CN109902459B - Man-machine identification verification method, system, equipment and storage medium for WEB page - Google Patents
Man-machine identification verification method, system, equipment and storage medium for WEB page Download PDFInfo
- Publication number
- CN109902459B CN109902459B CN201711308348.7A CN201711308348A CN109902459B CN 109902459 B CN109902459 B CN 109902459B CN 201711308348 A CN201711308348 A CN 201711308348A CN 109902459 B CN109902459 B CN 109902459B
- Authority
- CN
- China
- Prior art keywords
- data
- user
- clicked
- click
- form submission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a man-machine identification verification method, a system, equipment and a storage medium of a WEB page, wherein the man-machine identification verification method comprises the following steps: binding a form submission button of a WEB page with a user behavior collection event; collecting user behaviors in real time and extracting user data; the method and the device realize receiving the click operation of the form submission button, simultaneously carry out man-machine identification processing on the extracted user data, and realize judging whether the click operation is man-machine operation or computer operation. The verification method overcomes the defects that the verification code needs to be input for verification by clicking the submission button all the time in the verification code verification mode in the prior art, and the verification code does not need to be input after clicking the submission button each time, thereby solving the problem of forcibly displaying the verification code on the existing WEB page, ensuring safe operation and simultaneously improving user experience.
Description
Technical Field
The present invention relates to the field of information processing technologies, and in particular, to a method, a system, a device, and a storage medium for human-computer identification and verification of a World Wide WEB (WEB) page.
Background
Verification codes (CAPTCHA, complete automatic Public Turing test to tell Computers and Humans Apart), originally proposed in 2002 by the Luis von Ahn, Manuel Blum, Nicholas j. hoppe and IBM (International Business Machines Corporation), are a test scheme for distinguishing whether operating users are Computers or Humans, have been widely used in the scenes of interception of illegal acts such as malicious cracking passwords, ticket swiping, and water pouring forums, and are one of the security policies that are necessary for many websites at present.
Taking a WEB page as an example, the following schemes for showing and verifying verification codes mainly exist in the prior art, specifically:
(1) character verification code
As shown in fig. 1, a user inputs a verification code according to characters in a picture displayed on a verification code page, and if the characters input by the user are consistent with the picture characters, the user operating a WEB page is determined to be a person, and subsequent operations are allowed; otherwise, judging that the computer is operated on the WEB page, and requiring the user to continuously input the verification code until the character verification code is input; or when the number of times of mistake-input verification codes exceeds a set threshold value, the user is refused to continue operating.
(2) Sliding behavior verification code
The verification process of the verification code needs to be combined with manual identification processing, wherein the man-machine identification is an identification mode for judging whether a user is a person or a computer by analyzing user behavior characteristics (such as mouse click, keyboard click, mouse sliding, mouse track and the like) on a browser.
As shown in fig. 2 and 3, behavior characteristics of the user in the sliding process are collected and sent to the server side for man-machine recognition processing. If the input user behavior characteristic data is consistent with the data set by the system, the user behavior is considered to be legal (the behavior characteristic accords with the behavior characteristic of a normal person), the user operating the WEB page is judged to be a person, and the subsequent operation is allowed; otherwise, judging that the computer is operated on the WEB page, and requiring the user to continuously input the verification code until the sliding behavior verification code is input; or when the number of times of mistake-input verification codes exceeds a set threshold value, the user is refused to continue operating.
(3) Click behavior verification code
This verification process needs to be combined with a manual identification process.
As shown in fig. 4, behavior characteristics of the user before clicking are collected and sent to the server side for man-machine identification processing. If the input user behavior characteristic data is consistent with the data set by the system, the user behavior is considered to be legal (the behavior characteristic accords with the behavior characteristic of a normal person), the user operating the WEB page is judged to be a person, and the subsequent operation is allowed; otherwise, judging that the computer is operated on the WEB page, and requiring the user to continuously input the verification code until the sliding behavior verification code is input; or when the number of times of mistake-input verification codes exceeds a set threshold value, the user is refused to continue operating.
The above is the most common display mode of three verification codes at present, but for the three verification codes, the user experience has problems, which are specifically as follows:
for the character verification code, the picture is easy to be cracked by image recognition software or a coding platform. In order to enhance the cracking difficulty, a website owner can distort characters and increase interference on the background, so that normal users are difficult to recognize; meanwhile, the character verification code is forcibly embedded into the page, and a user needs to input the character verification code every time, so that the user experience is not satisfied.
For the sliding behavior verification code, the safety is improved relative to the character verification code; the sliding operation does not need typing and inputting, so that the user experience is improved, but the verification code verification mode can simulate the behavior of a person by writing a front-end script program and controlling the mouse to slide to the area to be verified, so that the verification is bypassed; meanwhile, the sliding behavior verification code is forcibly embedded into the page, and the user needs to perform sliding operation every time, so that the user experience is not satisfied.
For the click behavior verification code, a character verification code verification mode image identification and code printing platform is avoided, and for a user, the click operation is more convenient than the sliding operation. The click behavior verification code verification mode weakens verification code form verification of the user operation interface, but strengthens the analysis process of a background on user behaviors; but still need the user to input the identifying code every time and carry out the verification operation, not satisfied user experience.
Disclosure of Invention
The invention aims to solve the technical problem that in the verification code verification mode in the prior art, after a user needs to input a verification code for verification operation each time, the judgment on a target person who operates a form submission button or a computer can be realized, and aims to provide a man-machine identification verification method, a man-machine identification verification system, a man-machine identification verification device and a storage medium for a WEB page.
The invention solves the technical problems through the following technical scheme:
the invention provides a man-machine identification verification method based on a WEB page, which comprises the following steps:
s1, binding a form submission button in the WEB page with a user behavior collection event;
s2, collecting user behaviors in real time through the user behavior collection events, and extracting user data from the user behaviors;
s3, receiving the click operation of the form submission button, and simultaneously performing man-machine identification processing on the extracted user data to judge whether the click operation is a human operation or a computer operation.
Preferably, step S3 further includes:
if the judgment is manual operation, allowing the response to the click operation;
and if the judgment is computer operation, refusing to respond to the click operation.
Preferably, step S3 further includes:
if the manual operation or the computer operation cannot be judged, acquiring a first matching degree between the click operation and the manual operation, and simultaneously generating and displaying a corresponding verification code;
the first matching degree is inversely related to the complexity of the verification code.
Preferably, step S3 further includes:
if the manual operation or the computer operation cannot be judged, acquiring a second matching degree between the click operation and the computer operation, and simultaneously generating and displaying a corresponding verification code;
the second matching degree is positively correlated with the complexity of the verification code.
Preferably, the verification codes sequentially comprise, from low to high in complexity ranking: character type verification code, Chinese character click verification code and Sudoku Chinese character pinyin click verification code.
Preferably, the user data comprises at least one of user behavior feature data, user equipment data, page data and browser data;
the user behavior characteristic data comprises at least one of mouse click times before clicking the form submission button, mouse sliding times before clicking the form submission button, mouse tracks before clicking the form submission button and keyboard click times before clicking the form submission button;
the user equipment data comprises user fingerprint data on the user equipment before the form submitting button is clicked and/or IP (Internet Protocol, Protocol for interconnection between networks) data of the user equipment before the form submitting button is clicked;
the page data comprises the data of the current page HOST (a domain name for the virtual HOST server and a transmission control protocol port number monitored by the server) before a form submission button is clicked;
the browser data comprises browser identity identification character string data before a form submission button is clicked.
Preferably, the step of determining whether the click operation is a manual operation or a computer operation in step S3 specifically includes:
and judging whether a manual operation check request rule is met or not according to the user data, and if so, judging that the click operation is a manual operation.
Preferably, the step of determining whether the click operation is a manual operation or a computer operation in step S3 specifically includes:
judging whether the mouse track before the form submission button is clicked is consistent with the historical mouse track or not according to the user data, and if so, determining that the clicking operation is computer operation; and/or the presence of a gas in the gas,
judging whether the sum of the mouse click times before the form submitting button is clicked and the keyboard click times before the form submitting button is clicked is less than the sum of the mouse click times and the keyboard click times before the page is not refreshed or not according to the user data, and if so, determining that the click operation is computer operation; and/or the presence of a gas in the gas,
and judging whether the current page HOST data is consistent with the page HOST data jumped to after the form submission button is clicked according to the user data, and if not, determining that the clicking operation is computer operation.
Preferably, when the step S3 includes an operation of obtaining a second matching degree between the click operation and the computer operation, the step of obtaining the second matching degree specifically includes:
judging whether the mouse click times before the form submission button is clicked are larger than a first set threshold value or not according to the user data, and/or judging whether the keyboard click times before the form submission button is clicked are larger than a second set threshold value or not according to the user data, and if so, acquiring a first matching value; or the like, or, alternatively,
judging whether the mouse click frequency before the form submission button is clicked is greater than a first set threshold and the IP data of the user equipment belongs to data in a historical blacklist or not according to the user data, and/or judging whether the keyboard click frequency before the form submission button is clicked is greater than a second set threshold and the user fingerprint data on the user equipment belongs to data in the historical blacklist or not according to the user data, and if so, acquiring a second matching value; or the like, or, alternatively,
judging whether the mouse click frequency before the form submission button is clicked is greater than a first set threshold value and the IP data of the user equipment and the browser identity identification character string data belong to data in a historical blacklist or not according to the user data, and/or judging whether the keyboard click frequency before the form submission button is greater than a second set threshold value and the user fingerprint data of the user equipment and the browser identity identification character string data belong to data in the historical blacklist or not according to the user data, and if so, acquiring a third matching value;
wherein the first match value is less than the second match value, which is less than the third match value.
The invention also provides a man-machine identification verification system based on the WEB page, which comprises a binding module, a collecting module, an extracting module, a receiving module and a judging module;
the binding module is used for binding a form submission button in a WEB page with a user behavior collection event;
the collection module is used for collecting the user behaviors in real time through the user behavior collection events and calling the extraction module;
the extraction module is used for extracting user data from the user behaviors;
the receiving module is used for receiving the click operation of the form submission button and calling the judging module;
the judgment module is used for performing man-machine identification processing on the extracted user data and judging whether the clicking operation is manual operation or computer operation.
Preferably, the judging module is further configured to allow the response to the click operation if the judgment is made as a manual operation;
and if the judgment is computer operation, refusing to respond to the click operation.
Preferably, the human-machine identification verification system includes a first processing module, configured to obtain a first matching degree between the click operation and the manual operation when the determination module cannot determine whether the human operation or the computer operation is performed, and generate and display a corresponding verification code;
the first matching degree is inversely related to the complexity of the verification code.
Preferably, the human-machine identification verification system includes a second processing module, configured to obtain a second matching degree between the click operation and the manual operation when the determination module cannot determine whether the manual operation or the computer operation is performed, and generate and display a corresponding verification code at the same time;
the second degree of match is positively correlated with the complexity of the captcha.
Preferably, the verification codes sequentially comprise, from low to high in complexity ranking: character type verification code, Chinese character click verification code and Sudoku Chinese character pinyin click verification code.
Preferably, the user data comprises at least one of user behavior feature data, user equipment data, page data and browser data;
the user behavior characteristic data comprises at least one of mouse click times before clicking the form submission button, mouse sliding times before clicking the form submission button, mouse tracks before clicking the form submission button and keyboard click times before clicking the form submission button;
the user equipment data comprises user fingerprint data on the user equipment before a form submission button is clicked and/or IP data of the user equipment before the form submission button is clicked;
the page data comprises current page HOST data before a form submission button is clicked;
the browser data comprises browser identity identification character string data before a form submission button is clicked.
Preferably, the judging module is configured to judge whether a rule of a manual operation check request is satisfied according to the user data, and if so, judge that the click operation is a manual operation.
Preferably, the judging module is configured to judge whether a mouse track before the form submission button is clicked is consistent with a historical mouse track according to the user data, and if so, determine that the clicking operation is a computer operation; and/or the presence of a gas in the gas,
the judging module is also used for judging whether the sum of the mouse click times before the form submitting button is clicked and the keyboard click times before the form submitting button is clicked is less than the sum of the mouse click times and the keyboard click times before the page is not refreshed or not according to the user data, and if so, the click operation is determined to be computer operation; and/or the presence of a gas in the gas,
the judging module is also used for judging whether the current page HOST data is consistent with the page HOST data jumped to after the form submitting button is clicked according to the user data, and if not, determining that the clicking operation is computer operation.
Preferably, the judging module is configured to judge whether the number of mouse clicks before the form submission button is clicked is greater than a first set threshold according to the user data, and/or the judging module is further configured to judge whether the number of keyboard clicks before the form submission button is clicked is greater than a second set threshold according to the user data, and if so, the second processing module is invoked to obtain a first matching value; or the like, or, alternatively,
judging whether the mouse click frequency before the form submission button is clicked is greater than a first set threshold value and the IP data of the user equipment belongs to data in a historical blacklist or not according to the user data, and/or judging whether the keyboard click frequency before the form submission button is clicked is greater than a second set threshold value and the user fingerprint data on the user equipment belongs to data in the historical blacklist or not according to the user data, and if so, calling to obtain a second matching value; or the like, or, alternatively,
judging whether the mouse click frequency before the form submission button is clicked is greater than a first set threshold value and the IP data of the user equipment and the browser identity identification character string data belong to data in a historical blacklist or not according to the user data, and/or judging whether the keyboard click frequency before the form submission button is greater than a second set threshold value and the user fingerprint data of the user equipment and the browser identity identification character string data belong to data in the historical blacklist or not according to the user data, and if so, calling the second processing module to obtain a third matching value;
wherein the first match value is less than the second match value, which is less than the third match value.
The invention also provides a device for man-machine identification and verification based on the WEB page, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the man-machine identification and verification method based on the WEB page when executing the computer program.
The present invention also provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps of the above-mentioned WEB page-based human-machine identification verification method. The positive progress effects of the invention are as follows:
according to the invention, the form submission button of the WEB page is bound with the user behavior collection event, the user behavior is collected in real time, the user data is extracted, the click operation of the form submission button is received, meanwhile, the man-machine identification processing is carried out on the extracted user data, and the judgment of whether the click operation is a man-made operation or a computer operation is realized, so that the defect that the submission button needs to be input with the verification code for verification in the verification code verification mode in the prior art is overcome, the verification code does not need to be input after the submission button is clicked every time, the problem of forcibly displaying the verification code on the WEB page is solved, the safety operation is ensured, and the user experience is improved.
Drawings
FIG. 1 is a diagram illustrating the verification of a character verification code in the prior art;
FIG. 2 is a diagram illustrating verification of a sliding behavior verification code according to the prior art;
FIG. 3 is a diagram illustrating verification of a sliding behavior verification code according to the prior art;
FIG. 4 is a diagram illustrating verification of a click behavior verification code according to the prior art;
fig. 5 is a flowchart of a man-machine identification verification method based on a WEB page in embodiment 1 of the present invention;
fig. 6 is a chinese character click verification code of the WEB page-based man-machine identification verification method in embodiment 1 of the present invention;
FIG. 7 is a nine-square Chinese character pinyin click verification code of the WEB page-based human-machine identification verification method in embodiment 1 of the present invention;
fig. 8 is a schematic block diagram of a human-computer identification verification system based on a WEB page in embodiment 2 of the present invention.
Detailed Description
The invention is further illustrated by the following examples, which are not intended to limit the scope of the invention.
Example 1
As shown in fig. 5, the man-machine identification verification method based on the WEB page of the embodiment includes:
s101, binding a form submission button in a WEB page with a user behavior collection event;
s102, collecting user behaviors in real time through the user behavior collection events, and extracting user data from the user behaviors;
wherein the user data comprises at least one of user behavior feature data, user equipment data, page data and browser data;
the user behavior characteristic data comprises at least one of mouse click times before clicking the form submission button, mouse sliding times before clicking the form submission button, mouse tracks before clicking the form submission button and keyboard click times before clicking the form submission button;
the user equipment data comprises user fingerprint data on the user equipment before a form submission button is clicked and/or IP data of the user equipment before the form submission button is clicked;
the page data comprises current page HOST data before a form submission button is clicked;
the browser data comprises browser identity identification character string data before a form submission button is clicked.
S103, receiving a click operation on the form submission button, and simultaneously performing man-machine identification processing on the extracted user data to judge whether the click operation is a manual operation or a computer operation;
when the judgment is manual operation, allowing the response to the click operation;
when the judgment is that the computer is operated, refusing to respond to the click operation;
when the manual operation or the computer operation cannot be judged, acquiring a first matching degree between the click operation and the manual operation, and simultaneously generating and displaying a corresponding verification code; or acquiring a second matching degree between the clicking operation and the computer operation, and generating and displaying a corresponding verification code at the same time.
Specifically, whether a manual operation check request rule is met is judged according to the user data, if yes, the click operation is judged to be a manual operation, and the click operation is allowed to be responded;
judging whether a mouse track before the form submission button is clicked is consistent with a historical mouse track or not according to the user data, if so, determining that the clicking operation is computer operation, and refusing to respond to the clicking operation;
the historical mouse track refers to mouse track data generated on a current page before the form submission button is clicked at this time;
and/or judging whether the sum of the mouse click times before the form submitting button is clicked and the keyboard click times before the form submitting button is clicked is less than the sum of the mouse click times and the keyboard click times before the page is not refreshed or not according to the user data, if so, determining that the click operation is computer operation, and refusing to respond to the click operation; and/or the presence of a gas in the gas,
and judging whether the current page HOST data is consistent with the page HOST data jumped to after the form submission button is clicked according to the user data, if not, determining that the clicking operation is computer operation, and refusing to respond to the clicking operation.
If the manual operation or the computer operation cannot be judged, acquiring a first matching degree between the click operation and the manual operation, and simultaneously generating and displaying a corresponding verification code;
the first matching degree is inversely related to the complexity of the verification code. Or the like, or, alternatively,
if the manual operation or the computer operation cannot be judged, acquiring a second matching degree between the click operation and the computer operation, and simultaneously generating and displaying a corresponding verification code;
the second matching degree is positively correlated with the complexity of the verification code.
Wherein the verification code comprises: character type verification code, Chinese character click verification code, nine-square Chinese character pinyin click verification code and the like. The verification codes sequentially comprise from low to high according to complexity sequence: character type verification code, Chinese character click verification code and Sudoku Chinese character pinyin click verification code.
As shown in fig. 6, the Chinese character click verification code is shown; the user carries out clicking operation on the Chinese characters in the display picture in sequence according to the Chinese characters required to be input on the verification code page, if the Chinese characters clicked by the user are consistent with the Chinese characters required to be input, the user operating the WEB page is judged to be a person, and subsequent operation is allowed; otherwise, judging that the computer is operated on the WEB page, and requiring the user to continuously click the Chinese characters until the clicked Chinese characters meet the requirements, and successfully verifying the verification code; or when the times of clicking the wrong verification code exceed the set threshold, refusing the user to continue operating.
As shown in fig. 7, the pinyin click verification code of the nine-square grid Chinese character is shown; the user clicks corresponding Chinese characters or pinyin in the nine-square grid in sequence according to the Chinese character pinyin required to be input on the verification code page, if the Chinese character pinyin clicked by the user is consistent with the Chinese character pinyin required to be input, the user operating the WEB page is judged to be a person, and subsequent operation is allowed; otherwise, the computer which operates the WEB page is judged, the user is required to continuously click the Chinese character pinyin until the clicked Chinese character pinyin meets the requirements, and the verification code is verified successfully; or when the times of clicking the wrong verification code exceed the set threshold, refusing the user to continue operating.
Specifically, when the step S3 includes an operation of obtaining a second matching degree between the click operation and the computer operation, the step of obtaining the second matching degree specifically includes:
judging whether the mouse click times before the form submission button is clicked are larger than a first set threshold value or not according to the user data, and/or judging whether the keyboard click times before the form submission button is clicked are larger than a second set threshold value or not according to the user data, if so, acquiring a first matching value, and simultaneously generating and displaying a corresponding character type verification code; or the like, or, alternatively,
judging whether the mouse click frequency before the form submission button is clicked is greater than a first set threshold and the IP data of the user equipment belongs to data in a historical blacklist or not according to the user data, and/or judging whether the keyboard click frequency before the form submission button is clicked is greater than a second set threshold and the user fingerprint data on the user equipment belongs to data in the historical blacklist or not according to the user data, if so, acquiring a second matching value, and simultaneously generating and displaying a corresponding Chinese character click verification code; or the like, or, alternatively,
judging whether the mouse click frequency before the form submission button is clicked is greater than a first set threshold value and the IP data of the user equipment and the browser identity identification character string data belong to data in a historical blacklist or not according to the user data, and/or judging whether the keyboard click frequency before the form submission button is greater than a second set threshold value and the user fingerprint data of the user equipment and the browser identity identification character string data belong to data in the historical blacklist or not according to the user data, if so, acquiring a third matching value, and simultaneously generating and displaying a corresponding nine-grid Chinese character pinyin click verification code;
wherein the first match value is less than the second match value, which is less than the third match value.
Preferably, the value range of the first matching value is 1-25 minutes; the value range of the second matching value is 26-75 minutes; the value range of the third matching value is 76-100 minutes;
the first set threshold was 30 times/sec and the second set threshold was 20 times/sec.
According to the invention, the form submission button of the WEB page is bound with the user behavior collection event, the user behavior is collected in real time, the user data is extracted, the click operation of the form submission button is received, meanwhile, the man-machine identification processing is carried out on the extracted user data, and the judgment of whether the click operation is a man-made operation or a computer operation is realized, so that the defect that the submission button needs to be input with the verification code for verification in the verification code verification mode in the prior art is overcome, the verification code does not need to be input after the submission button is clicked every time, the problem of forcibly displaying the verification code on the WEB page is solved, the safety operation is ensured, and the user experience is improved.
Example 2
As shown in fig. 8, the system for verifying human-machine identification based on WEB pages of this embodiment includes a binding module 1, a collecting module 2, an extracting module 3, a receiving module 4, a determining module 5, a first processing module 6, and a second processing module 7.
The binding module 1 is used for binding a form submission button in a WEB page with a user behavior collection event;
the collection module 2 is used for collecting the user behaviors in real time through the user behavior collection events and calling the extraction module;
the extraction module 3 is used for extracting user data from the user behaviors;
wherein the user data comprises at least one of user behavior feature data, user equipment data, page data and browser data;
the user behavior characteristic data comprises at least one of mouse click times before clicking the form submission button, mouse sliding times before clicking the form submission button, mouse tracks before clicking the form submission button and keyboard click times before clicking the form submission button;
the user equipment data comprises user fingerprint data on the user equipment before a form submission button is clicked and/or IP data of the user equipment before the form submission button is clicked;
the page data comprises current page HOST data before a form submission button is clicked;
the browser data comprises browser identity identification character string data before a form submission button is clicked.
The receiving module 4 is used for receiving the click operation of the form submission button and calling the judging module;
the judging module 5 is used for performing human-computer identification processing on the extracted user data and judging whether the clicking operation is manual operation or computer operation.
Specifically, the judging module is configured to judge whether a manual operation check request rule is satisfied according to the user data, and if yes, judge that the click operation is a manual operation and allow a response to the click operation.
The judging module 5 is used for judging whether a mouse track before the form submission button is clicked is consistent with a historical mouse track or not according to the user data, if so, the clicking operation is determined to be computer operation, and the response to the clicking operation is refused;
the historical mouse track refers to mouse track data generated on a current page before the form submission button is clicked at this time;
and/or the judging module 5 is further configured to judge whether the sum of the mouse click times before the form submission button is clicked and the keyboard click times before the form submission button is clicked is less than the sum of the mouse click times and the keyboard click times before the page is not refreshed according to the user data, if so, determining that the click operation is a computer operation, and rejecting to respond to the click operation; and/or the presence of a gas in the gas,
the judging module 5 is further configured to judge whether the current page HOST data is consistent with the page HOST data skipped to after the form submission button is clicked according to the user data, and if not, determine that the click operation is a computer operation, and refuse to respond to the click operation.
The first processing module 6 is configured to, when the judging module 5 cannot judge whether the operation is a manual operation or a computer operation, obtain a first matching degree between the click operation and the manual operation, and generate and display a corresponding verification code;
the first matching degree is inversely related to the complexity of the verification code.
The second processing module 7 is configured to, when the judging module cannot judge whether the operation is a manual operation or a computer operation, obtain a second matching degree between the click operation and the manual operation, and generate and display a corresponding verification code at the same time;
the second degree of match is positively correlated with the complexity of the captcha.
The verification code comprises a character type verification code, a Chinese character click verification code, a Sudoku Chinese character pinyin click verification code and the like. The verification codes sequentially comprise from low to high according to complexity sequence: character type verification code, Chinese character click verification code and Sudoku Chinese character pinyin click verification code.
As shown in fig. 6, the Chinese character click verification code is shown; the user carries out clicking operation on the Chinese characters in the display picture in sequence according to the Chinese characters required to be input on the verification code page, if the Chinese characters clicked by the user are consistent with the Chinese characters required to be input, the user operating the WEB page is judged to be a person, and subsequent operation is allowed; otherwise, judging that the computer is operated on the WEB page, and requiring the user to continuously click the Chinese characters until the clicked Chinese characters meet the requirements, and successfully verifying the verification code; or when the times of clicking the wrong verification code exceed the set threshold, refusing the user to continue operating.
As shown in fig. 7, the pinyin click verification code of the nine-square grid Chinese character is shown; the user clicks corresponding Chinese characters or pinyin in the nine-square grid in sequence according to the Chinese character pinyin required to be input on the verification code page, if the Chinese character pinyin clicked by the user is consistent with the Chinese character pinyin required to be input, the user operating the WEB page is judged to be a person, and subsequent operation is allowed; otherwise, the computer which operates the WEB page is judged, the user is required to continuously click the Chinese character pinyin until the clicked Chinese character pinyin meets the requirements, and the verification code is verified successfully; or when the times of clicking the wrong verification code exceed the set threshold, refusing the user to continue operating. Specifically, when the second processing module 7 obtains the second matching degree between the click operation and the computer operation, the step of obtaining the second matching degree specifically includes:
the judging module 5 is configured to judge, according to the user data, whether the number of mouse clicks before the form submission button is clicked is greater than a first set threshold, and/or judge, according to the user data, whether the number of keyboard clicks before the form submission button is clicked is greater than a second set threshold, and if yes, obtain, by the second processing module 7, a first matching value, and generate and display a corresponding character-type verification code at the same time; or the like, or, alternatively,
the judging module 5 is further configured to judge, according to the user data, whether the number of mouse clicks before the form submission button is clicked is greater than a first set threshold and IP data of the user equipment belongs to data in a history blacklist, and/or judge, according to the user data, whether the number of keyboard clicks before the form submission button is greater than a second set threshold and user fingerprint data on the user equipment belongs to data in the history blacklist, if yes, a second matching value is obtained through the second processing module 7, and a corresponding chinese character click verification code is generated and displayed at the same time; or the like, or, alternatively,
the judging module 5 is further configured to judge, according to the user data, whether the number of mouse clicks before the form submission button is clicked is greater than a first set threshold and both the IP data of the user device and the browser identity identification string data belong to data in a history blacklist, and/or judge, according to the user data, whether the number of keyboard clicks before the form submission button is greater than a second set threshold and both the user fingerprint data of the user device and the browser identity identification string data belong to data in the history blacklist, if yes, a third matching value is obtained through the second processing module 7, and a corresponding jiuge chinese character pinyin click verification code is generated and displayed at the same time;
wherein the first match value is less than the second match value, which is less than the third match value.
Preferably, the value range of the first matching value is 1-25 minutes; the value range of the second matching value is 26-75 minutes; the value range of the third matching value is 76-100 minutes;
the first set threshold was 30 times/sec and the second set threshold was 20 times/sec.
The form submission button of the WEB page is bound with the user behavior collection event through the binding module 1, the user behavior is collected in real time through the collection module 2, the user data is extracted through the extraction module 3, the click operation on the form submission button is received through the receiving module 4, meanwhile, the extracted user data is subjected to man-machine identification processing through the judging module 5, and whether the click operation is a man-made operation or a computer operation is judged.
Example 3
A device for man-machine identification verification based on a WEB page comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the computer program to realize the man-machine identification verification method based on the WEB page in embodiment 1.
Example 4
A computer-readable storage medium on which a computer program is stored, the computer program, when executed by a processor, implementing the steps of the WEB page-based human machine identification verification method in embodiment 1.
More specific examples, among others, that the readable storage medium may employ may include, but are not limited to: a portable disk, a hard disk, random access memory, read only memory, erasable programmable read only memory, optical storage device, magnetic storage device, or any suitable combination of the foregoing.
In a possible implementation manner, the present invention can also be implemented in a form of a program product, which includes program code for causing a terminal device to execute steps in implementing the WEB page-based human machine identification verification method in embodiment 1 when the program product runs on the terminal device.
Where program code for carrying out the invention is written in any combination of one or more programming languages, the program code may be executed entirely on the user device, partly on the user device, as a stand-alone software package, partly on the user device and partly on a remote device or entirely on the remote device.
While specific embodiments of the invention have been described above, it will be appreciated by those skilled in the art that these are by way of example only, and that the scope of the invention is defined by the appended claims. Various changes and modifications to these embodiments may be made by those skilled in the art without departing from the spirit and scope of the invention, and these changes and modifications are within the scope of the invention.
Claims (14)
1. A man-machine identification verification method based on WEB pages is characterized by comprising the following steps:
s1, binding a form submission button in a WEB page with a user behavior collection event;
s2, collecting user behaviors in real time through the user behavior collection events, and extracting user data from the user behaviors;
s3, receiving a click operation on the form submission button, and simultaneously performing man-machine identification processing on the extracted user data to judge whether the click operation is a manual operation or a computer operation;
the user data comprises user behavior characteristic data, and the user behavior characteristic data comprises a mouse track before a form submission button is clicked;
the step of determining whether the click operation is a manual operation or a computer operation in step S3 specifically includes:
judging whether a manual operation check request rule is met or not according to the user data, and if yes, judging that the click operation is manual operation;
judging whether the mouse track before the form submission button is clicked is consistent with the historical mouse track or not according to the user data, and if so, determining that the clicking operation is computer operation;
otherwise, determining whether the manual operation or the computer operation cannot be judged;
step S3 further includes:
if the manual operation or the computer operation cannot be judged, acquiring a first matching degree between the click operation and the manual operation, and simultaneously generating and displaying a corresponding verification code;
the first matching degree is inversely related to the complexity of the verification code; or the like, or, alternatively,
step S3 further includes:
if the manual operation or the computer operation cannot be judged, acquiring a second matching degree between the click operation and the computer operation, and simultaneously generating and displaying a corresponding verification code;
the second matching degree is positively correlated with the complexity of the verification code.
2. The WEB page-based human-machine identification verification method of claim 1, wherein step S3 further comprises:
if the judgment is manual operation, allowing the response to the click operation;
and if the judgment is computer operation, refusing to respond to the click operation.
3. The WEB page-based man-machine identification verification method of claim 1, wherein the verification codes sequentially comprise, from low to high in complexity ranking: character type verification code, Chinese character click verification code and Sudoku Chinese character pinyin click verification code.
4. A WEB page-based human-machine identification validation method according to claim 1, wherein the user data further comprises at least one of user device data, page data and browser data;
the user behavior feature data further comprises at least one of the number of mouse clicks before the form submission button is clicked, the number of mouse slides before the form submission button is clicked, and the number of keyboard clicks before the form submission button is clicked;
the user equipment data comprises user fingerprint data on the user equipment before a form submission button is clicked and/or IP data of the user equipment before the form submission button is clicked;
the page data comprises current page HOST data before a form submission button is clicked;
the browser data comprises browser identity identification character string data before a form submission button is clicked.
5. The WEB page-based human-machine identification verification method of claim 4, wherein the step of determining whether the click operation is a human operation or a computer operation in step S3 further comprises:
judging whether the sum of the mouse click times before the form submitting button is clicked and the keyboard click times before the form submitting button is clicked is less than the sum of the mouse click times and the keyboard click times before the page is not refreshed or not according to the user data, and if so, determining that the click operation is computer operation; and/or the presence of a gas in the gas,
and judging whether the current page HOST data is consistent with the page HOST data jumped to after the form submission button is clicked according to the user data, and if not, determining that the clicking operation is computer operation.
6. The WEB page-based human-machine identification verification method according to claim 4, wherein when the step S3 includes an operation of obtaining a second matching degree between the click operation and the computer operation, the step of obtaining the second matching degree specifically includes:
judging whether the mouse click frequency before the form submission button is clicked is larger than a first set threshold value or not according to the user data, and/or,
judging whether the number of times of keyboard clicks before the form submission button is clicked is larger than a second set threshold value or not according to the user data, and if so, acquiring a first matching value; or the like, or, alternatively,
judging whether the mouse click frequency before the form submission button is clicked is larger than a first set threshold value or not and the IP data of the user equipment belongs to the data in the history blacklist according to the user data, and/or,
judging whether the number of times of keyboard clicks before the form submission button is clicked is larger than a second set threshold value or not and whether user fingerprint data on the user equipment belong to data in a historical blacklist or not according to the user data, and if so, acquiring a second matching value; or the like, or, alternatively,
judging whether the mouse click frequency before the form submission button is clicked is larger than a first set threshold value or not according to the user data, and the IP data of the user equipment and the browser identity identification character string data belong to data in a history blacklist, and/or,
judging whether the number of times of keyboard clicks before the form submission button is clicked is larger than a second set threshold value or not according to the user data, and the user fingerprint data of the user equipment and the browser identity identification character string data both belong to data in a historical blacklist, if so, acquiring a third matching value;
wherein the first match value is less than the second match value, which is less than the third match value.
7. A man-machine identification verification system based on WEB pages is characterized by comprising a binding module, a collecting module, an extracting module, a receiving module and a judging module;
the binding module is used for binding a form submission button in a WEB page with a user behavior collection event;
the collection module is used for collecting the user behaviors in real time through the user behavior collection events and calling the extraction module;
the extraction module is used for extracting user data from the user behaviors;
the receiving module is used for receiving the click operation of the form submission button and calling the judging module;
the judgment module is used for performing man-machine identification processing on the extracted user data and judging whether the click operation is manual operation or computer operation;
the user data comprises user behavior characteristic data, and the user behavior characteristic data comprises a mouse track before a form submission button is clicked;
the judging module is used for judging whether a manual operation checking request rule is met or not according to the user data, and if yes, judging that the clicking operation is manual operation;
the judging module is used for judging whether a mouse track before the form submission button is clicked is consistent with a historical mouse track or not according to the user data, and if so, the clicking operation is determined to be computer operation;
otherwise, determining whether the manual operation or the computer operation cannot be judged;
the man-machine identification verification system comprises a first processing module, a first verification module and a second processing module, wherein the first processing module is used for acquiring a first matching degree between the click operation and the manual operation when the judgment module cannot judge whether the operation is the manual operation or the computer operation, and generating and displaying a corresponding verification code at the same time;
the first matching degree is inversely related to the complexity of the verification code; or the like, or, alternatively,
the man-machine identification verification system comprises a second processing module, a first processing module and a second processing module, wherein the second processing module is used for acquiring a first matching degree between the click operation and the manual operation when the judgment module cannot judge whether the click operation is the manual operation or the computer operation, and generating and displaying a corresponding verification code;
the second degree of match is positively correlated with the complexity of the captcha.
8. The WEB page-based human-computer identification verification system of claim 7, wherein the judgment module is further configured to allow response to the click operation if the judgment is a human operation;
and if the judgment is computer operation, refusing to respond to the click operation.
9. The WEB page-based human-computer identification verification system of claim 7, wherein the verification codes sequentially comprise, from low to high in complexity ranking: character type verification code, Chinese character click verification code and Sudoku Chinese character pinyin click verification code.
10. The WEB page-based human-computer identification verification system of claim 7 wherein the user data further comprises at least one of user device data, page data, and browser data;
the user behavior feature data further comprises at least one of the number of mouse clicks before the form submission button is clicked, the number of mouse slides before the form submission button is clicked, and the number of keyboard clicks before the form submission button is clicked;
the user equipment data comprises user fingerprint data on the user equipment before a form submission button is clicked and/or IP data of the user equipment before the form submission button is clicked;
the page data comprises current page HOST data before a form submission button is clicked;
the browser data comprises browser identity identification character string data before a form submission button is clicked.
11. The WEB page-based human-computer identification verification system of claim 10,
the judging module is also used for judging whether the sum of the mouse click times before the form submitting button is clicked and the keyboard click times before the form submitting button is clicked is less than the sum of the mouse click times and the keyboard click times before the page is not refreshed or not according to the user data, and if so, the click operation is determined to be computer operation; and/or the presence of a gas in the gas,
the judging module is also used for judging whether the current page HOST data is consistent with the page HOST data jumped to after the form submitting button is clicked according to the user data, and if not, determining that the clicking operation is computer operation.
12. The WEB page-based human-computer identification verification system of claim 10, wherein the judgment module is configured to judge whether the number of mouse clicks before the form submission button is clicked is greater than a first set threshold according to the user data, and/or,
judging whether the number of times of keyboard clicks before the form submission button is clicked is larger than a second set threshold value or not according to the user data, and if so, calling the second processing module to obtain a first matching value; or the like, or, alternatively,
the judging module is also used for judging whether the mouse click frequency before the form submitting button is clicked is larger than a first set threshold value and the IP data of the user equipment belongs to the data in the history blacklist according to the user data, and/or,
judging whether the number of times of keyboard clicks before the form submission button is clicked is larger than a second set threshold value or not and whether user fingerprint data on the user equipment belong to data in a historical blacklist or not according to the user data, and if so, calling to obtain a second matching value; or the like, or, alternatively,
the judging module is also used for judging whether the mouse click frequency before the form submitting button is clicked is larger than a first set threshold value or not according to the user data, and the IP data of the user equipment and the browser identity identification character string data belong to data in a historical blacklist, and/or,
judging whether the number of times of keyboard clicks before the form submission button is clicked is larger than a second set threshold value or not according to the user data, and the user fingerprint data of the user equipment and the browser identity identification character string data both belong to data in a historical blacklist, if so, calling the second processing module to obtain a third matching value;
wherein the first match value is less than the second match value, which is less than the third match value.
13. An apparatus for human-computer identification verification based on WEB pages, comprising a memory, a processor and a computer program stored on the memory and operable on the processor, wherein the processor implements the human-computer identification verification method based on WEB pages according to any one of claims 1 to 6 when executing the computer program.
14. A computer-readable storage medium, on which a computer program is stored, wherein the computer program, when being executed by a processor, implements the steps of the WEB page-based human-machine identification validation method according to any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711308348.7A CN109902459B (en) | 2017-12-11 | 2017-12-11 | Man-machine identification verification method, system, equipment and storage medium for WEB page |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711308348.7A CN109902459B (en) | 2017-12-11 | 2017-12-11 | Man-machine identification verification method, system, equipment and storage medium for WEB page |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109902459A CN109902459A (en) | 2019-06-18 |
| CN109902459B true CN109902459B (en) | 2021-04-30 |
Family
ID=66942185
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711308348.7A Active CN109902459B (en) | 2017-12-11 | 2017-12-11 | Man-machine identification verification method, system, equipment and storage medium for WEB page |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109902459B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110276183B (en) * | 2019-06-19 | 2020-11-03 | 同盾控股有限公司 | Reverse Turing verification method and device, storage medium and electronic equipment |
| CN111193714B (en) * | 2019-12-06 | 2022-10-04 | 武汉极意网络科技有限公司 | Automatic tracking method and system for verification code printing platform |
| CN111062027A (en) * | 2019-12-25 | 2020-04-24 | 北京安天网络安全技术有限公司 | Method and device for preventing bad HID equipment from invading, electronic equipment and storage medium |
| CN111787009A (en) * | 2020-06-30 | 2020-10-16 | 北京明略昭辉科技有限公司 | Abnormal flow judgment method and device |
| CN113434838A (en) * | 2021-06-25 | 2021-09-24 | 江苏三六五网络股份有限公司 | Human-computer verification detection method based on JS interaction behavior |
| CN115544417A (en) * | 2022-10-10 | 2022-12-30 | 中电金信软件有限公司 | Webpage form verification method and device, electronic equipment and storage medium |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9275215B2 (en) * | 2008-04-01 | 2016-03-01 | Nudata Security Inc. | Systems and methods for implementing and tracking identification tests |
| CN105989268A (en) * | 2015-03-02 | 2016-10-05 | 苏宁云商集团股份有限公司 | Safety access method and system for human-computer identification |
| CN106487747B (en) * | 2015-08-26 | 2019-10-08 | 阿里巴巴集团控股有限公司 | User identification method, system, device and processing method, device |
| CN106817342A (en) * | 2015-11-30 | 2017-06-09 | 北京计算机技术及应用研究所 | Active identity authorization system based on user behavior feature recognition |
| CN107135212A (en) * | 2017-04-25 | 2017-09-05 | 武汉大学 | Man-machine identifying device and method under a kind of Web environment of Behavior-based control difference |
| CN107153786A (en) * | 2017-05-26 | 2017-09-12 | 北京奇点数聚科技有限公司 | A kind of man-machine recognition methods, system and terminal device, readable storage medium storing program for executing |
-
2017
- 2017-12-11 CN CN201711308348.7A patent/CN109902459B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109902459A (en) | 2019-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109902459B (en) | Man-machine identification verification method, system, equipment and storage medium for WEB page | |
| CN108229130B (en) | Verification method and device | |
| Bursztein et al. | Easy does it: More usable CAPTCHAs | |
| US20160057157A1 (en) | Verification method, apparatus, server and system | |
| Cha et al. | Boosting the guessing attack performance on android lock patterns with smudge attacks | |
| CN107682368B (en) | Verification method, client, server and system based on interactive operation | |
| CN108881126B (en) | Method, device and system for verifying verification code, storage medium and computer terminal | |
| CN106549980B (en) | Malicious C & C server determination method and device | |
| CN109547426B (en) | Service response method and server | |
| CN105718783B (en) | Verification code interaction method and device, client and server | |
| CN106648125A (en) | Fingerprint keyboard, verification system and method based on fingerprint keyboard | |
| CN105159475B (en) | A kind of characters input method and device | |
| CN112187702A (en) | Method and device for verifying client | |
| CN109299592B (en) | Man-machine behavior characteristic boundary construction method, system, server and storage medium | |
| Dinh et al. | Recent advances of Captcha security analysis: a short literature review | |
| KR101363668B1 (en) | Apparatus and method for authentication user using captcha | |
| CN107808082B (en) | Electronic device, data access verification method, and computer-readable storage medium | |
| Sadovnik et al. | A visual dictionary attack on Picture Passwords | |
| CN110795706B (en) | Hash-based verification method, equipment, storage medium and device | |
| JP2012088803A (en) | Malignant web code determination system, malignant web code determination method, and program for malignant web code determination | |
| CN111949952B (en) | Method for processing verification code request and computer-readable storage medium | |
| CN111953647A (en) | Security verification method and device, electronic equipment and storage medium | |
| CN112131551A (en) | Verification code verification method and device, computer equipment and readable storage medium | |
| CN115879083A (en) | Intelligent verification code method | |
| Thao et al. | Influences of human demographics, brand familiarity and security backgrounds on homograph recognition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |