WO2015003599A1 - Method, apparatus and system for verification using verification code - Google Patents

Method, apparatus and system for verification using verification code Download PDF

Info

Publication number
WO2015003599A1
WO2015003599A1 PCT/CN2014/081777 CN2014081777W WO2015003599A1 WO 2015003599 A1 WO2015003599 A1 WO 2015003599A1 CN 2014081777 W CN2014081777 W CN 2014081777W WO 2015003599 A1 WO2015003599 A1 WO 2015003599A1
Authority
WO
WIPO (PCT)
Prior art keywords
verification
verification code
disturbing
sentence
phrase
Prior art date
Application number
PCT/CN2014/081777
Other languages
French (fr)
Inventor
Yuanhui XIE
Kaiyuan GU
Jinxing LIU
Original Assignee
Tencent Technology (Shenzhen) Company Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology (Shenzhen) Company Limited filed Critical Tencent Technology (Shenzhen) Company Limited
Publication of WO2015003599A1 publication Critical patent/WO2015003599A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Definitions

  • the disclosure relates to information technology, and more specifically, to information verification filed; the disclosure particularly relates to method, apparatus and system for verification using a verification code.
  • verification to users is usually needed.
  • additional verification in other forms such as the verification using a verification code, can be used.
  • the verification using a verification code is usually implemented by embedding a verification code, added with some graph or symbols for disturbing (disturbing information), into a background image to form a verification image for sending to a terminal user.
  • Fig. 1 is a schematic diagram of an interface showing the verification image and the verification input box in the form of common questions and answers as mentioned above.
  • the other solution is the verification in the form of security question and answer.
  • the verification of this solution is similar to that in the form of common questions and answers, except that the at least one question and the corresponding answer to the at least one question can be set by the user liberally.
  • Fig. 2 is a schematic diagram showing an interface for setting the questions and answers in the verification in the form of security question and answer as mentioned above.
  • This solution has a disadvantage that many users are not willing to provide the answers to the questions or casually provide an answer which is easy to forget. Meanwhile, the answer provided by the user is a static answer, which has a poor security.
  • the present application provides a method, apparatus and system for verifying a terminal using a verification code to solve at least some of the problems mentioned above.
  • a method for verifying a terminal using a verification code includes: retrieving an original verification code from a verification information database; generating a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code; sending the verification image and verification input requirement corresponding to the disturbing process to the terminal; receiving user input information from the terminal; and determining whether the user input information is matched with the original verification code, wherein the original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols, and the disturbing process includes at least a disturbing edit to contents of the sentence or phrase.
  • an apparatus for verifying a terminal using a verification code includes : a retrieving module configured to retrieve an original verification code from a verification information database; a generating module configured to generate a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code; a sending module configured to send the verification image and verification input requirement corresponding to the disturbing process to the terminal; a receiving module configured to receive user input information from the terminal; and a determining module configured to determine whether the user input information is matched with the original verification code, wherein the original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols, and the disturbing process includes at least a disturbing edit to contents of the sentence or phrase.
  • a system for verifying a terminal using a verification code includes a server and a terminal, wherein the server is configured to retrieve an original verification code from a verification information database, generate a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code, and send the verification image and verification input requirement corresponding to the disturbing process to the terminal; the terminal is configured to obtain user input information corresponding to the verification image after the verification image and the verification input requirement sent from the server are received, and send the user input information to the server; the server is further configured to determine whether the user input information is matched with the original verification code after the user input information is received from the terminal; wherein the original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols, and the disturbing process includes at least a disturbing edit to contents of the sentence or phrase.
  • a computer-readable medium having computer-readable instructions stored thereon to implement the above-mentioned method is provided.
  • the verification of the terminal user is implemented by sending a verification image containing the disturbed verification code, receiving user input information corresponding to the verification image sent from the terminal, and determining whether the user input information is matched with the disturbed verification code.
  • the terminal user needs to spend a time period for identifying the disturbed verification code, thus the difficulty for recognizing the verification code by the automaton is efficiently increased, and the efficiency for recognizing the disturbed verification code by malicious users who perform a number of registration, log-in or other malicious actions is reduced.
  • Fig. 1 is a schematic diagram of an interface showing the verification image and the verification input box in the form of common questions and answers as mentioned in the background portion of the disclosure;
  • Fig. 2 is a schematic diagram of a setting interface showing the questions and answers in the verification in the form of security question and answer as mentioned in the background portion of the disclosure;
  • Fig. 3 is a flow diagram showing a method for verification using a verification code according to a first embodiment of the disclosure
  • Fig. 4 is a flow diagram showing a method for verification using a verification code according to a second embodiment of the disclosure
  • Fig. 5 is a flow diagram showing a process for generating the verification image according to the second embodiment of the disclosure.
  • Fig. 6(a) is a schematic interface of a verification image generated according to the second embodiment of the disclosure.
  • Fig. 6(b) is a schematic interface of another verification image generated according to the second embodiment of the disclosure.
  • Fig. 7 is a schematic block view of an apparatus for verification using a verification code according to a third embodiment of the disclosure.
  • Fig. 8 is a schematic block view of an apparatus for verification using a verification code according to a fourth embodiment of the disclosure.
  • Fig. 9 is a schematic block view of a system for verification using a verification code according to a fifth embodiment of the disclosure.
  • Fig. 3 illustrates a first embodiment of the disclosure.
  • Fig. 3 is a flow diagram showing a method for verification using a verification code according to a first embodiment of the disclosure.
  • the method according to this embodiment may be used by a server to implement the verification using a verification code.
  • the server includes, but is not limited to, a website server, an Enterprise Source Planning (EPR) server, and an Office Automation (OA) server.
  • EPR Enterprise Source Planning
  • OA Office Automation
  • an original verification code is retrieved from a verification information database.
  • a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code is generated.
  • At least one set of original verification codes are stored in the verification information database.
  • a disturbing process may be performed so that a corresponding disturbed verification code is obtained.
  • Each disturbing process is associated with a respective verification input requirement.
  • the original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols.
  • the verification input requirement is used for prompting users of a terminal the requirements for inputting the information corresponding to the disturbed verification code.
  • the disturbing process includes at least a disturbing edit to contents of the sentence or phrase.
  • the disturbing edit to contents of the sentence or phrase in the original verification code includes shuffling the words, characters and/or symbols in the sentence or phrase.
  • the shuffling may be performed by a server automatically or by an operator manually.
  • the shuffling may include dividing the sentence or phrase into separate portions and recombining the portions according to a random or predetermined order.
  • the dividing of the sentence or phrase may be performed according to a random or predetermined order.
  • the sentence of the original verification code may be divided, on a basis that two Chinese characters are used as a divided portion, into portions “security", “center”, “reminds”, “you:”, “do not”, “easily”, “trust”, “unknown”, “incoming calls”, Then, the order of the portions is randomly disturbed to form a disturbed verification code "reminds security center you: trust do not. incoming calls unknown easily”.
  • the verification input requirement corresponding to the disturbing verification code may be "please recombine the following sentence”.
  • the disturbing edit to contents of the sentence or phrase in the original verification code includes omitting a word and/or character from the sentence or phrase.
  • the omitting may be performed by a server automatically or by an operator manually.
  • the omitting may include dividing the sentence or phrase in the original verification code into separate portions and omitting a portion at a predetermined position in the sentence or phrase or randomly omitting at least one portion in the sentence or phrase.
  • a disturbed verification code “the cleverest housewife cannot cook a without” may be generated by randomly omitting the words "meal” and "rice” from the sentence of the original verification code.
  • the verification input requirement corresponding to the disturbing verification code may be "please fill the blank”.
  • the disturbing edit to contents of the sentence or phrase in the original verification code includes transforming the sentence or phrase in the original verification code into a corresponding question.
  • the transforming process may be implemented by an operator of the server.
  • the transformed question may be in a form such as a multiple-choice question, an error correction question, a true-or-false question, etc.
  • the disturbed verification code formed by transforming the original verification code may be "The four municipalities directly under the Central Government of China are A. Chongqing, B. Beijing, C. Shenzhen, D. Shanghai, E. Tianjin”
  • the verification input requirement corresponding to the disturbing verification code may be "please select the correct items”.
  • the disturbing edit may also be, for example, blocking at least one word or character in the sentence or phrase in the original verification code, or replacing at least one word or character in the sentence or phrase in the original verification code by an expression in another form, such as a picture.
  • the server may add the disturbed verification code into a preset background image so as to use the background image added with the disturbed verification code as the verification image.
  • step S303 the verification image and the verification input requirement corresponding to the disturbing process and thus the disturbing verification code are sent to the terminal.
  • the server may send the verification image and the verification input requirement to the terminal in a wired or wireless manner after the verification image is generated.
  • the wireless manner includes, but is not limited to, 3G connection, WiMAX connection, Zigbee connection.
  • the terminal receives and displays on a screen the verification image and the verification input requirement for recognizing by the terminal user.
  • step S304 user input information corresponding to the verification image sent from the terminal is received.
  • the terminal after presenting the verification image and the verification input requirement on the terminal, the terminal obtains the user input information corresponding to the verification image inputted in a verification input box by the terminal user, and sends the user input information to the server. Thereafter, the server receives the user input information.
  • step S305 it is determined whether the user input information matches the original verification code. If it is the case, the verification is successful.
  • the server After the user input information corresponding to the verification image sent from the terminal is received, the server identifies whether the user input information is consistent with a pre-stored verification answer corresponding to the disturbing process. If it is the case, it is determined that the user input information matches the original verification code and the verification is successful. For example, if the original verification code is "The four municipalities directly under the Central Government of China are Beijing, Tianjin, Shanghai, Chongqing" and the generated disturbed verification code is "The four municipalities directly under the Central Government of China are A. Chongqing, B . Beijing, C. Shenzhen, D. Shanghai, E.
  • the pre-stored verification answer corresponding to the disturbing process is a string formed by A (or a), B (or b), D (or d) and E (or e) in any sequence.
  • the server identifies that the user input information "adEB” is consistent with the pre-stored verification answer corresponding to the disturbing process, and thus determines it matches the original verification code "The four municipalities directly under the Central Government of China are Beijing, Tianjin, Shanghai, Chongqing" and the verification is successful.
  • verification to the terminal is achieved by sending a verification image containing a disturbed verification code, receiving user input information corresponding to the verification image from the terminal, and determining whether the user input information matches the original verification code.
  • the terminal user needs to spend a time period for identifying the disturbed verification code, thus the difficulty for recognizing the verification code by an automaton is efficiently increased, and the efficiency for recognizing the disturbed verification code by malicious users who perform a number of registration, log-in or other malicious actions is reduced.
  • Figs. 4-6 illustrate a second embodiment of the disclosure.
  • Fig. 4 is a flow diagram showing a method for verification using a verification code according to a second embodiment of the disclosure.
  • the method according to this embodiment may be used by a server to implement the verification using a verification code.
  • the server includes, but is not limited to, a website server, an Enterprise Source Planning (EPR) server, and an Office Automation (OA) server.
  • EPR Enterprise Source Planning
  • OA Office Automation
  • an original verification code is retrieved from a verification information database.
  • a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code is generated.
  • At least one set of original verification codes are stored in the verification information database.
  • a disturbing process may be performed so that a corresponding disturbed verification code is obtained.
  • Each disturbing process is associated with a respective verification input requirement, a verification answer and an answer prompt.
  • the original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols.
  • the verification input requirement is used for prompting users the requirements for inputting the information corresponding to the disturbed verification code.
  • the answer prompt is information corresponding to the original verification code which facilitates the user to identify the information contained in the disturbed verification code.
  • the disturbing process includes at least a disturbing edit to contents of the sentence or phrase.
  • the disturbed verification code generated from the original verification code and/or the verification input requirement corresponding to the disturbing process is pre-stored in the verification information database.
  • the disturbing process has been described in detail with reference to the first embodiment, and thus is omitted here.
  • Fig. 5 is a flow diagram showing a process for generating the verification image according to the second embodiment of the disclosure.
  • the step S402 includes the following sub-steps.
  • a disturbed verification code is generated by performing a disturbing process on the original verification code retrieved from the verification information database.
  • font properties are set for the disturbed verification code.
  • the disturbed verification code whose font properties have been set and disturbing information are added to a preset background image, so that the background image, added with the disturbed verification code whose font properties have been set and the disturbing information, is used as the verification image.
  • the setting of font properties for the disturbed verification code performed by the server may include: setting different font properties for respective words, characters and/or symbols in the disturbed verification code, the font properties including a font style, a font size and/or a font color.
  • the disturbing information includes but is not limited to a randomly generated noise, curve and/or geometric graph.
  • Fig. 6(a) is a schematic interface of a verification image generated according to the second embodiment of the disclosure
  • Fig. 6(b) is a schematic interface of another verification image generated according to the second embodiment of the disclosure
  • step S403 the verification image and the verification input requirement are sent to the terminal.
  • This step is the same as the step S303 in the first embodiment, and the description thereof is omitted here.
  • step S404 user input information corresponding to the verification image sent from the terminal is received.
  • This step is the same as the step S304 in the first embodiment, and the description thereof is omitted here.
  • step S405 it is determined whether the user input information matches the original verification code. If it is the case, the process goes to the step S406; otherwise, the process goes to the step S407.
  • the server Upon receiving the user input information corresponding to the verification image sent from the terminal, the server identifies whether the user input information is consistent with a pre-stored verification answer corresponding to the disturbing process. If it is the case, it is determined that the user input information matches the original verification code; otherwise, it is determined that the user input information does not match the original verification code.
  • step S406 it is determined that the verification is successful.
  • the server determines that the user input information matches the original verification code, it is determined that the verification is successful. Meanwhile, a verification success message may be sent to the terminal and then the process ends.
  • a verification failure message and an answer prompt corresponding to the original verification code are sent to the terminal.
  • a verification failure message may be sent to the terminal together with an answer prompt corresponding to the original verification code if it is determined by the server that the user input information does not match the original verification code.
  • the original verification code is "The four municipalities directly under the Central Government of China are Beijing, Tianjin, Shanghai, Chongqing”
  • the generated disturbed verification code is "The four municipalities directly under the Central Government of China are A. Chongqing, B. Beijing, C. Shenzhen, D. Shanghai, E. Tianjin”
  • the pre-stored verification answer corresponding to the disturbing process is a string formed by A (or a), B (or b), D (or d) and E (or e) in any sequence.
  • the server identifies that the user input information is not consistent with the pre-stored verification answer corresponding to the disturbing process, and thus the verification fails.
  • the server may retrieve from the verification information database the answer prompt corresponding to the disturbing process and sends the answer prompt to the terminal together with a verification failure message. Then, the server receives the user input information input from the terminal again.
  • the answer prompt may be "the four municipalities directly under the Central Government of China are Jing, Jin, Hu, Yu in short", and the verification failure message may be "Failure. Please enter again.”.
  • a font property setting is performed to the disturbed verification code and/or disturbing information is added into the verification image, further increasing the difficulty for recognizing the verification code by an automaton, and reducing the efficiency for recognizing the disturbed verification code by malicious users who perform a number of registration, log-in or other malicious actions.
  • the successful rate for recognizing the disturbed verification by the terminal user is increased by sending the verification failure message and the answer prompt corresponding to the disturbing process when the verification fails.
  • Fig. 7 illustrates a third embodiment of the disclosure.
  • Fig. 7 is a schematic block view of an apparatus for verification using a verification code according to a third embodiment of the disclosure.
  • the apparatus may include : a retrieving module 701 configured to retrieve an original verification code from a verification information database; a generating module 702 configured to generate a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code; a sending module 703 configured to send the verification image and verification input requirement corresponding to the disturbing process to the terminal; a receiving module 704 configured to receive user input information from the terminal; and a determining module 705 configured to determine whether the user input information matches the original verification code. If it is determined the user input information matches the original verification code, the verification is successful.
  • At least one set of original verification codes are stored in the verification information database.
  • a disturbing process may be performed so that a corresponding disturbed verification code is obtained.
  • Each disturbing process is associated with a respective verification input requirement.
  • the original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols.
  • the verification input requirement is used for prompting users the requirements for inputting the information corresponding to the disturbed verification code.
  • the disturbing process includes at least a disturbing edit to contents of the sentence or phrase.
  • the disturbing edit to contents of the sentence or phrase in the original verification code includes shuffling the words, characters and/or symbols in the sentence or phrase.
  • the shuffling may be performed by a server automatically or by an operator manually.
  • the apparatus further includes a shuffling module (not shown) for shuffling the words, characters and/or symbols in the sentence or phrase in the original verification code.
  • the shuffling includes dividing the sentence or phrase into separate portions; and recombining the portions according to a random or predetermined order.
  • the shuffling module may divide the sentence or phrase according to a random or predetermined order.
  • the shuffling module may firstly divide the sentence of the original verification code, on a basis that two Chinese characters are used as a divided portion, into portions “security", “center”, “reminds”, “you:”, “do not”, “easily”, “trust”, “unknown”, “incoming calls”, Then, the order of the portions is randomly disturbed to form a disturbed verification code "reminds security center you: trust do not. incoming calls unknown easily”.
  • the verification input requirement corresponding to the disturbing verification code may be "please recombine the following sentence”.
  • the disturbing edit to contents of the sentence or phrase in the original verification code includes omitting a word and/or character from the sentence or phrase.
  • the omitting may be performed by a server automatically or by an operator manually. If performed by a server automatically, the apparatus further includes an omitting module (not shown) for omitting a word and/or character from the sentence or phrase.
  • the omitting may include dividing the sentence or phrase in the original verification code into separate portions; and omitting a portion at a predetermined position in the sentence or phrase or randomly omitting at least one portion in the sentence or phrase.
  • a disturbed verification code “the cleverest housewife cannot cook a without” may be generated by randomly omitting the words "meal” and "rice” from the sentence of the original verification code by the omitting module.
  • the verification input requirement corresponding to the disturbing verification code may be "please fill the blank”.
  • the disturbing edit to contents of the sentence or phrase in the original verification code includes transforming the sentence or phrase in the original verification code into a corresponding question.
  • the transforming process may be implemented by an operator of the server.
  • the transformed question may be in a form such as a multiple-choice question, an error correction question, a true-or-false question, etc.
  • the disturbed verification code formed by transforming the original verification code may be "The four municipalities directly under the Central Government of China are A. Chongqing, B. Beijing, C. Shenzhen, D. Shanghai, E.
  • the disturbing edit could also be, for example, blocking at least one word or character in the sentence or phrase in the original verification code, or replacing at least one word or character in the sentence or phrase in the original verification code by an expression in another form, such as a picture.
  • the generating module 702 may include a verification code addition sub-module 7021 for adding the disturbed verification code into a preset background image so as to use the background image added with the disturbed verification code as the verification image.
  • the sending module 703 may send the verification image and the verification input requirement to the terminal in a wired or wireless manner after the verification image is generated.
  • the wireless manner includes, but is not limited to, 3G connection, WiMAX connection, Zigbee connection.
  • the terminal receives and displays on a screen the verification image and the verification input requirement for recognizing by the terminal user.
  • the terminal after presenting the verification image and the verification input requirement on the terminal, the terminal obtains the user input information corresponding to the verification image inputted in a verification input box by the terminal user, and sends the user input information to the apparatus. Thereafter, the receiving module 704 in the apparatus receives the user input information.
  • the determining module 705 determines whether the user input information is consistent with a pre-stored verification answer corresponding to the disturbing process. If it is the case, it is determined that the user input information matches the original verification code and the verification is successful.
  • the third embodiment of the disclosure provides an apparatus for verification using a verification code, which corresponds to the method for verification using a verification code disclosed in the first embodiment. Contents which have not described in detail here may be found in the first embodiment.
  • verification to the terminal is achieved by sending a verification image containing a disturbed verification code, receiving user input information corresponding to the verification image from the terminal, and determining whether the user input information matches the original verification code.
  • the terminal user needs to spend a time period for identifying the disturbed verification code, thus the difficulty for recognizing the verification code by an automaton is efficiently increased, and the efficiency for recognizing the disturbed verification code by malicious users who perform a number of registration, log-in or other malicious actions is reduced.
  • Fig. 8 illustrates a fourth embodiment of the disclosure.
  • Fig. 8 is a schematic block view of an apparatus for verification using a verification code according to a third embodiment of the disclosure.
  • the apparatus includes: a retrieving module 801 configured to retrieve an original verification code from a verification information database; a generating module 802 configured to generate a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code; a sending module 803 configured to send the verification image and verification input requirement corresponding to the disturbing process to the terminal; a receiving module 804 configured to receive user input information from the terminal; and a determining module 805 configured to determine whether the user input information matches the original verification code. If it is determined the user input information matches the original verification code, the verification is successful.
  • At least one set of original verification codes are stored in the verification information database.
  • a disturbing process may be performed so that a corresponding disturbed verification code is obtained.
  • Each disturbing process is associated with a respective verification input requirement, a verification answer and an answer prompt.
  • the original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols.
  • the verification input requirement is used for prompting users the requirements for inputting the information corresponding to the disturbed verification code.
  • the answer prompt is information corresponding to the original verification code which facilitates the user to identify the information contained in the disturbed verification code.
  • the disturbing process includes at least a disturbing edit to contents of the sentence or phrase.
  • the disturbed verification code generated from the original verification code and/or the verification input requirement corresponding to the disturbing process is pre-stored in the verification information database.
  • the disturbing process has been described in detailed with reference to the first embodiment, and thus is omitted here.
  • the generating module 802 may include a property setting sub-module 8021 for setting font properties of the disturbed verification code; a verification code addition sub-module 8022 for adding the disturbed verification code, in which the font properties have been set, into a preset background image; and a disturbing information adding sub-module 8023 for adding disturbing information into the preset background image, so that the background image added with the disturbed verification code, in which the font properties have been set, and the disturbing information is used as the verification image.
  • the property setting sub-module 8021 sets font properties for the disturbed verification code performed by the server, including setting different font properties for respective words, characters and/or symbols in the disturbed verification code, the font properties including a font style, a font size and/or a font color.
  • the disturbing information includes but is not limited to a randomly generated noise, curve and/or geometric graph.
  • the verification code addition sub-module 8022 may locate the disturbed verification code laterally, longitudinally or rotationally by a preset angle.
  • the generating module 802 may include only one of the property setting sub-module 8021 and the disturbing information adding sub-module 8023.
  • the verification code addition sub-module 8022 and the disturbing information adding sub-module 8023 included in the generating module 802 are shown as two separate units in Fig. 8, the verification code addition sub-module 8022 and the disturbing information adding sub-module 8023 may be implemented in a single unit.
  • the determining module 805 may include a determining sub-module 8051 for determining, after the user input information corresponding to the verification image sent from the terminal is received by the receiving module 804, whether the user input information is consistent with the verification answer corresponding to the original verification code. If it is the case, it is determined that the verification is successful; otherwise, it is determined that the verification fails.
  • the determining module 805 may further include a sending sub-module 8052 for sending a failure message and the answer prompt corresponding to the original verification code to the terminal when the determining sub-module 8051 determines that the verification fails.
  • the sending sub-module 8052 may send a verification failure message to the terminal together with an answer prompt corresponding to the original verification code after it is determined by the determining sub-module 8051 that the user input information does not match the original verification code.
  • a control signal may be sent to the generating module 802 instructing the generating module 802 to generate another disturbed verification code for sending to the terminal.
  • the fourth embodiment of the disclosure provides an apparatus for verification using a verification code, which corresponds to the method for verification using a verification code disclosed in the second embodiment. Contents which have not described in detail may be found in the second embodiment.
  • a font property setting is performed to the disturbed verification code and/or disturbing information is added into the verification image, further increasing the difficulty for recognizing the verification code by an automaton, and reducing the efficiency for recognizing the disturbed verification code by malicious users who perform a number of registration, log-in or other malicious actions.
  • the successful rate for recognizing the disturbed verification by the terminal user is increased by sending the verification failure message and the answer prompt corresponding to the disturbing process when the verification fails.
  • Fig. 9 illustrates a fifth embodiment of the disclosure.
  • Fig. 9 is a schematic block view of a system for verification using a verification code according to a fifth embodiment of the disclosure.
  • the system may include a server 901 and a terminal 902.
  • the server 901 retrieves an original verification code from a verification information database, generates a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code.
  • the server 901 sends the verification image and verification input requirement corresponding to the disturbing process to the terminal 902.
  • the terminal 902 presents the verification image and the verification input requirement sent from the server 901, obtains user input information corresponding to the verification image, and sends the user input information to the server 901.
  • the server 901 determines whether the user input information matches the original verification code upon receiving the user input information from the terminal. If it is the case, the verification is successful.
  • At least one set of original verification codes are stored in the verification information database.
  • a disturbing process may be performed so that a corresponding disturbed verification code is obtained.
  • Each disturbing process is associated with a respective verification input requirement.
  • the original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols.
  • the verification input requirement is used for prompting users the requirements for inputting the information corresponding to the disturbed verification code.
  • the disturbed verification code generated from the original verification code and/or the verification input requirement corresponding to the disturbing process (or the disturbed verification code) is pre-stored in the verification information database.
  • the disturbing process includes at least a disturbing edit to contents of the sentence or phrase.
  • the server 901 includes, but is not limited to, a website server, an Enterprise Source Planning (EPR) server, and an Office Automation (OA) server.
  • the terminal 902 may be an electronic device that interacts with the terminal user, such as cell phone, laptop computer, tablet computer, personal computer, personal digital assistance, and the like.
  • the server 901 may be connected with the terminal 902 via a wired or wireless network.
  • the data transmission between the server 901 and the terminal 902 may be implemented based on HTTP protocol, TCP/IP protocol, UDP protocol, etc.
  • the fifth embodiment of the disclosure provides a system for verification using a verification code, which corresponds to the method for verification using a verification code disclosed in the second embodiment. Contents which have not described in detail may be found in the second embodiment.
  • verification to the terminal is achieved by setting font properties of the disturbed verification code, receiving user input information corresponding to the verification image from the terminal, and determining whether the user input information matches the original verification code.
  • the terminal user needs to spend a time period for identifying the disturbed verification code, thus the difficulty for recognizing the verification code by an automaton is efficiently increased, and the efficiency for recognizing the disturbed verification code by malicious users who perform a number of registration, log-in or other malicious actions is reduced.
  • the software program may be stored in non-transitory computer-readable medium such as a hard disk, a read-only memory (ROM), an optical disk or a floppy disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Document Processing Apparatus (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A method, apparatus and system for verifying a terminal using a verification code, the method including: retrieving an original verification code from a verification information database; generating a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code; sending the verification image and verification input requirement corresponding to the disturbing process to the terminal; receiving user input information from the terminal; and determining whether the user input information is matched with the original verification code, wherein the original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols, and the disturbing process includes at least a disturbing edit to contents of the sentence or phrase. Difficulty for identifying the disturbed verification code is improved efficiently.

Description

METHOD, APPARATUS AND SYSTEM FOR VERIFICATION USING VERIFICATION CODE
CROSS-REFERENCE TO RELATED APPLICATIONS
This application claims the priority benefit of Chinese Patent Application No.
201310284572.2 filed on July 8, 2013, the contents of which are incorporated by reference herein in their entirety for all purposes.
TECHNICAL FIELD
The disclosure relates to information technology, and more specifically, to information verification filed; the disclosure particularly relates to method, apparatus and system for verification using a verification code.
BACKGROUND
In Internet-based applications (such as account registration, account login, BBS posting, micro-blog posting), verification to users is usually needed. In addition to conventional authentication, additional verification in other forms, such as the verification using a verification code, can be used. At present, the verification using a verification code is usually implemented by embedding a verification code, added with some graph or symbols for disturbing (disturbing information), into a background image to form a verification image for sending to a terminal user.
Currently, malicious users mainly employ two methods for passing the verification using a verification code. One method is using an automaton stored with various image recognition algorithm programs to recognize and input the verification code contained in the verification image. This method, however, has only a low rate of success for relatively complex verification codes. The other method is employing many people to input the verification code contained in the verification image, which is referred to as "captcha human bypass". The captcha human bypass method has a stably high recognition rate. To increase the difficulty for recognizing the verification code by the automaton and reduce the efficiency of the captcha human bypass, two solutions have been proposed.
One solution is the verification in the form of common questions and answers, in which at least one question and its corresponding answer are preset. One question is selected randomly as the verification code. A corresponding verification image and a verification input box are provided for the verification. Fig. 1 is a schematic diagram of an interface showing the verification image and the verification input box in the form of common questions and answers as mentioned above. This solution has a disadvantage that the questions used for verification are relatively fixed and limited, resulting in that the recognition efficiency of the captcha human bypass cannot be reduced significantly.
The other solution is the verification in the form of security question and answer. The verification of this solution is similar to that in the form of common questions and answers, except that the at least one question and the corresponding answer to the at least one question can be set by the user liberally. Fig. 2 is a schematic diagram showing an interface for setting the questions and answers in the verification in the form of security question and answer as mentioned above. This solution has a disadvantage that many users are not willing to provide the answers to the questions or casually provide an answer which is easy to forget. Meanwhile, the answer provided by the user is a static answer, which has a poor security.
SUMMARY
The present application provides a method, apparatus and system for verifying a terminal using a verification code to solve at least some of the problems mentioned above.
According to an aspect of the disclosure, a method for verifying a terminal using a verification code includes: retrieving an original verification code from a verification information database; generating a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code; sending the verification image and verification input requirement corresponding to the disturbing process to the terminal; receiving user input information from the terminal; and determining whether the user input information is matched with the original verification code, wherein the original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols, and the disturbing process includes at least a disturbing edit to contents of the sentence or phrase.
According to another aspect of the disclosure, an apparatus for verifying a terminal using a verification code includes : a retrieving module configured to retrieve an original verification code from a verification information database; a generating module configured to generate a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code; a sending module configured to send the verification image and verification input requirement corresponding to the disturbing process to the terminal; a receiving module configured to receive user input information from the terminal; and a determining module configured to determine whether the user input information is matched with the original verification code, wherein the original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols, and the disturbing process includes at least a disturbing edit to contents of the sentence or phrase.
According to a further aspect of the disclosure, a system for verifying a terminal using a verification code includes a server and a terminal, wherein the server is configured to retrieve an original verification code from a verification information database, generate a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code, and send the verification image and verification input requirement corresponding to the disturbing process to the terminal; the terminal is configured to obtain user input information corresponding to the verification image after the verification image and the verification input requirement sent from the server are received, and send the user input information to the server; the server is further configured to determine whether the user input information is matched with the original verification code after the user input information is received from the terminal; wherein the original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols, and the disturbing process includes at least a disturbing edit to contents of the sentence or phrase.
According to a further aspect of the disclosure, a computer-readable medium having computer-readable instructions stored thereon to implement the above-mentioned method is provided.
As compared with prior arts, in the embodiments of the disclosure, the verification of the terminal user is implemented by sending a verification image containing the disturbed verification code, receiving user input information corresponding to the verification image sent from the terminal, and determining whether the user input information is matched with the disturbed verification code. According to embodiments of the disclosure, the terminal user needs to spend a time period for identifying the disturbed verification code, thus the difficulty for recognizing the verification code by the automaton is efficiently increased, and the efficiency for recognizing the disturbed verification code by malicious users who perform a number of registration, log-in or other malicious actions is reduced.
DESCRIPTION OF THE DRAWINGS
Fig. 1 is a schematic diagram of an interface showing the verification image and the verification input box in the form of common questions and answers as mentioned in the background portion of the disclosure;
Fig. 2 is a schematic diagram of a setting interface showing the questions and answers in the verification in the form of security question and answer as mentioned in the background portion of the disclosure;
Fig. 3 is a flow diagram showing a method for verification using a verification code according to a first embodiment of the disclosure;
Fig. 4 is a flow diagram showing a method for verification using a verification code according to a second embodiment of the disclosure;
Fig. 5 is a flow diagram showing a process for generating the verification image according to the second embodiment of the disclosure;
Fig. 6(a) is a schematic interface of a verification image generated according to the second embodiment of the disclosure;
Fig. 6(b) is a schematic interface of another verification image generated according to the second embodiment of the disclosure;
Fig. 7 is a schematic block view of an apparatus for verification using a verification code according to a third embodiment of the disclosure;
Fig. 8 is a schematic block view of an apparatus for verification using a verification code according to a fourth embodiment of the disclosure; and
Fig. 9 is a schematic block view of a system for verification using a verification code according to a fifth embodiment of the disclosure. DETAILED DESCRIPTION
In order to make the objects, technical solutions and advantages of the disclosure more apparent, embodiments will be further illustrated in details in connection with the accompanying figures hereinafter. It should be appreciated that the detailed embodiments described herein are only illustrative instead of limiting. Fig. 3 illustrates a first embodiment of the disclosure.
Fig. 3 is a flow diagram showing a method for verification using a verification code according to a first embodiment of the disclosure. The method according to this embodiment may be used by a server to implement the verification using a verification code. The server includes, but is not limited to, a website server, an Enterprise Source Planning (EPR) server, and an Office Automation (OA) server. Referring to Fig. 3, the method includes the following steps.
At step S301, an original verification code is retrieved from a verification information database.
At step S302, a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code is generated.
In this embodiment, at least one set of original verification codes are stored in the verification information database. For each original verification code, a disturbing process may be performed so that a corresponding disturbed verification code is obtained. Each disturbing process is associated with a respective verification input requirement. The original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols. The verification input requirement is used for prompting users of a terminal the requirements for inputting the information corresponding to the disturbed verification code. The disturbing process includes at least a disturbing edit to contents of the sentence or phrase. In this embodiment, it is possible that the disturbed verification code generated from the original verification code and/or the verification input requirement corresponding to the disturbing process (or the disturbed verification code) is pre-stored in the verification information database.
According to an example of this embodiment, the disturbing edit to contents of the sentence or phrase in the original verification code includes shuffling the words, characters and/or symbols in the sentence or phrase. The shuffling may be performed by a server automatically or by an operator manually. When performed by a server automatically, the shuffling may include dividing the sentence or phrase into separate portions and recombining the portions according to a random or predetermined order. The dividing of the sentence or phrase may be performed according to a random or predetermined order. Taking an original verification code "security center reminds you: do not easily trust unknown incoming calls." for example, the sentence of the original verification code may be divided, on a basis that two Chinese characters are used as a divided portion, into portions "security", "center", "reminds", "you:", "do not", "easily", "trust", "unknown", "incoming calls", Then, the order of the portions is randomly disturbed to form a disturbed verification code "reminds security center you: trust do not. incoming calls unknown easily". The verification input requirement corresponding to the disturbing verification code may be "please recombine the following sentence".
According to an example of this embodiment, the disturbing edit to contents of the sentence or phrase in the original verification code includes omitting a word and/or character from the sentence or phrase. Similarly, the omitting may be performed by a server automatically or by an operator manually. When performed by a server automatically, the omitting may include dividing the sentence or phrase in the original verification code into separate portions and omitting a portion at a predetermined position in the sentence or phrase or randomly omitting at least one portion in the sentence or phrase. Taking an original verification code "the cleverest housewife cannot cook a meal without rice" (a well-known Chinese proverb) as an example, a disturbed verification code "the cleverest housewife cannot cook a without " may be generated by randomly omitting the words "meal" and "rice" from the sentence of the original verification code. The verification input requirement corresponding to the disturbing verification code may be "please fill the blank".
According to an example of this embodiment, the disturbing edit to contents of the sentence or phrase in the original verification code includes transforming the sentence or phrase in the original verification code into a corresponding question. The transforming process may be implemented by an operator of the server. The transformed question may be in a form such as a multiple-choice question, an error correction question, a true-or-false question, etc. Taking an original verification code "The four municipalities directly under the Central Government of China are Beijing, Tianjin, Shanghai, Chongqing" as an example, the disturbed verification code formed by transforming the original verification code may be "The four municipalities directly under the Central Government of China are A. Chongqing, B. Beijing, C. Shenzhen, D. Shanghai, E. Tianjin", and the verification input requirement corresponding to the disturbing verification code may be "please select the correct items".
It is also anticipated for those skilled in the art that the disturbing edit may also be, for example, blocking at least one word or character in the sentence or phrase in the original verification code, or replacing at least one word or character in the sentence or phrase in the original verification code by an expression in another form, such as a picture.
After the disturbed verification code is generated, the server may add the disturbed verification code into a preset background image so as to use the background image added with the disturbed verification code as the verification image.
At step S303, the verification image and the verification input requirement corresponding to the disturbing process and thus the disturbing verification code are sent to the terminal.
The server may send the verification image and the verification input requirement to the terminal in a wired or wireless manner after the verification image is generated. The wireless manner includes, but is not limited to, 3G connection, WiMAX connection, Zigbee connection. The terminal receives and displays on a screen the verification image and the verification input requirement for recognizing by the terminal user.
At step S304, user input information corresponding to the verification image sent from the terminal is received.
In this embodiment, after presenting the verification image and the verification input requirement on the terminal, the terminal obtains the user input information corresponding to the verification image inputted in a verification input box by the terminal user, and sends the user input information to the server. Thereafter, the server receives the user input information.
At step S305, it is determined whether the user input information matches the original verification code. If it is the case, the verification is successful.
After the user input information corresponding to the verification image sent from the terminal is received, the server identifies whether the user input information is consistent with a pre-stored verification answer corresponding to the disturbing process. If it is the case, it is determined that the user input information matches the original verification code and the verification is successful. For example, if the original verification code is "The four municipalities directly under the Central Government of China are Beijing, Tianjin, Shanghai, Chongqing" and the generated disturbed verification code is "The four municipalities directly under the Central Government of China are A. Chongqing, B . Beijing, C. Shenzhen, D. Shanghai, E. Tianjin", the pre-stored verification answer corresponding to the disturbing process is a string formed by A (or a), B (or b), D (or d) and E (or e) in any sequence. Once a user input information "adEB" is received, the server identifies that the user input information "adEB" is consistent with the pre-stored verification answer corresponding to the disturbing process, and thus determines it matches the original verification code "The four municipalities directly under the Central Government of China are Beijing, Tianjin, Shanghai, Chongqing" and the verification is successful.
In the first embodiment of the disclosure, verification to the terminal is achieved by sending a verification image containing a disturbed verification code, receiving user input information corresponding to the verification image from the terminal, and determining whether the user input information matches the original verification code. According to the first embodiment of the disclosure, the terminal user needs to spend a time period for identifying the disturbed verification code, thus the difficulty for recognizing the verification code by an automaton is efficiently increased, and the efficiency for recognizing the disturbed verification code by malicious users who perform a number of registration, log-in or other malicious actions is reduced.
Figs. 4-6 illustrate a second embodiment of the disclosure.
Fig. 4 is a flow diagram showing a method for verification using a verification code according to a second embodiment of the disclosure. The method according to this embodiment may be used by a server to implement the verification using a verification code. The server includes, but is not limited to, a website server, an Enterprise Source Planning (EPR) server, and an Office Automation (OA) server. Referring to Fig. 4, the method includes the following steps.
At step S401, an original verification code is retrieved from a verification information database.
At step S402, a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code is generated.
In this embodiment, at least one set of original verification codes are stored in the verification information database. For each original verification code, a disturbing process may be performed so that a corresponding disturbed verification code is obtained. Each disturbing process is associated with a respective verification input requirement, a verification answer and an answer prompt. The original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols. The verification input requirement is used for prompting users the requirements for inputting the information corresponding to the disturbed verification code. The answer prompt is information corresponding to the original verification code which facilitates the user to identify the information contained in the disturbed verification code. The disturbing process includes at least a disturbing edit to contents of the sentence or phrase. In this embodiment, it is possible that the disturbed verification code generated from the original verification code and/or the verification input requirement corresponding to the disturbing process (or the disturbed verification code) is pre-stored in the verification information database. The disturbing process has been described in detail with reference to the first embodiment, and thus is omitted here.
Fig. 5 is a flow diagram showing a process for generating the verification image according to the second embodiment of the disclosure. Referring to Fig. 5, the step S402 includes the following sub-steps.
At sub-step S4021, a disturbed verification code is generated by performing a disturbing process on the original verification code retrieved from the verification information database.
At sub-step S4022, font properties are set for the disturbed verification code.
At sub-step S4023, the disturbed verification code whose font properties have been set and disturbing information are added to a preset background image, so that the background image, added with the disturbed verification code whose font properties have been set and the disturbing information, is used as the verification image.
The setting of font properties for the disturbed verification code performed by the server may include: setting different font properties for respective words, characters and/or symbols in the disturbed verification code, the font properties including a font style, a font size and/or a font color. The disturbing information includes but is not limited to a randomly generated noise, curve and/or geometric graph. When adding the disturbed verification code whose font properties have been set and the disturbing information into the preset background image, the disturbed verification code may be located laterally, longitudinally or rotationally by a preset angle. Although both setting font properties for the disturbed verification code and adding disturbing information into the preset background image are described in the flowchart shown in Fig. 5, it is anticipated for those skilled in the art that setting font properties for the disturbed verification code and adding disturbing information into the preset background image do not necessarily co-exist. The generating process of the verification image may include only one of setting font properties for the disturbed verification code and adding disturbing information into the preset background image. Fig. 6(a) is a schematic interface of a verification image generated according to the second embodiment of the disclosure, and Fig. 6(b) is a schematic interface of another verification image generated according to the second embodiment of the disclosure;
At step S403, the verification image and the verification input requirement are sent to the terminal.
This step is the same as the step S303 in the first embodiment, and the description thereof is omitted here.
At step S404, user input information corresponding to the verification image sent from the terminal is received.
This step is the same as the step S304 in the first embodiment, and the description thereof is omitted here.
At step S405, it is determined whether the user input information matches the original verification code. If it is the case, the process goes to the step S406; otherwise, the process goes to the step S407.
Upon receiving the user input information corresponding to the verification image sent from the terminal, the server identifies whether the user input information is consistent with a pre-stored verification answer corresponding to the disturbing process. If it is the case, it is determined that the user input information matches the original verification code; otherwise, it is determined that the user input information does not match the original verification code.
At step S406, it is determined that the verification is successful.
When the server determines that the user input information matches the original verification code, it is determined that the verification is successful. Meanwhile, a verification success message may be sent to the terminal and then the process ends.
At step S407, a verification failure message and an answer prompt corresponding to the original verification code are sent to the terminal.
Considering terminal users may have different capability for recognizing the disturbed verification code, a verification failure message may be sent to the terminal together with an answer prompt corresponding to the original verification code if it is determined by the server that the user input information does not match the original verification code. For example, if the original verification code is "The four municipalities directly under the Central Government of China are Beijing, Tianjin, Shanghai, Chongqing" and the generated disturbed verification code is "The four municipalities directly under the Central Government of China are A. Chongqing, B. Beijing, C. Shenzhen, D. Shanghai, E. Tianjin", the pre-stored verification answer corresponding to the disturbing process is a string formed by A (or a), B (or b), D (or d) and E (or e) in any sequence. If a user input information "BCDE" is received, the server identifies that the user input information is not consistent with the pre-stored verification answer corresponding to the disturbing process, and thus the verification fails. In this case, the server may retrieve from the verification information database the answer prompt corresponding to the disturbing process and sends the answer prompt to the terminal together with a verification failure message. Then, the server receives the user input information input from the terminal again. The answer prompt may be "the four municipalities directly under the Central Government of China are Jing, Jin, Hu, Yu in short", and the verification failure message may be "Failure. Please enter again.".
According to an example of this embodiment, if it determined that the user input information input from the terminal again still does not match the original verification code, another disturbed verification code is generated and sent to the terminal.
In the second embodiment of the disclosure, a font property setting is performed to the disturbed verification code and/or disturbing information is added into the verification image, further increasing the difficulty for recognizing the verification code by an automaton, and reducing the efficiency for recognizing the disturbed verification code by malicious users who perform a number of registration, log-in or other malicious actions. The successful rate for recognizing the disturbed verification by the terminal user is increased by sending the verification failure message and the answer prompt corresponding to the disturbing process when the verification fails.
Fig. 7 illustrates a third embodiment of the disclosure.
Fig. 7 is a schematic block view of an apparatus for verification using a verification code according to a third embodiment of the disclosure. Referring to Fig. 7, the apparatus may include : a retrieving module 701 configured to retrieve an original verification code from a verification information database; a generating module 702 configured to generate a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code; a sending module 703 configured to send the verification image and verification input requirement corresponding to the disturbing process to the terminal; a receiving module 704 configured to receive user input information from the terminal; and a determining module 705 configured to determine whether the user input information matches the original verification code. If it is determined the user input information matches the original verification code, the verification is successful.
In this embodiment, at least one set of original verification codes are stored in the verification information database. For each original verification code, a disturbing process may be performed so that a corresponding disturbed verification code is obtained. Each disturbing process is associated with a respective verification input requirement. The original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols. The verification input requirement is used for prompting users the requirements for inputting the information corresponding to the disturbed verification code. The disturbing process includes at least a disturbing edit to contents of the sentence or phrase. In this embodiment, it is possible that the disturbed verification code generated from the original verification code and/or the verification input requirement corresponding to the disturbing process (or the disturbed verification code) is pre-stored in the verification information database.
According to an example of this embodiment, the disturbing edit to contents of the sentence or phrase in the original verification code includes shuffling the words, characters and/or symbols in the sentence or phrase. The shuffling may be performed by a server automatically or by an operator manually. When performed by a server automatically, the apparatus further includes a shuffling module (not shown) for shuffling the words, characters and/or symbols in the sentence or phrase in the original verification code. Specifically, the shuffling includes dividing the sentence or phrase into separate portions; and recombining the portions according to a random or predetermined order. When dividing the sentence or phrase, the shuffling module may divide the sentence or phrase according to a random or predetermined order. Taking an original verification code "security center reminds you: do not easily trust unknown incoming calls." for example, the shuffling module may firstly divide the sentence of the original verification code, on a basis that two Chinese characters are used as a divided portion, into portions "security", "center", "reminds", "you:", "do not", "easily", "trust", "unknown", "incoming calls", Then, the order of the portions is randomly disturbed to form a disturbed verification code "reminds security center you: trust do not. incoming calls unknown easily". The verification input requirement corresponding to the disturbing verification code may be "please recombine the following sentence".
According to an example of this embodiment, the disturbing edit to contents of the sentence or phrase in the original verification code includes omitting a word and/or character from the sentence or phrase. Similarly, the omitting may be performed by a server automatically or by an operator manually. If performed by a server automatically, the apparatus further includes an omitting module (not shown) for omitting a word and/or character from the sentence or phrase. The omitting may include dividing the sentence or phrase in the original verification code into separate portions; and omitting a portion at a predetermined position in the sentence or phrase or randomly omitting at least one portion in the sentence or phrase. Taking an original verification code "the cleverest housewife cannot cook a meal without rice" (a well-known Chinese proverb) as an example, a disturbed verification code "the cleverest housewife cannot cook a without " may be generated by randomly omitting the words "meal" and "rice" from the sentence of the original verification code by the omitting module. The verification input requirement corresponding to the disturbing verification code may be "please fill the blank".
According to an example of this embodiment, the disturbing edit to contents of the sentence or phrase in the original verification code includes transforming the sentence or phrase in the original verification code into a corresponding question. The transforming process may be implemented by an operator of the server. The transformed question may be in a form such as a multiple-choice question, an error correction question, a true-or-false question, etc. Taking an original verification code "The four municipalities directly under the Central Government of China are Beijing, Tianjin, Shanghai, Chongqing" as an example, the disturbed verification code formed by transforming the original verification code may be "The four municipalities directly under the Central Government of China are A. Chongqing, B. Beijing, C. Shenzhen, D. Shanghai, E. Tianjin", and the verification input requirement corresponding to the disturbing verification code may be "please select the correct items". It is also anticipated for those skilled in the art that the disturbing edit could also be, for example, blocking at least one word or character in the sentence or phrase in the original verification code, or replacing at least one word or character in the sentence or phrase in the original verification code by an expression in another form, such as a picture.
In this embodiment, the generating module 702 may include a verification code addition sub-module 7021 for adding the disturbed verification code into a preset background image so as to use the background image added with the disturbed verification code as the verification image.
In this embodiment, after the verification image is generated by the generation module 702, the sending module 703 may send the verification image and the verification input requirement to the terminal in a wired or wireless manner after the verification image is generated. The wireless manner includes, but is not limited to, 3G connection, WiMAX connection, Zigbee connection. The terminal receives and displays on a screen the verification image and the verification input requirement for recognizing by the terminal user.
In this embodiment, after presenting the verification image and the verification input requirement on the terminal, the terminal obtains the user input information corresponding to the verification image inputted in a verification input box by the terminal user, and sends the user input information to the apparatus. Thereafter, the receiving module 704 in the apparatus receives the user input information.
After the user input information corresponding to the verification image sent from the terminal is received by the receiving module 704, the determining module 705 determines whether the user input information is consistent with a pre-stored verification answer corresponding to the disturbing process. If it is the case, it is determined that the user input information matches the original verification code and the verification is successful.
The third embodiment of the disclosure provides an apparatus for verification using a verification code, which corresponds to the method for verification using a verification code disclosed in the first embodiment. Contents which have not described in detail here may be found in the first embodiment.
In the third embodiment of the disclosure, verification to the terminal is achieved by sending a verification image containing a disturbed verification code, receiving user input information corresponding to the verification image from the terminal, and determining whether the user input information matches the original verification code. According to the third embodiment of the disclosure, the terminal user needs to spend a time period for identifying the disturbed verification code, thus the difficulty for recognizing the verification code by an automaton is efficiently increased, and the efficiency for recognizing the disturbed verification code by malicious users who perform a number of registration, log-in or other malicious actions is reduced.
Fig. 8 illustrates a fourth embodiment of the disclosure.
Fig. 8 is a schematic block view of an apparatus for verification using a verification code according to a third embodiment of the disclosure. Referring to Fig. 8, the apparatus includes: a retrieving module 801 configured to retrieve an original verification code from a verification information database; a generating module 802 configured to generate a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code; a sending module 803 configured to send the verification image and verification input requirement corresponding to the disturbing process to the terminal; a receiving module 804 configured to receive user input information from the terminal; and a determining module 805 configured to determine whether the user input information matches the original verification code. If it is determined the user input information matches the original verification code, the verification is successful.
In this embodiment, at least one set of original verification codes are stored in the verification information database. For each original verification code, a disturbing process may be performed so that a corresponding disturbed verification code is obtained. Each disturbing process is associated with a respective verification input requirement, a verification answer and an answer prompt. The original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols. The verification input requirement is used for prompting users the requirements for inputting the information corresponding to the disturbed verification code. The answer prompt is information corresponding to the original verification code which facilitates the user to identify the information contained in the disturbed verification code. The disturbing process includes at least a disturbing edit to contents of the sentence or phrase. In this embodiment, it is possible that the disturbed verification code generated from the original verification code and/or the verification input requirement corresponding to the disturbing process (or the disturbed verification code) is pre-stored in the verification information database. The disturbing process has been described in detailed with reference to the first embodiment, and thus is omitted here.
In this embodiment, the generating module 802 may include a property setting sub-module 8021 for setting font properties of the disturbed verification code; a verification code addition sub-module 8022 for adding the disturbed verification code, in which the font properties have been set, into a preset background image; and a disturbing information adding sub-module 8023 for adding disturbing information into the preset background image, so that the background image added with the disturbed verification code, in which the font properties have been set, and the disturbing information is used as the verification image.
The property setting sub-module 8021 sets font properties for the disturbed verification code performed by the server, including setting different font properties for respective words, characters and/or symbols in the disturbed verification code, the font properties including a font style, a font size and/or a font color. The disturbing information includes but is not limited to a randomly generated noise, curve and/or geometric graph. When adding the disturbed verification code whose font properties have been set into the preset background image, the verification code addition sub-module 8022 may locate the disturbed verification code laterally, longitudinally or rotationally by a preset angle. Although both the property setting sub-module 8021 and the disturbing information adding sub-module 8023 are included in the generating module 802 in the apparatus as shown in Fig. 8, it is anticipated for those skilled in the art that the generating module 802 may include only one of the property setting sub-module 8021 and the disturbing information adding sub-module 8023. In addition, although the verification code addition sub-module 8022 and the disturbing information adding sub-module 8023 included in the generating module 802 are shown as two separate units in Fig. 8, the verification code addition sub-module 8022 and the disturbing information adding sub-module 8023 may be implemented in a single unit.
In this embodiment, the determining module 805 may include a determining sub-module 8051 for determining, after the user input information corresponding to the verification image sent from the terminal is received by the receiving module 804, whether the user input information is consistent with the verification answer corresponding to the original verification code. If it is the case, it is determined that the verification is successful; otherwise, it is determined that the verification fails.
The determining module 805 may further include a sending sub-module 8052 for sending a failure message and the answer prompt corresponding to the original verification code to the terminal when the determining sub-module 8051 determines that the verification fails.
Considering terminal users may have different capability for recognizing the disturbed verification code, the sending sub-module 8052 may send a verification failure message to the terminal together with an answer prompt corresponding to the original verification code after it is determined by the determining sub-module 8051 that the user input information does not match the original verification code.
According to an example of this embodiment, if it determined by the determining sub-module 8051 that the user input information input from the terminal again still does not match the original verification code and the verification fails again, a control signal may be sent to the generating module 802 instructing the generating module 802 to generate another disturbed verification code for sending to the terminal.
The fourth embodiment of the disclosure provides an apparatus for verification using a verification code, which corresponds to the method for verification using a verification code disclosed in the second embodiment. Contents which have not described in detail may be found in the second embodiment.
In the fourth embodiment of the disclosure, a font property setting is performed to the disturbed verification code and/or disturbing information is added into the verification image, further increasing the difficulty for recognizing the verification code by an automaton, and reducing the efficiency for recognizing the disturbed verification code by malicious users who perform a number of registration, log-in or other malicious actions. The successful rate for recognizing the disturbed verification by the terminal user is increased by sending the verification failure message and the answer prompt corresponding to the disturbing process when the verification fails.
Fig. 9 illustrates a fifth embodiment of the disclosure.
Fig. 9 is a schematic block view of a system for verification using a verification code according to a fifth embodiment of the disclosure. Referring to Fig. 9, the system may include a server 901 and a terminal 902.
The server 901 retrieves an original verification code from a verification information database, generates a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code.
The server 901 sends the verification image and verification input requirement corresponding to the disturbing process to the terminal 902.
The terminal 902 presents the verification image and the verification input requirement sent from the server 901, obtains user input information corresponding to the verification image, and sends the user input information to the server 901.
The server 901 determines whether the user input information matches the original verification code upon receiving the user input information from the terminal. If it is the case, the verification is successful.
In this embodiment, at least one set of original verification codes are stored in the verification information database. For each original verification code, a disturbing process may be performed so that a corresponding disturbed verification code is obtained. Each disturbing process is associated with a respective verification input requirement. The original verification code includes a sentence or phrase composed of a plurality of words, characters and/or symbols. The verification input requirement is used for prompting users the requirements for inputting the information corresponding to the disturbed verification code. In this embodiment, it is possible that the disturbed verification code generated from the original verification code and/or the verification input requirement corresponding to the disturbing process (or the disturbed verification code) is pre-stored in the verification information database. The disturbing process includes at least a disturbing edit to contents of the sentence or phrase.
In this embodiment, the server 901 includes, but is not limited to, a website server, an Enterprise Source Planning (EPR) server, and an Office Automation (OA) server. The terminal 902 may be an electronic device that interacts with the terminal user, such as cell phone, laptop computer, tablet computer, personal computer, personal digital assistance, and the like. The server 901 may be connected with the terminal 902 via a wired or wireless network. The data transmission between the server 901 and the terminal 902 may be implemented based on HTTP protocol, TCP/IP protocol, UDP protocol, etc.
The fifth embodiment of the disclosure provides a system for verification using a verification code, which corresponds to the method for verification using a verification code disclosed in the second embodiment. Contents which have not described in detail may be found in the second embodiment.
In the fifth embodiment of the disclosure, verification to the terminal is achieved by setting font properties of the disturbed verification code, receiving user input information corresponding to the verification image from the terminal, and determining whether the user input information matches the original verification code. According to the fifth embodiment of the disclosure, the terminal user needs to spend a time period for identifying the disturbed verification code, thus the difficulty for recognizing the verification code by an automaton is efficiently increased, and the efficiency for recognizing the disturbed verification code by malicious users who perform a number of registration, log-in or other malicious actions is reduced.
All or part of the technical solutions disclosed above may be implemented by software program. The software program may be stored in non-transitory computer-readable medium such as a hard disk, a read-only memory (ROM), an optical disk or a floppy disk.
The above described embodiments are merely illustrative instead of limiting. Any modifications, equivalent alternations and improvements that are made within the spirit and scope of the appended claims should be included in the scope of the invention.

Claims

What is claimed is:
1. A method for verifying a terminal using a verification code, the method comprising:
retrieving an original verification code from a verification information database; generating a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code;
sending the verification image and verification input requirement corresponding to the disturbing process to the terminal;
receiving user input information from the terminal; and
determining whether the user input information matches the original verification code,
wherein the original verification code comprises a sentence or phrase composed of a plurality of words, characters and/or symbols, and the disturbing process comprises at least a disturbing edit to contents of the sentence or phrase.
2. The method according to claim 1, wherein the disturbing edit to contents of the sentence or phrase comprises shuffling the words, characters and/or symbols in the sentence or phrase.
3. The method according to claim 2, wherein the shuffling comprises:
dividing the sentence or phrase into separate portions; and
recombining the portions according to a random or predetermined order.
4. The method according to claim 1, wherein the disturbing edit to contents of the sentence or phrase comprises omitting a word and/or character from the sentence or phrase.
5. The method according to claim 4, wherein the omitting comprises:
dividing the sentence or phrase into separate portions; and
omitting a portion at a random or predetermined position in the sentence or phrase.
6. The method according to claim 1, wherein generating the verification image comprises:
adding the disturbed verification code into a preset background image so as to use the background image added with the disturbed verification code as the verification image.
7. The method according to claim 6, wherein generating the verification image further comprises:
setting font properties of the disturbed verification code.
8. The method according to claim 7, wherein setting font properties of the disturbed verification code comprises:
setting different font properties for respective words, characters and/or symbols in the disturbed verification code, the font properties including a font style, a font size and/or a font color.
9. The method according to claim 6, wherein generating the verification image further comprises:
adding disturbing information into the preset background image, the disturbing information including a randomly generated noise, curve and/or geometric graph.
10. The method according to claim 1, wherein the verification information database further stores a verification answer and an answer prompt corresponding to the original verification code.
11. The method according to claim 10, wherein determining whether the user input information matches the original verification code comprises determining whether the user input information is the verification answer corresponding to the original verification code, and
wherein the method further comprises:
sending a failure message and the answer prompt corresponding to the original verification code to the terminal if it is determined that the user input information is not the verification answer corresponding to the original verification code.
12. An apparatus for verifying a terminal using a verification code, the apparatus comprising:
a retrieving module configured to retrieve an original verification code from a verification information database;
a generating module configured to generate a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code;
a sending module configured to send the verification image and verification input requirement corresponding to the disturbing process to the terminal;
a receiving module configured to receive user input information from the terminal; and
a determining module configured to determine whether the user input information matches the original verification code,
wherein the original verification code comprises a sentence or phrase composed of a plurality of words, characters and/or symbols, and the disturbing process comprises at least a disturbing edit to contents of the sentence or phrase.
13. The apparatus according to claim 12, wherein the disturbing edit to contents of the sentence or phrase comprises shuffling the words, characters and/or symbols in the sentence or phrase.
14. The apparatus according to claim 13, further comprising:
a shuffling module configured to shuffle the words, characters and/or symbols in the sentence or phrase, wherein the shuffling comprises dividing the sentence or phrase into separate portions, and recombining the portions according to a random or predetermined order.
15. The apparatus according to claim 12, wherein the disturbing edit to contents of the sentence or phrase comprises omitting a word and/or character from the sentence or phrase.
16. The apparatus according to claim 15, further comprising:
an omitting module configured to omitting a word and/or character from the sentence or phrase, wherein the omitting comprises dividing the sentence or phrase into separate portions, and omitting a portion at a random or predetermined position in the sentence or phrase.
17. The apparatus according to claim 12, wherein the generating module comprises:
a verification code adding sub-module configured to add the disturbed verification code into a preset background image so as to use the background image added with the disturbed verification code as the verification image.
18. The apparatus according to claim 17, wherein the generating module further comprises:
a property setting sub-module configured to set font properties of the disturbed verification code.
19. The apparatus according to claim 18, wherein the property setting sub-module is configured to set different font properties for respective words, characters and/or symbols in the disturbed verification code, the font properties including a font style, a font size and/or a font color.
20. The apparatus according to claim 17, wherein the generating module further comprises:
a disturbing information adding sub-module configured to add disturbing information into the preset background image, the disturbing information including a randomly generated noise, curve and/or geometric graph.
21. The apparatus according to claim 12, wherein the verification information database further stores a verification answer and an answer prompt corresponding to the original verification code.
22. The apparatus according to claim 21, wherein the determining module comprises:
a determining sub-module configured to determine whether the user input information is the verification answer corresponding to the original verification code, and
a sending sub-module configured to send a failure message and the answer prompt corresponding to the original verification code to the terminal when the determining sub-module determines that the user input information is not the verification answer corresponding to the original verification code.
23. A system for verifying a terminal using a verification code, the system comprising a server and the terminal, wherein
the server is configured to retrieve an original verification code from a verification information database, generate a verification image which includes a disturbed verification code obtained by performing a disturbing process on the original verification code, and send the verification image and verification input requirement corresponding to the disturbing process to the terminal;
the terminal is configured to present the verification image and the verification input requirement sent from the server, obtain user input information corresponding to the verification image, and send the user input information to the server;
the server is further configured to determine whether the user input information matches the original verification code upon receiving the user input information, wherein the original verification code comprises a sentence or phrase composed of a plurality of words, characters and/or symbols, and the disturbing process comprises at least a disturbing edit to contents of the sentence or phrase.
24. A non-transitory computer-readable medium having computer-readable instructions stored thereon to implement the method of any of claims 1 to 11.
PCT/CN2014/081777 2013-07-08 2014-07-07 Method, apparatus and system for verification using verification code WO2015003599A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310284572.2 2013-07-08
CN201310284572.2A CN104283682A (en) 2013-07-08 2013-07-08 Method, device and system conducting verification through verification codes

Publications (1)

Publication Number Publication Date
WO2015003599A1 true WO2015003599A1 (en) 2015-01-15

Family

ID=52258195

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/081777 WO2015003599A1 (en) 2013-07-08 2014-07-07 Method, apparatus and system for verification using verification code

Country Status (2)

Country Link
CN (1) CN104283682A (en)
WO (1) WO2015003599A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170300676A1 (en) * 2015-04-16 2017-10-19 Tencent Technology (Shenzhen) Company Limited Method and device for realizing verification code
CN110942062A (en) * 2019-11-21 2020-03-31 网易(杭州)网络有限公司 Image verification code generation method, medium, device and computing equipment
CN111652958A (en) * 2020-06-04 2020-09-11 通华财富(上海)基金销售有限公司 Enhanced graphic verification code generation method and device and storage medium
CN112203277A (en) * 2020-09-21 2021-01-08 咪咕文化科技有限公司 Route generation method, verification method, server and electronic equipment
CN115150186A (en) * 2022-07-27 2022-10-04 张瑜 Verification code verification method, system, electronic equipment and storage medium

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106157348A (en) * 2015-03-30 2016-11-23 阿里巴巴集团控股有限公司 Generate the method and device of identifying code picture, the method and device of verification identifying code
CN106161388B (en) * 2015-04-16 2020-07-28 深圳市腾讯计算机系统有限公司 Information verification method, server and system
CN106060000B (en) * 2016-05-06 2020-02-07 青岛海信移动通信技术股份有限公司 Method and equipment for identifying verification information
CN106341422B (en) * 2016-10-31 2020-09-29 深圳中兴网信科技有限公司 Verification method, verification device, terminal and server
CN106899411B (en) * 2016-12-08 2021-09-21 创新先进技术有限公司 Verification method and device based on verification code
CN107622194A (en) * 2016-12-11 2018-01-23 卢安迪 A kind of dynamic barriers ocra font ocr string graphic verification code verification method
CN107769929A (en) * 2017-10-25 2018-03-06 中国银行股份有限公司 Identifying code complexity method of adjustment and server
CN109815658A (en) * 2018-12-14 2019-05-28 平安科技(深圳)有限公司 A kind of verification method and device, computer equipment and computer storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070201745A1 (en) * 2006-01-31 2007-08-30 The Penn State Research Foundation Image-based captcha generation system
CN102724191A (en) * 2012-06-11 2012-10-10 华南理工大学 Safe protecting method and device for Web verification code with combined picture and characters
CN102768754A (en) * 2012-08-03 2012-11-07 网易(杭州)网络有限公司 Method and device for implementation of picture verification code
CN103093138A (en) * 2013-01-05 2013-05-08 中国传媒大学 Authentication method and system for CAPTCHA Turing test based on static characters

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101179381B (en) * 2006-11-07 2010-11-03 阿里巴巴集团控股有限公司 Method and device for validating information
US20090012855A1 (en) * 2007-07-06 2009-01-08 Yahoo! Inc. System and method of using captchas as ads
CN102075507A (en) * 2010-07-30 2011-05-25 百度在线网络技术(北京)有限公司 User verification method and equipment based on word-sentence verification diagram
CN102957682A (en) * 2011-08-30 2013-03-06 北京百度网讯科技有限公司 Method and equipment for providing picture verification code based on verification security level
CN102710607A (en) * 2012-05-10 2012-10-03 北京像素软件科技股份有限公司 Security verification method based on graphic marker

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070201745A1 (en) * 2006-01-31 2007-08-30 The Penn State Research Foundation Image-based captcha generation system
CN102724191A (en) * 2012-06-11 2012-10-10 华南理工大学 Safe protecting method and device for Web verification code with combined picture and characters
CN102768754A (en) * 2012-08-03 2012-11-07 网易(杭州)网络有限公司 Method and device for implementation of picture verification code
CN103093138A (en) * 2013-01-05 2013-05-08 中国传媒大学 Authentication method and system for CAPTCHA Turing test based on static characters

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170300676A1 (en) * 2015-04-16 2017-10-19 Tencent Technology (Shenzhen) Company Limited Method and device for realizing verification code
US10769253B2 (en) * 2015-04-16 2020-09-08 Tencent Technology (Shenzhen) Company Limited Method and device for realizing verification code
CN110942062A (en) * 2019-11-21 2020-03-31 网易(杭州)网络有限公司 Image verification code generation method, medium, device and computing equipment
CN110942062B (en) * 2019-11-21 2022-12-23 杭州网易智企科技有限公司 Image verification code generation method, medium, device and computing equipment
CN111652958A (en) * 2020-06-04 2020-09-11 通华财富(上海)基金销售有限公司 Enhanced graphic verification code generation method and device and storage medium
CN112203277A (en) * 2020-09-21 2021-01-08 咪咕文化科技有限公司 Route generation method, verification method, server and electronic equipment
CN112203277B (en) * 2020-09-21 2024-03-15 咪咕文化科技有限公司 Route generation method, verification method, server and electronic equipment
CN115150186A (en) * 2022-07-27 2022-10-04 张瑜 Verification code verification method, system, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN104283682A (en) 2015-01-14

Similar Documents

Publication Publication Date Title
WO2015003599A1 (en) Method, apparatus and system for verification using verification code
US10432603B2 (en) Access to documents in a document management and collaboration system
US9178866B2 (en) Techniques for user authentication
US10419418B2 (en) Device fingerprint based authentication
US10313882B2 (en) Dynamic unlock mechanisms for mobile devices
US9491155B1 (en) Account generation based on external credentials
US9514333B1 (en) Secure remote application shares
US9246897B2 (en) Method and system of login authentication
US11055397B2 (en) Methods, mediums, and systems for establishing and using security questions
US11689512B2 (en) Access key retrieval service for clients
WO2015032281A1 (en) Method and system for generating and processing challenge-response tests
US10893052B1 (en) Duress password for limited account access
US11805120B1 (en) Audio tokens for multi-factor authentication
US11222099B2 (en) Methods, systems, and media for authenticating users using blockchains
US11962842B1 (en) Formulation and display of wireless connection credentials
US20220207131A1 (en) Secure authentication for young learners
WO2022079657A1 (en) A method and system for authenticating a user
CN115134100A (en) Multimedia session access method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14823788

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 23/05/2016)

122 Ep: pct application non-entry in european phase

Ref document number: 14823788

Country of ref document: EP

Kind code of ref document: A1