CN110246207A - Graphical verification code generation method based on multi-layer image - Google Patents
Graphical verification code generation method based on multi-layer image Download PDFInfo
- Publication number
- CN110246207A CN110246207A CN201910513906.6A CN201910513906A CN110246207A CN 110246207 A CN110246207 A CN 110246207A CN 201910513906 A CN201910513906 A CN 201910513906A CN 110246207 A CN110246207 A CN 110246207A
- Authority
- CN
- China
- Prior art keywords
- layer
- character
- random
- verification code
- graphical verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06T—IMAGE DATA PROCESSING OR GENERATION, IN GENERAL
- G06T11/00—2D [Two Dimensional] image generation
- G06T11/40—Filling a planar surface by adding surface attributes, e.g. colour or texture
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06T—IMAGE DATA PROCESSING OR GENERATION, IN GENERAL
- G06T11/00—2D [Two Dimensional] image generation
- G06T11/60—Editing figures and text; Combining figures or text
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
Abstract
The invention discloses the graphical verification code generation methods based on multi-layer image, it is studied for loophole typical in B/S framework WEB application system, popular attack technology, the hiding resource acquisition of AJAX, identifying code picture recognition etc., a kind of new identifying code towards WEB verifying is proposed, identification identifying code can be more effectively prevented;Make random verification code character string and random disturbances character string Layering manifestation, to greatly enhance the safety and validity of graphical verification code, can effectively improve the safety of website, and reduce rear end and carry out additional verification operation.
Description
Technical field
The present invention relates to technical field of network security, more particularly to the graphical verification code generation method based on multi-layer image.
Background technique
It is computer or the public full-automatic application program of people that identifying code (CAPTCHA), which is a kind of differentiation user,.It is earliest
LuisvonAhn, ManuelBlum, NicholasJ.Hopper and IBM's by Carnegie Mellon University in 2002
What JohnLangford was proposed, main function be prevented using man-machine automatic area's method for distinguishing rogue program register automatically or
It logs in, maliciously pour water, with network security attacks such as specific program Brute Force account and passwords.Due to verification code technology is simple,
Easily realization, transmission data are smaller, therefore extensive by major network system especially forum's property and the website for needing user to log in
It uses, forum user malice from pouring water, the malicious acts such as automated log on occur to prevent, as before domestic ranking in 100 forums
Forum more than 80% in registration, the functional modules such as log in or post and be all made of graphical verification code technology.
When rogue program or real user log in the web station system with image authentication code, application server would generally be provided
There is one width the picture of identifying code character string to identify verification code information therein for user, and these verifying code characters are stored in
In Session.Real user inputs identifying code character string in verification code information input frame and is submitted to by Web application system
Application server, then application server can verify the identifying code saved in the identifying code and Session that user submits automatically is
It is no identical.If they are the same, application server will respond the request of user, otherwise can prompt identifying code input error and provide new
Graphical verification code inputs verification code information for user again.
However, rogue program generally utilizes image processing techniques to extract verification code information or character string in graphical verification code
The method of traversal generates random string as verification code information, then forges list and the identifying code of identification submits to clothes together
Business device, attack process are as shown in Figure 1.Graphical verification code in web station system is usually the colour that a width is presented with graphic form
Image, after rogue program grabbing graphics identifying code image, then progress image gray-scale transformation first carries out at binaryzation it
Reason removes noise to remove interference character information, finally by image Segmentation Technology, and each Character segmentation is come, identification verifying
Code in verification code information and submit web station system.However, current most of graphical verification codes are generated just with random function
The verifying character of fixed number, then some viscous glutinous curves are distorted or added to character, although these graphical verification codes can
Easily distinguished by real user, but be also simultaneously rogue program automatic identification verification code information, attack web station system provide
Chance.
Summary of the invention
In view of the above-mentioned problems, the invention proposes the graphical verification code generation method based on multi-layer image, for B/S framework
Typical loophole, popular attack technology, the hiding resource acquisition of AJAX, identifying code picture recognition etc. carry out in WEB application system
Research proposes a kind of new identifying code towards WEB verifying, can more effectively prevent identification identifying code;Make accidental validation
Code character string and random disturbances character string Layering manifestation, to greatly enhance the safety and validity of graphical verification code.
Of the invention is made of based on the graphical verification code of multi-layer image prospect figure layer and interference figure layer, wherein foreground layer is used
In the verifying character string of the random-length and random site generated to user's presentation system, and figure layer is interfered to test for obscuring figure
The verifying character string in code is demonstrate,proved, the information presented is random-length, random font, the random character face that system generates at random
The character string of color, random character size, and the character string of foreground layer and background layer is taken from the same candidate array, so more
Increase the similarity of foreground layer and background layer.To show the interference information in Background From Layer, need to prospect figure layer
Certain transparency is set, generally sets 50% or so for its transparency, so that rogue program is difficult to automatic identification figure and tests
Demonstrate,prove the verifying character string information in code.
Identifying code character string in prospect figure layer generates the random verifying character string of a character number by random function,
And the position of each character therein is random.For using the character string traversal side being made of 0~9 number and 26 letters
For formula cracks the rogue program of graphical verification code by force, compared with the graphical verification code of fixed identifying code character number, it is based on
The graphical verification code of multi-layer image effectively reduces its probability successfully cracked, improves the safety of graphical verification code.Meanwhile by
The font of character is random in verifying character string, gradient is random, position is random, when the method extraction figure using image recognition
When verifying character string in identifying code, not only need correctly to identify each character, but also the character of identification is correctly ordered,
Correct verification code information can be obtained, to effectively prevent the attack of certain rogue programs.Simultaneously as this method generation is tested
There is no adhesion between card code character string, therefore be easy to be identified by real user, improves the ease for use of graphical verification code.By
It is located at the upper surface of interference figure layer in prospect figure layer, to enable the interference information for interfering figure layer correctly to show, needs according to reality
The transparency of demand setting prospect figure layer.In order to increase graphical verification code by the difficulty of rogue program automatic identification, prospect figure layer
Transparency equally use the random method in region to realize, can thus make the saturating of different zones in graphical verification code prospect figure layer
Lightness is different, interferes the color depth of figure layer also can be consequently also different in the graphical verification code based on multi-layer image.
Interfere the interference information in figure layer equally by the position of a random-length is random, color is random, font is random, inclines
The random character string composition of gradient, and it is taken from same candidate characters array, increase interference character string and verifying character string
Similitude, make it be less susceptible to be distinguished by rogue program, reduce a possibility that network application system is by successful attack.Together
When, due to the transparency of prospect figure layer different zones be it is random, interfere figure layer in interference character string in graphical verification code
The color depth of display also can be different, do with conducts such as conventionally employed spot noise image, grid image, Random line texture images
The image authentication code for disturbing information is compared, which can not only reach the same function for identifying real user and rogue program
Can, and it is more advantageous to real user difference identifying code character string and interference character string, and quickly identify correct identifying code letter
Breath.
The present invention through the following technical solutions to achieve the above objectives:
Graphical verification code generation method based on multi-layer image, comprising:
The generation of identifying code picture:
The bitmap myPlate in a memory, wide and high respectively weight and high are created using Bitmap;Its
In, the value of weight is character width multiplied by number of characters, and the value of high is determined by the height of font;
The Graphics object gh of a storage graphical verification code is created using Graphics class, and by it and myPlate
Association, all figures of such gh are stored in memory bitmap bmp;
A rectangle frame is drawn with gh, so as to the verifying character string in graphical verification code and character string is interfered to be shown in the square
Within the scope of shape frame region;
Interfere the generation of figure layer:
The value of character number num, num of interference figure layer are generated by an arbitrary object rback-num by identifying code figure
The size of piece and the size of each of which character determine;
With loop structure, be arranged in each character generated at random in candidate characters array source random site,
Random color and random gradient, and a mark value sign is set, to mark, whether position is overlapped in num character;
These interference character strings of generation are saved as into a figure layer object, the process generated is as follows:
A. random number is generated;
B. background character number is controlled;
C. make character position random;
D. make background layer character color random, font size and model are random;
The generation of prospect figure layer:
The process that it is generated is as follows:
A. character matrix is created, and there is linear character;
B. painting canvas is created, canvas size is set;
C. drawing creation prospect figure layer is carried out using Graphics class;
Figure layer synthesis:
After generating interference figure layer and prospect figure layer respectively, realize have centainly using texture paintbrush class TextBrush
The Background From Layer of transparency and the synthesis of interference figure layer, to generate complete graphical verification code picture, process is as follows:
A. texture paintbrush is created;
B. texture paintbrush blank map shape is used.
The beneficial effects of the present invention are:
Method of the invention for loophole typical in B/S framework WEB application system, popular attack technology, AJAX it is hidden
Hiding resource acquisition, identifying code picture recognition etc. are studied, and a kind of new identifying code towards WEB verifying is proposed, can be compared with
Effectively prevent identification identifying code;Make random verification code character string and random disturbances character string Layering manifestation, to greatly enhance
The safety and validity of graphical verification code can effectively improve the safety of website, and reduce rear end and carry out additionally
Verification operation.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
In required practical attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only the one of the present embodiment
A little embodiments for those of ordinary skill in the art without creative efforts, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is the flow chart that rogue program logs in;
Fig. 2 is the schematic diagram for interfering figure layer;
Fig. 3 is the schematic diagram of prospect figure layer;
Fig. 4 is synthesis figure layer schematic diagram.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, technical solution of the present invention will be carried out below
Detailed description.Obviously, the described embodiment is only a part of the embodiment of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art without making creative work it is obtained it is all its
Its embodiment belongs to the range that the present invention is protected.
The application programming interface GDI+ that ASP.NET is provided, the API that application developer can use GDI+ offer connect
Mouthful show information on computer screen or printer, without the concern for specific display equipment, thus realize application program with
Equipment is mutually indepedent.The present invention realizes the above-mentioned graphical verification code based on multi-layer image using the GDI+ in ASP.NET and generates calculation
Method.
In any embodiment, as in Figure 2-4, the graphical verification code generation method of the invention based on multi-layer image, packet
It includes:
The generation of identifying code picture:
Graphics class and Bitmap class in GDI+ provide the method for realizing graphical verification code picture, utilize Bitmap
Create the bitmap myPlate in a memory, wide and high respectively weight and high;Wherein, the value of weight is character
Width is determined multiplied by number of characters, the value of high by the height of font;
The Graphics object gh of a storage graphical verification code is created using Graphics class, and by it and myPlate
Association, all figures of such gh are stored in memory bitmap bmp;
A rectangle frame is drawn with gh, so as to the verifying character string in graphical verification code and character string is interfered to be shown in the square
Within the scope of shape frame region;
Interfere the generation of figure layer:
Number, position, gradient and the color of character are the random function Random provided using .NET-Framework
() controls.Interference character is taken from candidate characters array source, this source array is by letter and number group
At.
The value of character number num, num of interference figure layer are generated by an arbitrary object rback-num by identifying code figure
The size of piece and the size of each of which character determine;
With loop structure, be arranged in each character generated at random in candidate characters array source random site,
Random color and random gradient, and a mark value sign is set, to mark, whether position is overlapped in num character;
These interference character strings of generation are saved as into a figure layer object, the process generated is as follows:
A. random number is generated;
B. background character number is controlled;
C. make character position random;
D. make background layer character color random, font size and model are random;
The interference figure layer ultimately produced as shown in Figure 2, by the character string structure of random sequence, random size and random gradient
At interference figure layer increase the difficulty of rogue program automatic identification graphical verification code.Simultaneously as prospect figure layer has centainly
Transparency so that interference figure layer interference character string color it is shallower, real user can easily distinguish interference character string
With verifying character string.
The generation of prospect figure layer:
Graphical verification code character string in prospect figure layer is again taken from candidate characters array source, and length is by random
Function Random () Lai Shengcheng.It inputs for the convenience of the user, the value range of Random () is 1~3.In this way, just producing one
The random verification code character string of a random-length: code=si | si ∈ source }.For increase rogue program identification difficulty,
Need to be arranged the transparency of prospect figure layer.The transparency of prospect figure layer has by redrawing and could be adjusted to realize to color
The process that the prospect figure layer of linear transformation transparency generates is as follows:
A. character matrix is created, and there is linear character;
B. painting canvas is created, canvas size is set;
C. drawing creation prospect figure layer is carried out using Graphics class;
As shown in Figure 3, the information that prospect figure layer is shown is the authenticator for needing user to input to the prospect figure layer ultimately produced
Symbol string.The verifying character string of random number improves graphic verification compared with the character verifying character string of fixed number in tradition
The safety of code.User, which only needs to input several simple characters, simultaneously can submit verification code information.
Figure layer synthesis:
After generating interference figure layer and prospect figure layer respectively, realize have centainly using texture paintbrush class TextBrush
The Background From Layer of transparency and the synthesis of interference figure layer, to generate complete graphical verification code picture, process is as follows:
A. texture paintbrush is created;
B. texture paintbrush blank map shape is used.
Final synthesis figure layer is as shown in figure 4, wherein, the verifying character string that display needs user to input in prospect figure layer, than
Relatively fuzzy random string is interference information.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Specific technical features described in the above specific embodiments, in not lance
In the case where shield, can be combined in any appropriate way, in order to avoid unnecessary repetition, the present invention to it is various can
No further explanation will be given for the combination of energy.Various embodiments of the present invention can be combined randomly, only
Want it without prejudice to thought of the invention, it should also be regarded as the disclosure of the present invention.
Claims (2)
1. the graphical verification code generation method based on multi-layer image characterized by comprising
The generation of identifying code picture:
The bitmap myPlate in a memory, wide and high respectively weight and high are created using Bitmap;Wherein,
The value of weight is character width multiplied by number of characters, and the value of high is determined by the height of font;
The Graphics object gh of a storage graphical verification code is created using Graphics class, and it is associated with myPlate,
All figures of gh in this way are stored in memory bitmap bmp;
A rectangle frame is drawn with gh, so as to the verifying character string in graphical verification code and character string is interfered to be shown in the rectangle frame
Within the scope of region;
Interfere the generation of figure layer:
The value of character number num, num of interference figure layer are generated by an arbitrary object rback-num by identifying code picture
Size and the size of each of which character determine;
With loop structure, the random site, random of each character generated at random in candidate characters array source is set
Color and random gradient, and a mark value sign is set, to mark, whether position is overlapped in num character;
These interference character strings of generation are saved as into a figure layer object, the process generated is as follows:
A. random number is generated;
B. background character number is controlled;
C. make character position random;
D. make background layer character color random, font size and model are random;
The generation of prospect figure layer:
The process that it is generated is as follows:
A. character matrix is created, and there is linear character;
B. painting canvas is created, canvas size is set;
C. drawing creation prospect figure layer is carried out using Graphics class;
Figure layer synthesis:
After generating interference figure layer and prospect figure layer respectively, realized using texture paintbrush class TextBrush with certain transparent
The Background From Layer of degree and the synthesis of interference figure layer, to generate complete graphical verification code picture, process is as follows:
A. texture paintbrush is created;
B. texture paintbrush blank map shape is used.
2. as described in claim 1 based on the graphical verification code generation method of multi-layer image, which is characterized in that the prospect figure layer is saturating
Lightness is set as 50%.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910513906.6A CN110246207A (en) | 2019-06-13 | 2019-06-13 | Graphical verification code generation method based on multi-layer image |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910513906.6A CN110246207A (en) | 2019-06-13 | 2019-06-13 | Graphical verification code generation method based on multi-layer image |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110246207A true CN110246207A (en) | 2019-09-17 |
Family
ID=67887077
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910513906.6A Pending CN110246207A (en) | 2019-06-13 | 2019-06-13 | Graphical verification code generation method based on multi-layer image |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110246207A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111460422A (en) * | 2020-02-11 | 2020-07-28 | 北京京东尚科信息技术有限公司 | Method and device for generating verification code |
| CN111695105A (en) * | 2020-05-29 | 2020-09-22 | 北京字节跳动网络技术有限公司 | Verification method and device and electronic equipment |
| CN112839026A (en) * | 2020-11-30 | 2021-05-25 | 中冶华天南京工程技术有限公司 | Behavior verification code generation and verification method based on random grid and random watermark outline |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101976430A (en) * | 2010-10-29 | 2011-02-16 | 赵俊平 | Method for generating picture verification codes and system thereof |
| CN104156862A (en) * | 2014-08-07 | 2014-11-19 | 四川途谷信息技术有限公司 | Wechat-platform-based two-dimensional code anti-fake and anti-channel conflict inquiry system and method |
| CN104200150A (en) * | 2014-09-01 | 2014-12-10 | 湖北盛天网络技术股份有限公司 | Method and device for processing verification codes |
| CN105701391A (en) * | 2014-11-27 | 2016-06-22 | 阿里巴巴集团控股有限公司 | Dynamic verification code picture generation method and apparatus |
| US20180075253A1 (en) * | 2016-09-15 | 2018-03-15 | Nuts Holdings, Llc | Structured data folding with transmutations |
| CN108959899A (en) * | 2018-07-03 | 2018-12-07 | 四川长虹电器股份有限公司 | A method of picture validation code generation is realized based on React and is refreshed |
| CN109858542A (en) * | 2019-01-25 | 2019-06-07 | 广州云测信息技术有限公司 | A kind of character identifying method and device |
-
2019
- 2019-06-13 CN CN201910513906.6A patent/CN110246207A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101976430A (en) * | 2010-10-29 | 2011-02-16 | 赵俊平 | Method for generating picture verification codes and system thereof |
| CN104156862A (en) * | 2014-08-07 | 2014-11-19 | 四川途谷信息技术有限公司 | Wechat-platform-based two-dimensional code anti-fake and anti-channel conflict inquiry system and method |
| CN104200150A (en) * | 2014-09-01 | 2014-12-10 | 湖北盛天网络技术股份有限公司 | Method and device for processing verification codes |
| CN105701391A (en) * | 2014-11-27 | 2016-06-22 | 阿里巴巴集团控股有限公司 | Dynamic verification code picture generation method and apparatus |
| US20180075253A1 (en) * | 2016-09-15 | 2018-03-15 | Nuts Holdings, Llc | Structured data folding with transmutations |
| CN108959899A (en) * | 2018-07-03 | 2018-12-07 | 四川长虹电器股份有限公司 | A method of picture validation code generation is realized based on React and is refreshed |
| CN109858542A (en) * | 2019-01-25 | 2019-06-07 | 广州云测信息技术有限公司 | A kind of character identifying method and device |
Non-Patent Citations (2)
| Title |
|---|
| LIU LIZHAO等: "Design and Implementation of Verification Code Identification Based on Anisotropic Heat Kernel", 《CHINA COMMUNICATIONS》 * |
| 胡征兵: "基于多图层的图形验证码生成技术研究", 《计算机与现代化》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111460422A (en) * | 2020-02-11 | 2020-07-28 | 北京京东尚科信息技术有限公司 | Method and device for generating verification code |
| CN111460422B (en) * | 2020-02-11 | 2021-10-01 | 北京京东尚科信息技术有限公司 | Method and device for generating verification code |
| CN111695105A (en) * | 2020-05-29 | 2020-09-22 | 北京字节跳动网络技术有限公司 | Verification method and device and electronic equipment |
| CN112839026A (en) * | 2020-11-30 | 2021-05-25 | 中冶华天南京工程技术有限公司 | Behavior verification code generation and verification method based on random grid and random watermark outline |
| CN112839026B (en) * | 2020-11-30 | 2022-07-26 | 中冶华天南京工程技术有限公司 | Behavior verification code generation and verification method based on random grid and random watermark outline |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10218506B1 (en) | Cross-device authentication | |
| US7624277B1 (en) | Content alteration for prevention of unauthorized scripts | |
| US9450969B2 (en) | System and method for key challenge validation | |
| CN102724191B (en) | Safe protecting method and device for Web verification code with combined picture and characters | |
| CN110246207A (en) | Graphical verification code generation method based on multi-layer image | |
| CN104200150B (en) | Method and device for processing verification codes | |
| US20110292031A1 (en) | Manipulable human interactive proofs | |
| CN101739720B (en) | Method and device for generating three-dimensional dynamic verification code | |
| CN103873432A (en) | Verification code implementation method and system thereof and verification code server end | |
| US20120005735A1 (en) | System for Three Level Authentication of a User | |
| CN109523611A (en) | Identifying code Picture Generation Method and device | |
| CN103455965A (en) | Verification image based verification method, device and server | |
| WO2017193165A1 (en) | Authenticating a user | |
| CN103514393A (en) | Method for achieving three-dimensional verification code | |
| JP5852235B2 (en) | Access authentication method | |
| Das et al. | Multi‐script versus single‐script scenarios in automatic off‐line signature verification | |
| CN103413078A (en) | Double-layer online identification system and identification method based on user's mark and handwriting | |
| CN111143812B (en) | Login authentication method based on graphics | |
| US9886564B2 (en) | Server system, communication system, communication terminal device, program, recording medium, and communication method | |
| CN109495275A (en) | Generate the setting method of random verification code | |
| CN111523105A (en) | Interactive picture verification method based on semantic understanding | |
| CN113190310B (en) | Verification code design method based on random position object semantic recognition | |
| US20120023549A1 (en) | CAPTCHA AND reCAPTCHA WITH SINOGRAPHS | |
| Gao et al. | Usability and security of the recall-based graphical password schemes | |
| JP6168645B2 (en) | Reverse Turing test method and access authentication method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190917 |