the risk caused by the data synchronization delay of the cross-region KV server is solved, and the cross-region deployed identifying code system is realized.

In the foregoing embodiment of the present application, the generating, by the first server, the response information may include: the first server reads the verification code carrier and the first verification code information from the corresponding key value storage database; encrypting the session information and the first verification code information carried in the first request to obtain encrypted session information and encrypted first verification code information; generating response information based on the encrypted session information, the encrypted first authentication code information and the authentication code carrier.

In the above embodiment, the first server may read the verification code carrier and the first verification code information from the KV storage database (i.e., the key value storage database), then encrypt the session information in the first request sent by the terminal and the retrieved first verification code information to obtain encrypted session information and encrypted first verification code information, and generate the response information based on the encrypted session information, the encrypted first verification code information, and the verification code carrier.

Specifically, the first server sends the encrypted session information to the terminal while returning at least the authentication code carrier and the encrypted first authentication code information to the terminal, wherein the encrypted session information and the encrypted first authentication code information are used for instructing the second server to judge whether the second request is a replay request.

Through the embodiment, the encrypted session information (such as the session number or the session ID) is carried in the response information, and under the condition that the security of the session information and the first verification code information is ensured, the server for verifying the verification code can be ensured to judge whether the terminal initiates replay attack, so that the security of the verification system of the verification code is further ensured.

According to the above-described embodiment, the encrypted first authentication code information requested to be acquired may be stored in the cookie. However, since a plurality of pages under a domain name share one cookie, if a user requests an authentication code at a plurality of pages simultaneously on a terminal, only the encrypted first authentication code information that is obtained last can be written in the cookie, and in order to ensure that a plurality of pages can all obtain the encrypted first authentication code information, the terminal can store the encrypted first authentication code information in a hidden field (i.e., a hidden field of the page) after receiving the encrypted first authentication code information.

In addition, the size of the cookie is limited, if the cookie under one domain name is too many, the cookie may be lost, and after the terminal acquires the encrypted first verification code information, the encrypted first verification code information is stored in the hidden domain, so that the problem of information loss can be avoided.

As shown in fig. 5, the above embodiments of the present application are detailed by taking the verification code carrier as the verification code picture as an example:

step S501, the terminal sends an access request to a target application server.

Optionally, the access request may be a request requiring identity authentication, such as a login request, an order placement request (if the target application server is a server of a resource transfer site, the request may be a resource transfer request), and a registration request.

Step S502: the target application server returns the request response information.

The request response information is used for instructing the terminal to input an application account number and a password and input an authentication code.

Further, the request response message carries an authentication resource address, and the authentication resource address points to the first server.

Step S503: and the terminal sends a first request to the first server pointed by the verification resource address, wherein the request is used for requesting to acquire the verification code.

Step S504: and the first server responds to the first request to acquire the verification code picture and the picture result from the KV storage database, wherein the picture result is the first verification code information.

Step S505: and the first server writes and encrypts the session information in the first request and the acquired first verification code information to obtain the encrypted first verification code information and the encrypted session information.

Step S506: the first server generates response information.

This step is consistent with the implementation manner in the above embodiment, and is not described herein again.

Step S507: and the first server returns the response information to the terminal.

After the terminal acquires the response information, the encrypted first verification code information, the input second verification code information, the application account and the password are sent to the application program together according to the processing method in the above embodiment, the application program uses the application account and the password to perform identity verification on the terminal, the application program further sends the second verification code information and the encrypted first verification code information to the second server, and the second server uses the first verification code information to perform verification on the second verification code information.

By the embodiment, the cross-region deployment of the authentication server can be realized, the user can be authenticated accurately and safely without time delay, and the authentication request can be ensured not to be played back.

It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.

Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present application.

Example 2

According to an embodiment of the present application, there is further provided a verification method of a verification code, where the method is applied to a second server, and as shown in fig. 6, the method may include:

step S601: the method comprises the steps that a second server receives a second request sent by a terminal, wherein the second request carries encrypted first verification code information and second verification code information, the second request is used for requesting to verify the second verification code information by using the encrypted first verification code information, the encrypted first verification code information is sent to the terminal by the first server, the second verification code information is information input by the terminal based on a verification code carrier sent by the first server, and the verification code carrier corresponds to the first verification code information;

step S603: the second server verifies the second verification code information using the encrypted first verification code information in response to the second request.

Specifically, verifying the second captcha information using the encrypted first captcha information may include: the second server decrypts the encrypted first verification code information to obtain first verification code information; if the first verification code information is consistent with the second verification code information, the second server verifies that the second verification code information is correct; and if the first verification code information is inconsistent with the second verification code information, the second server verifies that the second verification code information is incorrect.

When the second server verifies the second verification code information by using the encrypted first verification code information, the second server decrypts the encrypted first verification code information to obtain the first verification code information; comparing whether the decrypted first verification code information and the decrypted second verification code information are consistent or not, and if the first verification code information and the second verification code information are consistent, verifying that the second verification code information is correct by the second server; and if the first verification code information is inconsistent with the second verification code information, the second server verifies that the second verification code information is incorrect.

The first identifying code information and the second identifying code information are consistent, which means that characters in the identifying code information are consistent, and the characters belong to the consistent category with different capital and small cases, for example, the first identifying code information is 'ABCd', the second identifying code information is 'ABCd', and the first identifying code information and the second identifying code information are also judged to be consistent.

According to the embodiment of the application, the second request also carries encrypted session information sent to the terminal by the first server, wherein after the second verification code information is verified by using the encrypted first verification code information, the second server stores the session information and the first verification code information into the corresponding key value storage database.

In this embodiment, after the second verification code information of the terminal is verified each time, the encrypted first verification code information and the encrypted session information carried in the second request of the terminal are used as key value pairs, for example, KV storage database corresponding to the second server is stored, when the second request (such as verification request) is received next time, the session information in the second request is used to find whether the second request is a playback request (i.e., playback request), if so, the second server does not respond to the second request, and if not, the second server responds to the request.

Specifically, before verifying the second verification code information by using the encrypted first verification code information, the second server searches whether stored verification code information corresponding to the session information is recorded in a corresponding key value storage database; under the condition that the stored verification code information corresponding to the session information is found, the second server determines that the second request is a replay request; the second server determines that the second request is not a replay request in a case where the stored authentication code information corresponding to the session information is not found.

Specifically, verifying the second captcha information using the encrypted first captcha information includes: verifying the second authentication code information using the encrypted first authentication code information in a case where the second request is not a playback request;

in the case where the second request is a replay request, the second server does not respond to the second request, that is, does not verify the second verification code information using the encrypted first verification code information.

In the above embodiment, each time the second request is received, the second request is detected by replay attack, so that the security of the verification system of the whole verification code is ensured.

The above-mentioned embodiment of the present application is described in detail below with reference to fig. 7, and as shown in fig. 7, the above-mentioned embodiment may include the following steps:

step S701: the terminal sends a second request to the target application server.

The second request is an authentication request, and the authentication request may carry an application account, a password, encrypted session information, encrypted first authentication code information, and second authentication code information received by the terminal.

Step S702: and the target application server sends the encrypted session information, the encrypted first verification code information and the second verification code information received by the terminal to a second server.

And the target application server performs identity authentication on the user by using the application account and the password, and simultaneously sends the encrypted session information, the encrypted first verification code information and the second verification code information received by the terminal to the second server.

A corresponding table of an application account and an area may be preset, the area corresponding to the application account is determined, and if the determined area is the jingtang area, the encrypted session information, the encrypted first verification code information, and the second verification code information received by the terminal are sent to a server (i.e., a second server) deployed in the jingtang area.

Step S703: and after receiving the second request, the second server decrypts the encrypted session information and the encrypted first verification code information to obtain the session information and the first verification code information.

The first server and the second server may agree on a key for encryption and decryption in advance.

Step S704: the second server verifies whether the second request is a replay request using the session information and the first verification code information.

The implementation manner of this step is consistent with that of the corresponding step in the above embodiments, and is not described herein again.

Step S705: and under the condition that the second request is not a replay request, the second server verifies the consistency of the first verification code information and the second verification code information to obtain a verification result.

The implementation manner of this step is consistent with that of the corresponding scheme in the above embodiments, and is not described herein again.

Step S706: and the second server returns the verification result to the terminal.

The verification result may be a result of passing the verification or a result of failing to pass the verification.

Step S707: and the session information and the first verification code information of the second server are stored into a corresponding KV storage database as key value pairs.

The session information and the first verification code information stored in the KV storage database are used to verify whether the received verification request is a replay request.

The sequence of executing the step S706 and the step S707 is not limited in the present application.

Example 3

According to an embodiment of the present application, there is further provided a verification method of a verification code, where the method is applied to a second server, and as shown in fig. 8, the method may include the following steps:

step S801: the terminal sends a first request to a first server, wherein the first request is used for requesting to acquire the verification code;

step S802: the terminal receives response information returned by the first server in response to the first request, wherein the response information at least comprises an authentication code carrier and encrypted first authentication code information;

step S803: the terminal acquires second verification code information based on the verification code carrier;

step S804: the terminal generates a second request, wherein the second request at least comprises second verification code information and encrypted first verification code information;

step S805: and the terminal sends a second request to the second server, wherein the second request is used for verifying the second verification code information by using the encrypted first verification code information.

Specifically, before the terminal sends the first request to the first server, the method further includes: the terminal sends an access request to a target application server; and the terminal receives a verification resource address returned by the target application server, wherein the verification resource address points to the first server.

Optionally, the terminal generating the second request includes: the terminal generates a second request based on the second passcode information input through the terminal, the encrypted first passcode information, an application account for accessing the target application server, and the password.

According to the above embodiment of the present application, the terminal sending the second request to the second server includes: and the terminal sends a second request to the target application server, wherein the application account and the password in the second request are used for verifying the legality of the terminal, and the first verification code information and the second verification code information in the second request are used for being sent to the second server by the target application server.

Example 4

According to an embodiment of the present application, there is also provided a verification system of a verification code for implementing the verification method of the verification code, as shown in fig. 9, the verification system of the verification code includes:

the first server 91 is configured to receive a first request sent by a terminal, where the first request is used to request to acquire an authentication code, and generate response information in response to the first request, where the response information at least includes an authentication code carrier and first authentication code information corresponding to the authentication code carrier; the first server is also used for returning at least the verification code carrier and the encrypted first verification code information to the terminal;

the second server 93 is configured to receive a second request sent by the terminal, where the second request carries encrypted first verification code information and second verification code information, the second request is used to request that the encrypted first verification code information is used to verify the second verification code information, and the second verification code information is information input by the terminal based on the verification code carrier sent by the first server; the second server is further configured to verify the second verification code information using the encrypted first verification code information in response to the second request.

Specifically, the first server in the solution is further configured to send the encrypted session information to the terminal while the first server returns at least the authentication code carrier and the encrypted first authentication code information to the terminal; and the second server is also used for judging whether the second request is a replay request or not by using the encrypted session information and the encrypted first verification code information in the second request after receiving the second request of the terminal.

Example 5

According to an embodiment of the present application, there is also provided an apparatus for verifying a verification code, configured to implement the verification method for the verification code, as shown in fig. 10, and disposed on a first server, the apparatus including:

a first receiving unit 101, configured to receive a first request sent by a terminal, where the first request is used to request to acquire an authentication code;

a first response unit 103, configured to generate response information in response to the first request, where the response information at least includes the verification code carrier and first verification code information corresponding to the verification code carrier;

a first returning unit 105, configured to return, by the first server, at least an authentication code carrier and encrypted first authentication code information to the terminal, where the authentication code carrier is used to instruct the terminal to input second authentication code information, and the encrypted first authentication code information is used to instruct the second server to authenticate the second authentication code information in the second request sent by the terminal.

The present application further provides an apparatus for verifying a verification code, which is disposed on a second server, and the apparatus may include as shown in fig. 11: a second receiving unit 111, configured to receive a second request sent by the terminal, where the second request carries encrypted first verification code information and second verification code information, the second request is used to request that the second verification code information is verified by using the encrypted first verification code information, the encrypted first verification code information is sent by the first server to the terminal, the second verification code information is information that is input by the terminal based on a verification code carrier sent by the first server, and the verification code carrier corresponds to the first verification code information; a second response unit 113, configured to instruct the second server to verify the second verification code information with the encrypted first verification code information in response to the second request.

The present application also provides a verification apparatus for a verification code provided on a terminal, the apparatus including, as shown in fig. 12: a first sending unit 121, configured to send a first request to a first server, where the first request is used to request to obtain an authentication code; a third receiving unit 123, configured to receive response information returned by the first server in response to the first request, where the response information at least includes the verification code carrier and the first verification code information carried by the verification code carrier; an obtaining unit 125 configured to obtain second verification code information based on the verification code carrier; a generating unit 127, configured to generate a second request, where the second request includes at least second verification code information and encrypted first verification code information; a second sending unit 129, configured to send a second request to the second server, where the second request is used to verify the second verification code information by using the encrypted first verification code information.

It should be noted that, the above units or modules are the same as the examples and application scenarios realized by the steps in the corresponding embodiments, but are not limited to the disclosure of the above embodiments. It should be noted that the above-mentioned units may be executed in the computer terminal provided in the embodiment as a part of the apparatus, and may be implemented by software or hardware.

Example 6

Embodiments of the present application may provide a computer terminal, which may be any one of computer terminal devices (such as the above-mentioned terminal, the first server or the second server) in a computer terminal group. Optionally, in this embodiment, the computer terminal may also be replaced with a terminal device such as a mobile terminal.

Optionally, in this embodiment, the computer terminal may be located in at least one network device of a plurality of network devices of a computer network.

Alternatively, fig. 13 is a block diagram of a computer terminal according to an embodiment of the present application. As shown in fig. 13, the computer terminal a may include: one or more processors 1301 (only one of which is shown), a memory 1303, and a transmitting device 1305.

The memory 1303 may be configured to store software programs and modules, such as program instructions/modules corresponding to the verification method and apparatus for verification codes in the embodiments of the present application, and the processor 1301 executes various functional applications and data processing by running the software programs and modules stored in the memory 1303, that is, implementing the verification method for verification codes. Memory 1303 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 1303 may further include memory located remotely from processor 1301, which may be connected to terminal a through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The transmitting device 1305 is used for receiving or transmitting data via a network. Examples of the network may include a wired network and a wireless network. In one example, the transmitting device 1305 includes a network adapter (NIC) that can be connected to a router via a network cable and other network devices to communicate with the internet or a local area network. In one example, the transmitting device 1305 is a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.

Specifically, the memory 1303 is used for storing preset action conditions, information of preset authorized users, and application programs.

In this embodiment, the computer terminal may perform the following steps in the verification method of the verification code:

step S1: the method comprises the steps that a first server receives a first request sent by a terminal, wherein the first request is used for requesting to acquire a verification code;

step S2: the first server responds to the first request and generates response information, wherein the response information at least comprises a verification code carrier and first verification code information corresponding to the verification code carrier;

step S3: the first server at least returns an authentication code carrier and encrypted first authentication code information to the terminal, wherein the authentication code carrier is used for indicating the terminal to input second authentication code information, and the encrypted first authentication code information is used for indicating the second server to authenticate the second authentication code information in a second request sent by the terminal.

The computer terminal can also execute the following steps in the verification method of the verification code:

step S4: the method comprises the steps that a second server receives a second request sent by a terminal, wherein the second request carries encrypted first verification code information and second verification code information, the second request is used for requesting to verify the second verification code information by using the encrypted first verification code information, the encrypted first verification code information is sent to the terminal by the first server, the second verification code information is information input by the terminal based on a verification code carrier sent by the first server, and the verification code carrier corresponds to the first verification code information;

step S5: the second server verifies the second verification code information using the encrypted first verification code information in response to the second request.

The processor can also execute the following steps in the verification method of the verification code:

step S6: the terminal sends a first request to a first server, wherein the first request is used for requesting to acquire the verification code;

step S7: the terminal receives response information returned by the first server in response to the first request, wherein the response information at least comprises a verification code carrier and encrypted first verification code information, and the first verification code information is information carried in the verification code carrier;

step S8: the terminal acquires second verification code information based on the verification code carrier;

step S9: the terminal generates a second request, wherein the second request at least comprises second verification code information and encrypted first verification code information;

step S10: and the terminal sends a second request to the second server, wherein the second request is used for verifying the second verification code information by using the encrypted first verification code information.

It can be understood by those skilled in the art that the structure shown in fig. 13 is only an illustration, and the computer terminal may also be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palmtop computer, a Mobile Internet Device (MID), a PAD, and the like. Fig. 13 is a diagram illustrating a structure of the electronic device. For example, the computer terminal may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in FIG. 13, or have a different configuration than shown in FIG. 13.

Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.

Example 7

Embodiments of the present application also provide a storage medium. Optionally, in this embodiment, the storage medium may be configured to store a program code executed by the verification method of the verification code provided in the first embodiment.

Optionally, in this embodiment, the storage medium may be located in any one of computer terminals in a computer terminal group in a computer network, or in any one of mobile terminals in a mobile terminal group.

Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps:

step S7: the terminal receives response information returned by the first server in response to the first request, wherein the response information at least comprises an authentication code carrier and encrypted first authentication code information;

The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.

In the above embodiments of the present application, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.

In the several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.

The foregoing is only a preferred embodiment of the present application and it should be noted that those skilled in the art can make several improvements and modifications without departing from the principle of the present application, and these improvements and modifications should also be considered as the protection scope of the present application.

Claims

1. A verification method of a verification code, comprising:

a first server receives a first request sent by a terminal;

the first server responds to the first request and generates response information, wherein the response information at least comprises a verification code carrier and first verification code information corresponding to the verification code carrier;

the first server at least returns the verification code carrier and encrypted first verification code information to the terminal, wherein the verification code carrier is used for indicating the terminal to input second verification code information, and the encrypted first verification code information is used for indicating a second server to verify the second verification code information in a second request sent by the terminal; and the second server receives the second request sent by the terminal, wherein the second request carries encrypted first verification code information and second verification code information.

2. The method of claim 1, wherein generating response information comprises:

the first server reads the verification code carrier and the first verification code information from a corresponding key value storage database;

encrypting the session information and the first verification code information carried in the first request to obtain encrypted session information and encrypted first verification code information;

generating the response information based on the encrypted session information, the encrypted first authentication code information, and the authentication code carrier.

3. The method according to claim 2, wherein while the first server returns at least the authentication code carrier and the encrypted first authentication code information to the terminal, the method further comprises:

and the first server sends the encrypted session information to the terminal, wherein the encrypted session information and the encrypted first verification code information are used for the second server to judge whether the second request is a replay request.

4. The method of claim 2, wherein the session information carried in the first request comprises: a session number or a session ID.

5. The method according to any one of claims 1 to 4, wherein the captcha carrier comprises: and verifying the code picture.

6. A verification method of a verification code, comprising:

a second server receives a second request sent by a terminal, wherein the second request carries encrypted first verification code information and second verification code information, the second request is used for requesting to verify the second verification code information by using the encrypted first verification code information, the encrypted first verification code information is sent to the terminal by the first server, the second verification code information is input by the terminal based on a verification code carrier sent by the first server, and the verification code carrier corresponds to the first verification code information;

the second server verifies the second verification code information using the encrypted first verification code information in response to the second request.

7. The method of claim 6, wherein verifying the second captcha information using the encrypted first captcha information comprises:

the second server decrypts the encrypted first verification code information to obtain the first verification code information;

if the first verification code information is consistent with the second verification code information, the second server verifies that the second verification code information is correct;

and if the first verification code information is inconsistent with the second verification code information, the second server verifies that the second verification code information is incorrect.

8. The method according to claim 6, wherein the second request further carries encrypted session information that is sent to the terminal by the first server, and wherein after the second authentication code information is authenticated by using the encrypted first authentication code information, the method further comprises:

and the second server stores the session information and the first verification code information into a corresponding key value storage database.

9. The method according to any of claims 6 to 8, wherein the second request further carries encrypted session information that the first server sent to the terminal, wherein,

before verifying the second captcha information with the encrypted first captcha information, the method further includes: searching whether stored verification code information corresponding to the session information is recorded in a corresponding key value storage database; the second server determines that the second request is a replay request under the condition that stored verification code information corresponding to the session information is found; the second server determines that the second request is not the replay request when stored authentication code information corresponding to the session information is not found;

verifying the second captcha information using the encrypted first captcha information includes: verifying the second verification code information using the encrypted first verification code information in a case where the second request is not the playback request.

10. A verification method of a verification code, comprising:

the terminal sends a first request to a first server;

the terminal receives response information returned by the first server in response to the first request, wherein the response information at least comprises an authentication code carrier and encrypted first authentication code information;

the terminal acquires second verification code information based on the verification code carrier;

the terminal generates a second request, wherein the second request at least comprises the second verification code information and the encrypted first verification code information;

and the terminal sends the second request to a second server, wherein the second request is used for indicating that the encrypted first verification code information is used for verifying the second verification code information.

11. The method of claim 10, wherein before the terminal sends the first request to the first server, the method further comprises:

the terminal sends an access request to a target application server;

and the terminal receives a verification resource address returned by the target application server, wherein the verification resource address points to the first server.

12. The method of claim 10, wherein the terminal generating the second request comprises:

the terminal generates the second request based on the second passcode information, the encrypted first passcode information, an application account for accessing a target application server, and a password input through the terminal.

13. The method of claim 12, wherein sending, by the terminal, the second request to a second server comprises:

and the terminal sends the second request to the target application server, wherein the application account and the password in the second request are used for verifying the validity of the terminal, and the first verification code information and the second verification code information in the second request are used for being sent to the second server by the target application server.

14. The method according to claim 12, wherein after the terminal receives response information returned by the first server in response to the first request, the method further comprises: and the terminal stores the encrypted first verification code information in a hidden field of a page.

15. A verification system for a verification code, comprising:

the first server is used for receiving a first request sent by a terminal and responding to the first request to generate response information, wherein the response information at least comprises a verification code carrier and first verification code information corresponding to the verification code carrier; the first server is further used for returning at least the verification code carrier and the encrypted first verification code information to the terminal;

the second server is configured to receive a second request sent by the terminal, where the second request carries the encrypted first verification code information and second verification code information, the second request is used to request that the encrypted first verification code information is used to verify the second verification code information, and the second verification code information is information input by the terminal based on a verification code carrier sent by the first server; the second server is further configured to verify the second verification code information using the encrypted first verification code information in response to the second request.

16. The system of claim 15,

the first server is further used for sending the encrypted session information to the terminal while the first server at least returns the verification code carrier and the encrypted first verification code information to the terminal;

the second server is further configured to, after receiving a second request of the terminal, determine whether the second request is a playback request by using the encrypted session information and the encrypted first authentication code information in the second request.

17. An apparatus for verifying a verification code, provided on a first server, comprising:

a first receiving unit, configured to receive a first request sent by a terminal;

a first response unit, configured to generate response information in response to the first request, where the response information at least includes an authentication code carrier and first authentication code information corresponding to the authentication code carrier;

a first returning unit, configured to return, by the first server, at least the verification code carrier and encrypted first verification code information to the terminal, where the verification code carrier is used to instruct the terminal to input second verification code information, and the encrypted first verification code information is used to instruct a second server to verify the second verification code information in a second request sent by the terminal; and the second server receives the second request sent by the terminal, wherein the second request carries encrypted first verification code information and second verification code information.

18. An apparatus for verifying a verification code, provided on a second server, comprising:

a second receiving unit, configured to receive a second request sent by a terminal, where the second request carries encrypted first verification code information and second verification code information, the second request is used to request that the encrypted first verification code information is used to verify the second verification code information, the encrypted first verification code information is sent to the terminal by a first server, the second verification code information is information that is input by the terminal based on a verification code carrier sent by the first server, and the verification code carrier corresponds to the first verification code information;

a second response unit, configured to verify, by the second server, the second verification code information using the encrypted first verification code information in response to the second request.

19. An apparatus for verifying a verification code, provided on a terminal, includes:

a first sending unit, configured to send a first request to a first server;

a third receiving unit, configured to receive response information returned by the first server in response to the first request, where the response information includes at least an authentication code carrier and encrypted first authentication code information;

an acquisition unit configured to acquire second verification code information based on the verification code carrier;

a generating unit, configured to generate a second request, where the second request includes at least the second verification code information and the encrypted first verification code information;

a second sending unit, configured to send the second request to a second server, where the second request is used to verify the second verification code information by using the encrypted first verification code information.