CN112528264A - Behavior verification code generation and verification method for random position of random contour - Google Patents
Behavior verification code generation and verification method for random position of random contour Download PDFInfo
- Publication number
- CN112528264A CN112528264A CN202011380817.8A CN202011380817A CN112528264A CN 112528264 A CN112528264 A CN 112528264A CN 202011380817 A CN202011380817 A CN 202011380817A CN 112528264 A CN112528264 A CN 112528264A
- Authority
- CN
- China
- Prior art keywords
- verification code
- random
- code server
- dragging
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 94
- 238000000034 method Methods 0.000 title claims abstract description 26
- 230000005484 gravity Effects 0.000 claims description 6
- 230000002194 synthesizing effect Effects 0.000 claims description 2
- 230000003542 behavioural effect Effects 0.000 claims 1
- 230000006399 behavior Effects 0.000 description 14
- 238000005516 engineering process Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 241000287828 Gallus gallus Species 0.000 description 1
- 241001465754 Metazoa Species 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
- 210000002268 wool Anatomy 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Editing Of Facsimile Originals (AREA)
- Image Processing (AREA)
Abstract
The invention discloses a method for generating and verifying a behavior verification code at a random position of a random contour. The method comprises the following steps: firstly, a verification code server receives a verification code application which is provided by a verification code plug-in of a client to the verification code server; step two, the verification code server side randomly selects K different patterns from a preset pattern library; embedding K watermarks with the K patterns in the step two as outlines on the background image by the verification code server side; step four, the verification code server sends the verification code picture and the foreground picture to the client; fifthly, the verification code server receives the dragging track collected by the client; and seventhly, analyzing and judging the dragging behavior of the mouse or the finger of the user by the verification code server side, and feeding back the judgment result to the client side. The method effectively solves the problem that the current verification code is easy to be cracked by a machine program.
Description
The technical field is as follows:
the invention relates to a behavior verification code generation and verification method, which is applied to the field of software development and the field of internet security.
Background art:
the verification code is a public full-automatic program for distinguishing whether a user is a human or a machine, can resist malicious password cracking and library collision of the machine through running a script program to simulate human behaviors, prevents harmful operations such as ticket swiping, wool pulling, malicious ordering, batch registration, malicious attack and the like, and protects information security and property security of websites and various users. The traditional identifying code comprises various forms such as pure letters, pure numbers, letter-number combination, arithmetic calculation and the like, and is easily identified automatically by a machine program. Then, the picture point-contact verification code appears, and verification is completed by manually recognizing the picture semantics and then clicking once or several times according to rules. However, with the development of machine vision technology, a simple picture point-touch verification code can still be quickly recognized by a machine program, if the number of picture point-touches is increased at a glance or the semantic recognition difficulty is increased, although the possibility of being recognized by the machine program can be reduced, the user is also troubled and unfriendly to use.
The behavior verification code is a verification code scheme depending on user behaviors, usually adopts dragging, connecting or other modes to replace keyboard input and mouse clicking, increases the difficulty of machine program simulation operation, and has the advantages of simple user operation and suitability for mobile phone screens. CN110308846A discloses a puzzle type verification code that can be freely translated and dragged on a two-dimensional plane, but the watermark position still has the possibility of being judged by the image recognition technology, and only the server side judges whether the user input coordinate is close to the original coordinate enough during verification, and the behavior characteristics of the user are not effectively utilized, and the security is still insufficient.
The invention content is as follows:
aiming at the potential safety hazard existing in the existing verification code technology, the invention provides a method for generating and verifying a behavior verification code at a random position of a random contour.
In order to achieve the above object, the present invention provides a method for generating and verifying a random position behavior verification code of a random contour, comprising the steps of:
firstly, a verification code server receives a verification code application which is provided by a verification code plug-in of a client to the verification code server;
step two, the verification code server side randomly selects K different patterns from a preset pattern library, and selects 1 pattern from the K different patterns as a foreground picture outline; the verification code server generates a foreground picture by taking the No. 1 pattern as an outline;
embedding K watermarks with the K patterns in the step two as outlines on the background image by the verification code server side; the K watermarks are randomly distributed on the background image, and the outlines of the K watermarks are not shielded or connected; and synthesizing the background image and the K watermark verification code images. The verification code server records the position coordinate [ x ] of the No. 1 watermark1,y1]。
Step four, the verification code server sends the verification code picture and the foreground picture to the client;
fifthly, the verification code server receives the dragging track collected by the client;
and seventhly, analyzing and judging the dragging behavior of the mouse or the finger of the user by the verification code server side, and feeding back the judgment result to the client side.
Further, the analysis process is as follows: the identifying code server judges whether the dragging end point is positioned at the No. 1 watermark or not by using the coordinate [ x, y ]]And [ x ]1,y1]Comparing the Euclidean distance with a preset judgment threshold T, if so, judging whether the Euclidean distance is larger than the preset judgment threshold T
The authentication is passed and otherwise the authentication is not passed.
Further, the analyzing process further includes: the verification code server further judges the reasonability of the dragging track, if the track is reasonable, the verification is passed, otherwise, the verification is not passed.
Further, the position coordinates of the watermark adopt the coordinates of the point of the geometric gravity center.
Further, the drag trajectory includes: coordinates of each point dragged by and coordinates of an end point [ x, y ].
Further, the rationality decision is: and calculating the actual length L of the track and the linear distance D from the dragging starting point to the dragging terminal point, setting alpha as a preset certain coefficient larger than 1, and judging that the track passes through if L is smaller than or equal to alpha D, otherwise, not passing through.
The method adopts a dragging type verification code mode of dragging a small foreground picture to a watermark position corresponding to a background picture, but is different from the traditional dragging type verification code, firstly, the foreground picture is not a fixed outline any more, but a random outline; second, there is more than one watermark in the background picture, but multiple watermarks are embedded. Except that the outline of one watermark is consistent with the outline of the foreground picture, the outlines of other watermarks are randomly generated, and the outline of each watermark has difference which can be easily distinguished by naked eyes; in addition, the embedding positions of all watermarks on the background picture are random; thirdly, the mouse or finger dragging action is not single-direction dragging (such as horizontal dragging along the x axis) but free dragging in any direction of the x-y two-dimensional plane; and fourthly, collecting the whole-course track data (not only the end point coordinates) dragged by the user for behavior analysis, and successfully verifying the scene picture only when the foreground picture is dragged to the watermark position consistent with the outline of the foreground picture on the two-dimensional plane and the dragging behavior is judged to be reasonable by the server.
The verification code generation and verification method provided by the invention effectively solves the problem that the current verification code is easy to be cracked by a machine program. The method inherits the advantages of simple operation and good experience of the dragging type verification code on one hand, increases the difficulty of the machine program for automatically identifying the verification code through the matching of the outline pattern on the other hand, and can further increase the difficulty of the machine program for automatically identifying the verification code through the verification of the rationality of the dragging track.
Drawings
FIG. 1 shows steps of generating and verifying a behavior verification code with a random profile watermark at a random position according to the present invention.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. Moreover, the schematic diagrams provided in the embodiments are only for illustrating the basic concept of the present invention in a schematic manner, so as to be understood and read by those skilled in the art, and are not used to limit the practical limitations of the present invention.
Example (b):
referring to fig. 1, the present invention provides a verification code generation and verification method based on random contour recognition and drag behavior recognition, and the specific technical implementation process is as follows:
initialization: a pattern library is maintained at the captcha server. The patterns in the pattern library vary. The pattern may be a geometric pattern (e.g., polygon, circle, ellipse, etc.), may be an animal or plant pattern (e.g., dog, chicken, flower, etc.), may be an article pattern (e.g., wine bottle, lantern, car, etc.), or may be other types of patterns or even shaped patterns.
The patterns have similar sizes, and the Euclidean distance from any point on the outline to the geometric gravity center of the pattern is not more than r, wherein r is a preset positive number.
Preferably, each pattern does not have hollow or large-amplitude depression, so that the geometric gravity center of each pattern is ensured to fall within the outline of the pattern, and a user can conveniently click and touch the gravity center area of the pattern for dragging.
Preferably, each pattern is manually screened prior to being added to the library to ensure that its distinctiveness from that of each previous pattern is readily detectable by the naked eye.
Step one, a verification code plug-in of a client applies for a verification code to a verification code server.
And step two, the verification code server randomly selects K different patterns from a preset pattern library, and selects 1 pattern (conveniently called as a No. 1 pattern; and other patterns are numbered as 2, 3, … and K) from the K different patterns for the foreground picture outline. And the verification code server generates a foreground picture by taking the No. 1 pattern as an outline.
And step three, embedding K watermarks with the K patterns in the step two as outlines by the verification code server side on a background image by adopting the steps from S3-1 to S3-4, so that the K watermarks are randomly distributed on the background image and are not mutually shaded or connected by the outlines.
S3-1: randomly selecting one satisfying condition C in the background image1Point P of1And recording its coordinates [ x [ ]1,y1]。
Condition C1:P1The Euclidean distance to any point of the edge of the background image is larger than r.
S3-2: randomly selecting one satisfying condition C in the background image2Point P of2And recording its coordinates [ x [ ]2,y2]。
Condition C2:P2The Euclidean distance to any point along the background edge is greater than r, and P2To P1Is greater than 2 r.
S3-3: randomly selecting one satisfying condition C in the background image3Point P of3And recording its coordinates [ x [ ]3,y3]。
Condition C3: the Euclidean distance from P3 to any point along the background edge is greater than r, and P3To P1、P2Are all greater than 2 r.
S3-4: in turn, until one is selected to satisfy condition CKPoint P ofKAnd recording its coordinates [ x [ ]K,yK]。
Condition CK:PKThe Euclidean distance to any point of the edge of the background image is greater than r, and PKTo P1、P2、…、PK-1The Euclidean distance of each point is larger than 2 r.
S3-5: at point P of the background map1Water with number 1 patternPrinting (watermark No. 1 for short), at point P1To PKA watermark is embedded with patterns 2 to K in outline, each pattern being used only once. When embedding, the geometrical gravity center of the watermark pattern is kept to be coincided with the position point. The background picture and the embedded K watermarks constitute the final authentication code picture.
And step four, the verification code server sends the verification code picture and the foreground picture to the client.
And step five, displaying the received verification code picture and the foreground picture by a verification code plug-in of the client.
And step six, the user needs to drag the foreground picture to the watermark position which is consistent with the outline of the foreground picture freely through mouse dragging or finger sliding. The client sends the collected dragging track (coordinates of each point dragged by the client) and the terminal point coordinates [ x, y ] to the verification code server.
And seventhly, analyzing and judging the mouse dragging or finger sliding behavior of the user by the verification code server side, and returning the final judgment result to the client side. The method of analyzing the decision is as follows:
s7-1: and judging the position of the end point, namely judging whether the dragging end point is positioned at the position of the No. 1 watermark. The judgment method is to use the coordinates [ x, y]And [ x ]1,y1]Comparing the Euclidean distance with a preset judgment threshold T, if so, judging whether the Euclidean distance is larger than the preset judgment threshold T
The authentication is passed and otherwise the authentication is not passed.
S7-2: and judging the reasonability of the dragging track by adopting a preset rule after the judgment and verification of the end point position are passed. If the verification is reasonable, the verification is passed, otherwise, the verification is not passed.
Preferably, the rationality decision applies the following rules: and calculating the actual length L of the track and the linear distance D from the dragging starting point to the dragging terminal point, setting alpha as a preset certain coefficient larger than 1, and judging that the track passes through if L is smaller than or equal to alpha D, otherwise, not passing through.
Alternatively, the authentication code server may perform only S7-1 and not S7-2 as required by different security strengths.
Claims (6)
1. A method for generating and verifying a behavior verification code at a random position of a random contour is characterized by comprising the following steps:
firstly, a verification code server receives a verification code application which is provided by a verification code plug-in of a client to the verification code server;
step two, the verification code server side randomly selects K different patterns from a preset pattern library, and selects 1 pattern from the K different patterns as a foreground picture outline; the verification code server generates a foreground picture by taking the No. 1 pattern as an outline;
embedding K watermarks with the K patterns in the step two as outlines on the background image by the verification code server side; the K watermarks are randomly distributed on the background image, and the outlines of the K watermarks are not shielded or connected; and synthesizing the background image and the K watermark verification code images. The verification code server records the position coordinate [ x ] of the No. 1 watermark1,y1]。
Step four, the verification code server sends the verification code picture and the foreground picture to the client;
fifthly, the verification code server receives the dragging track collected by the client;
and seventhly, analyzing and judging the dragging behavior of the mouse or the finger of the user by the verification code server side, and feeding back the judgment result to the client side.
2. The method for generating and verifying the random-position behavior verification code of the random contour as claimed in claim 1, wherein the analyzing process comprises: the identifying code server judges whether the dragging end point is positioned at the No. 1 watermark or not by using the coordinate [ x, y ]]And [ x ]1,y1]Comparing the Euclidean distance with a preset judgment threshold T, if so, judging whether the Euclidean distance is larger than the preset judgment threshold T
The authentication is passed and otherwise the authentication is not passed.
3. A method for generating and verifying a random profile random location behavioral verification code according to claim 1, wherein said method comprises the steps of: the process of analyzing further comprises: the verification code server further judges the reasonability of the dragging track, if the track is reasonable, the verification is passed, otherwise, the verification is not passed.
4. The method as claimed in claim 1, wherein the coordinates of the watermark position are the coordinates of the point at which the geometric center of gravity is located.
5. The method for generating and verifying the behavior verification code at the random position of the random profile as claimed in claim 1, wherein the dragging track comprises: coordinates of each point dragged by and coordinates of an end point [ x, y ].
6. A method for generating and verifying a random profile random position behavior verification code according to claim 3, wherein the rationality decision is: and calculating the actual length L of the track and the linear distance D from the dragging starting point to the dragging terminal point, setting alpha as a preset certain coefficient larger than 1, and judging that the track passes through if L is smaller than or equal to alpha D, otherwise, not passing through.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011380817.8A CN112528264A (en) | 2020-11-30 | 2020-11-30 | Behavior verification code generation and verification method for random position of random contour |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011380817.8A CN112528264A (en) | 2020-11-30 | 2020-11-30 | Behavior verification code generation and verification method for random position of random contour |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112528264A true CN112528264A (en) | 2021-03-19 |
Family
ID=74995711
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011380817.8A Pending CN112528264A (en) | 2020-11-30 | 2020-11-30 | Behavior verification code generation and verification method for random position of random contour |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112528264A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112819693A (en) * | 2021-04-19 | 2021-05-18 | 北京每日优鲜电子商务有限公司 | Sliding verification code generation method and device, electronic equipment and computer readable medium |
| CN113190310A (en) * | 2021-04-27 | 2021-07-30 | 中冶华天工程技术有限公司 | Verification code design method based on random position object semantic recognition |
| CN114626048A (en) * | 2022-03-18 | 2022-06-14 | 国韵信息科技(济南)有限公司 | Computer login system and method based on verification code identification |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107395594A (en) * | 2017-07-21 | 2017-11-24 | 华东师范大学 | A kind of automatic identifying method for pulling identifying code |
| CN107846412A (en) * | 2017-11-28 | 2018-03-27 | 五八有限公司 | Identifying code request processing method, device and identifying code processing system |
| WO2018059033A1 (en) * | 2016-09-30 | 2018-04-05 | 华为技术有限公司 | Verification method, server and system |
| CN110308846A (en) * | 2019-05-22 | 2019-10-08 | 广西链全科技有限公司 | A kind of generation of two-dimension translational puzzle type identifying code and verification method |
-
2020
- 2020-11-30 CN CN202011380817.8A patent/CN112528264A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018059033A1 (en) * | 2016-09-30 | 2018-04-05 | 华为技术有限公司 | Verification method, server and system |
| CN107395594A (en) * | 2017-07-21 | 2017-11-24 | 华东师范大学 | A kind of automatic identifying method for pulling identifying code |
| CN107846412A (en) * | 2017-11-28 | 2018-03-27 | 五八有限公司 | Identifying code request processing method, device and identifying code processing system |
| CN110308846A (en) * | 2019-05-22 | 2019-10-08 | 广西链全科技有限公司 | A kind of generation of two-dimension translational puzzle type identifying code and verification method |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112819693A (en) * | 2021-04-19 | 2021-05-18 | 北京每日优鲜电子商务有限公司 | Sliding verification code generation method and device, electronic equipment and computer readable medium |
| CN112819693B (en) * | 2021-04-19 | 2022-04-22 | 北京每日优鲜电子商务有限公司 | Sliding verification code generation method and device, electronic equipment and computer readable medium |
| CN113190310A (en) * | 2021-04-27 | 2021-07-30 | 中冶华天工程技术有限公司 | Verification code design method based on random position object semantic recognition |
| CN113190310B (en) * | 2021-04-27 | 2023-03-14 | 中冶华天工程技术有限公司 | Verification code design method based on random position object semantic recognition |
| CN114626048A (en) * | 2022-03-18 | 2022-06-14 | 国韵信息科技(济南)有限公司 | Computer login system and method based on verification code identification |
| CN114626048B (en) * | 2022-03-18 | 2023-10-13 | 中软国际科技服务有限公司 | Computer login system and method based on verification code identification |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112528264A (en) | Behavior verification code generation and verification method for random position of random contour | |
| US10114942B2 (en) | Interactive CAPTCHA | |
| Guerar et al. | Gotta CAPTCHA’Em all: a survey of 20 Years of the human-or-computer Dilemma | |
| Gao et al. | The robustness of hollow CAPTCHAs | |
| EP1461673B1 (en) | Validating the identity of a user using a pointing device | |
| US20220301236A1 (en) | Systems and methods for augmented reality environments and tokens | |
| US20110292031A1 (en) | Manipulable human interactive proofs | |
| CN107682368B (en) | Verification method, client, server and system based on interactive operation | |
| CN109800559B (en) | Method and device for generating slider verification code, computer equipment and storage medium | |
| Alt et al. | Graphical passwords in the wild: Understanding how users choose pictures and passwords in image-based authentication schemes | |
| Awasthi et al. | A comparative study of various CAPTCHA methods for securing web pages | |
| CN113190310B (en) | Verification code design method based on random position object semantic recognition | |
| Goswami et al. | Face recognition captcha | |
| Dinh et al. | Recent advances of Captcha security analysis: a short literature review | |
| Jampour et al. | Chaos game theory and its application for offline signature identification | |
| Roshanbin et al. | ADAMAS: Interweaving unicode and color to enhance CAPTCHA security | |
| CN104462908A (en) | Method and system for finger-writing signatures on touch screen | |
| Dinh et al. | Human-artificial intelligence approaches for secure analysis in CAPTCHA codes | |
| Qing et al. | A multi-label neural network approach to solving connected CAPTCHAs | |
| Khan et al. | Automatic signature verifier using Gaussian gated recurrent unit neural network | |
| Chaudhari et al. | 3D drag-n-drop CAPTCHA enhanced security through CAPTCHA | |
| CN112839026B (en) | Behavior verification code generation and verification method based on random grid and random watermark outline | |
| CN111125672A (en) | Method and device for generating image verification code | |
| CN114917590B (en) | Virtual reality game system | |
| Nohara et al. | Personal identification by flick input using self-organizing maps with acceleration sensor and gyroscope |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |