WO2015032281A1 - Procédé et système de génération et de traitement d'essais défi-réponse - Google Patents

Procédé et système de génération et de traitement d'essais défi-réponse Download PDF

Info

Publication number
WO2015032281A1
WO2015032281A1 PCT/CN2014/085115 CN2014085115W WO2015032281A1 WO 2015032281 A1 WO2015032281 A1 WO 2015032281A1 CN 2014085115 W CN2014085115 W CN 2014085115W WO 2015032281 A1 WO2015032281 A1 WO 2015032281A1
Authority
WO
WIPO (PCT)
Prior art keywords
answer
user
image
challenge
question
Prior art date
Application number
PCT/CN2014/085115
Other languages
English (en)
Inventor
Huazhong LIU
Original Assignee
Tencent Technology (Shenzhen) Company Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology (Shenzhen) Company Limited filed Critical Tencent Technology (Shenzhen) Company Limited
Publication of WO2015032281A1 publication Critical patent/WO2015032281A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Definitions

  • the present disclosure relates to the field of computer data processing technologies, and in particular, to a method and system for generating and processing a challenge response test.
  • CAPTCHA Completely Automated Public Turing test to tell Computers and Humans Apart
  • CAPTCHA generation and verification technology is used to prevent malicious behavior such as cracking of a website password, automatic voting, and flooding of forum websites.
  • CAPTCHA generation and verification technology may effectively prevent a hacker from making repeated login attempts targeting a specific user in a brute-force type attack.
  • An existing CAPTCHA generation and verification process is as follows: A system generates a string of random characters, generates a corresponding CAPTCHA image and an encrypted character string from the random characters by a specific rule, and then presents the CAPTCHA image and saves the encrypted character string on the system.
  • CAPTCHA image The user's terminal then submits the character string input by the user and the encrypted character string to a backend system for verification, where if the character string input by the user and the encrypted character string are consistent, the verification succeeds, and otherwise, the verification fails.
  • the prior art has the following technical defects:
  • the prior art is readily susceptible to brute-force attacks and provides minimal security.
  • a hacker can recognize a character string the same as or similar to a character string in a CAPTCHA image very easily by using an image recognition technology.
  • the hacker's image recognition technology recognizes 20 similar character strings from the CAPTCHA image, and transfers the 20 character strings to the backend system sequentially for verification.
  • the CAPTCHA may be successfully cracked after the 20 sequential verification attempts.
  • the embodiments of the present disclosure provide methods and systems for authenticating a user to use a service by generating a challenge-response test (e.g., a
  • the challenge-response test is generated by the service itself (e.g., server system 108, Figures 1-2). In some embodiments, the challenge-response test is generated for the service by another party (e.g., generation service 122, Figures 1 and 4).
  • a method of authenticating a user to use a service is performed at a server system (e.g., server system 108, Figures 1-2) with one or more processors and memory.
  • the method includes: generating a question for a challenge-response test and an answer to the question; encrypting the answer; generating an image for the challenge-response test, where the image includes the question in a human-readable form; and sending, to a client device associated with the user, authentication information including the encrypted answer and the generated image for the challenge-response test in order to authenticate the user to use the service.
  • a computer system e.g., server system 108 ( Figures 1-
  • client device 104 ( Figures 1 and 3), generation service 122 ( Figures 1 and 4), or a combination thereof) includes one or more processors and memory storing one or more programs for execution by the one or more processors, the one or more programs include instructions for performing, or controlling performance of, the operations of any of the methods described herein.
  • a non-transitory computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which, when executed by a computer system (e.g., server system 108 ( Figures 1-2), client device 104 ( Figures 1 and 3), generation service 122 ( Figures 1 and 4), or a combination thereof) with one or more processors, cause the computer system to perform, or control performance of, the operations of any of the methods described herein.
  • a computer system e.g., server system 108 ( Figures 1-2), client device 104 ( Figures 1 and 3), generation service 122 ( Figures 1 and 4), or a combination thereof
  • Figure 1 is a block diagram of a server-client environment in accordance with some embodiments.
  • FIG. 2 is a block diagram of a server system in accordance with some embodiments.
  • Figure 3 is a block diagram of a client device in accordance with some embodiments.
  • Figure 4 is a block diagram of an external service in accordance with some embodiments.
  • FIGS 5A-5C illustrate exemplary user interfaces for a challenge-response test (e.g., a CAPTCHA image) in accordance with some embodiments.
  • a challenge-response test e.g., a CAPTCHA image
  • Figures 6A-6C illustrate exemplary user interfaces for a challenge-response test (e.g., a CAPTCHA image) in accordance with some embodiments.
  • a challenge-response test e.g., a CAPTCHA image
  • Figure 7 illustrates a flowchart diagram of a method of CAPTCHA generation and verification in accordance with some embodiments.
  • Figures 8A-8B illustrate a flowchart diagram of a method of authenticating a user to use a service in accordance with some embodiments.
  • Figure 9 illustrate a block diagram of a processing system for CAPTCHA generation and verification in accordance with some embodiments.
  • server-client environment 100 includes client-side processing 102-1, 102-2 (hereinafter “client-side modules 102") executed on a client device 104-1, 104-2, and server-side processing 106 (hereinafter “server-side module 106") executed on a server system 108.
  • client-side module 102 communicates with server-side module 106 through one or more networks 110.
  • client-side module 102 provides client-side
  • Server-side module 106 provides server-side functionalities for the social networking platform (e.g., communications, payment processing, user authentication, etc.) for any number of client modules 102 each residing on a respective client device 104.
  • server-side module 106 includes one or more processors 112, messages database 114, profiles database 116, an I/O interface to one or more clients 118, and an I/O interface to the generation service 120.
  • I/O interface to one or more clients 118 facilitates the client-facing input and output processing for server-side module 106.
  • one or more processors 112 generate a challenge-response test (e.g., a CAPTCHA image with a question) in response to a detecting a trigger condition such as a user attempting to log onto the social networking platform.
  • Messages database 114 stores messages sent by users in the social networking platform.
  • Profiles database 116 stores a user profile for each user associated with the social networking platform.
  • I/O interface to the generation service 120 facilitates communications with generation service 122, whereby generation service 122 generates a challenge-response test (e.g., a CAPTCHA image with a question) in response to a detecting a trigger condition such as a request from server-side module 106 to generate the challenge- response test when a user attempts to log onto the social networking platform.
  • generation service 122 handles requests from a plurality of web-based services 124 to generate challenge-response tests in addition to similar requests from server- side module 106.
  • web-based services 124-1, 124-N include online games, websites, online applications, application marketplaces, or any other web-based service or application (e.g., the social networking platform provided by server system 108 is an example of a web-based service).
  • client device 104 examples include, but are not limited to, a handheld computer, a wearable computing device, a personal digital assistant (PDA), a tablet computer, a laptop computer, a desktop computer, a cellular telephone, a smart phone, an enhanced general packet radio service (EGPRS) mobile phone, a media player, a navigation device, a game console, a television, a remote control, or a combination of any two or more of these data processing devices or other data processing devices.
  • PDA personal digital assistant
  • EGPS enhanced general packet radio service
  • Examples of one or more networks 110 include local area networks (LAN) and wide area networks (WAN) such as the Internet.
  • One or more networks 110 are, optionally, implemented using any known network protocol, including various wired or wireless protocols, such as Ethernet, Universal Serial Bus (USB), FIREWIRE, Long Term Evolution (LTE), Global System for Mobile Communications (GSM), Enhanced Data GSM Environment (EDGE), code division multiple access (CDMA), time division multiple access (TDMA), Bluetooth, Wi-Fi, voice over Internet Protocol (VoIP), Wi-MAX, or any other suitable communication protocol.
  • USB Universal Serial Bus
  • FIREWIRE Long Term Evolution
  • LTE Long Term Evolution
  • GSM Global System for Mobile Communications
  • EDGE Enhanced Data GSM Environment
  • CDMA code division multiple access
  • TDMA time division multiple access
  • Bluetooth Wi-Fi
  • Wi-Fi voice over Internet Protocol
  • Wi-MAX or any other suitable communication protocol.
  • Server system 108 is implemented on one or more standalone data processing apparatuses or a distributed network of computers.
  • server system 108 also employs various virtual devices and/or services of third party service providers (e.g., third-party cloud service providers) to provide the underlying computing resources and/or infrastructure resources of server system 108.
  • third party service providers e.g., third-party cloud service providers
  • Server-client environment 100 shown in Figure 1 includes both a client-side portion (e.g., client-side module 102) and a server-side portion (e.g., server-side module 106).
  • client-side module 102 client-side module
  • server-side module 106 server-side module 106
  • data processing is implemented as a standalone application installed on client device 104.
  • client- side module 102 is a thin-client that provides only user-facing input and output processing functions, and delegates all other data processing functionalities to a backend server (e.g., server system 108).
  • server-side module 106 generates challenge-response tests to authenticate users associated with client devices 104 to use the social networking platform.
  • generation service 122 generates challenge-response tests to authenticate the users associated with client devices 104 to use the social networking platform provided by server system 108 and, also, generates challenge-response tests to authenticate the users associated with client devices 104 to use other online
  • FIG. 2 is a block diagram illustrating server system 108 in accordance with some embodiments.
  • Server system 108 typically, includes one or more processing units (CPUs) 112, one or more network interfaces 204 (e.g., including I/O interface to one or more clients 118 and I/O interface to generation service 120), memory 206, and one or more communication buses 208 for interconnecting these components (sometimes called a chipset).
  • Memory 206 includes high-speed random access memory, such as DRAM, SRAM, DDR RAM, or other random access solid state memory devices; and, optionally, includes nonvolatile memory, such as one or more magnetic disk storage devices, one or more optical disk storage devices, one or more flash memory devices, or one or more other non- volatile solid state storage devices.
  • Memory 206 optionally, includes one or more storage devices remotely located from one or more processing units 112.
  • Memory 206 or alternatively the non-volatile memory within memory 206, includes a non-transitory computer readable storage medium.
  • memory 206, or the non-transitory computer readable storage medium of memory 206 stores the following programs, modules, and data structures, or a subset or superset thereof:
  • operating system 210 including procedures for handling various basic system services and for performing hardware dependent tasks
  • network communication module 212 for connecting server system 108 to other
  • server-side module 106 which provides server-side data processing for a social networking platform (e.g., communications, payment processing, user authentication, etc.), includes, but is not limited to: o (optionally) payment processing module 214 for processing transactions for a respective user of the social networking platform based on payment data in a user profile in profiles database 116 corresponding to the respective user; and o communications module 216 for managing and routing messages sent between users of the social networking platform, including but not limited to; o (optionally) generation module 220 for generating challenge-response tests to authenticate users associated with client devices 104 to use the social networking platform, including but not limited to:
  • ⁇ trigger detection module 222 for detecting a trigger condition such as a user attempting to login into the social networking platform
  • ⁇ question and answer (Q&A) generation module 224 for generating a question for a challenge-response test and an answer to the question in response to detecting the trigger condition;
  • ⁇ image generation module 226 for generating an image for the challenge-response test including the question generated by Q&A generation module 224 in a human-readable form
  • ⁇ color selection module 228 for selecting a predefined user answer color (e.g., based on random or pseudo-random selection process);
  • ⁇ encryption module 230 for encrypting the answer to the question
  • ⁇ encoding module 232 for encoding the encrypted answer in the image
  • ⁇ transmitting module 234 for transmitting, to a client device 104
  • authentication information including the encrypted answer, the predefined answer color, and the generated image for the challenge-response test in order to authenticate the user to use the social networking platform;
  • authentication module 240 for authenticating users associated with client devices 104 to use the social networking platform, including but not limited to:
  • ⁇ receiving module 242 for receiving answer information responsive to a challenge-response test, the answer information including an encrypted answer and a revised image for the challenge-response test, the revised image includes the generated image augmented with a user's answer to the question from a client device 104 associated with the user;
  • ⁇ image analysis module 244 for performing character/image recognition on the revised image to extract the user's answer to the question
  • ⁇ decryption module 246 for decrypting the encrypted answer included in the answer information responsive to the challenge-response test
  • ⁇ comparison module 248 for comparing the user's answer extracted from the revised image against the decrypted answer
  • ⁇ authentication module 250 for authenticating the user to use the social networking platform in accordance with a determination that the user's answer extracted from the revised image matches the question to the decrypted answer with at least a predefined matching confidence; and server data 260 storing data for the social networking platform, including but not limited to: o messages database 114 storing messages sent by users in the social networking platform; o profiles database 116 storing user profiles for users of the social networking platform, where a respective user profile for a user includes a user identifier (e.g., an account name or handle), login credentials to the social networking platform, (optionally) payment data (e.g., linked credit card information, app credit or gift card balance, billing address, shipping address, etc.), an IP address or preferred contact information, contacts list, custom parameters for the user (e.g., age, location, hobbies, etc.), and identified trends and/or likes/dislikes of the user; and o question template database 262 storing a plurality of question templates to be used by Q&A generation module
  • Each of the above identified elements may be stored in one or more of the previously mentioned memory devices, and corresponds to a set of instructions for
  • memory 206 optionally, stores a subset of the modules and data structures identified above. Furthermore, memory 206, optionally, stores additional modules and data structures not described above.
  • FIG. 3 is a block diagram illustrating a representative client device 104 associated with a user in accordance with some embodiments.
  • Client device 104 typically, includes one or more processing units (CPUs) 302, one or more network interfaces 304, memory 306, and one or more communication buses 308 for interconnecting these CPUs.
  • CPUs processing units
  • network interfaces 304
  • memory 306
  • communication buses 308 for interconnecting these
  • Client device 104 also includes a user interface 310.
  • User interface 310 includes one or more output devices 312 that enable presentation of media content, including one or more speakers and/or one or more visual displays.
  • User interface 310 also includes one or more input devices 314, including user interface components that facilitate user input such as a keyboard, a mouse, a voice-command input unit or microphone, a touch screen display, a touch-sensitive input pad, a camera, a gesture capturing camera, or other input buttons or controls.
  • some client devices 104 use a microphone and voice recognition or a camera and gesture recognition to supplement or replace the keyboard.
  • Memory 306 includes high-speed random access memory, such as DRAM, SRAM, DDR RAM, or other random access solid state memory devices; and, optionally, includes nonvolatile memory, such as one or more magnetic disk storage devices, one or more optical disk storage devices, one or more flash memory devices, or one or more other non- volatile solid state storage devices.
  • Memory 306, optionally, includes one or more storage devices remotely located from one or more processing units 302.
  • Memory 306, or alternatively the non-volatile memory within memory 306, includes a non-transitory computer readable storage medium.
  • memory 306, or the non-transitory computer readable storage medium of memory 306, stores the following programs, modules, and data structures, or a subset or superset thereof:
  • operating system 316 including procedures for handling various basic system services and for performing hardware dependent tasks
  • network communication module 318 for connecting client device 104 to other
  • computing devices e.g., server system 108, generation services 122, and web-based services 124) connected to one or more networks 110 via one or more network interfaces 304 (wired or wireless);
  • presentation module 320 for enabling presentation of information (e.g., a user
  • a social networking platform for a social networking platform, widget, websites or web pages thereof, game, and/or application, audio and/or video content, text, etc.
  • client device 104 via one or more output devices 312 (e.g., displays, speakers, etc.) associated with user interface 310;
  • output devices 312 e.g., displays, speakers, etc.
  • input processing module 322 for detecting one or more user inputs or interactions from one of the one or more input devices 314 and interpreting the detected input or interaction;
  • web browser module 324 for navigating, requesting (e.g., via HTTP), and displaying websites and web pages thereof;
  • web-based services 124 e.g., games, application marketplaces, payment platforms, and/or other online applications
  • non-web-based applications e.g., games, application marketplaces, payment platforms, and/or other online applications
  • authentication module 328 for presenting challenge-response tests and enabling the user of client device to respond to the challenge-response tests via one or more input devices 314;
  • client-side module 102 which provides client-side data processing and functionalities for the social networking platform, including but not limited to: o communication system 332 for sending messages to and receiving messages from other users of the social networking platform (e.g., instant messaging, group chat, message board, message/news feed, and the like); and o (optionally) payment processing 334 for processing payments associated with transactions initiated within the social networking platform or at a merchant' s website within web browser module 324 and
  • client data 340 storing data associated with the social networking platform, including but not limited to: o user profile 342 storing a user profile associated with the user of client device 104 including a user identifier (e.g., an account name or handle), login credentials to the social networking platform, (optionally) payment data (e.g., linked credit card information, app credit or gift card balance, billing address, shipping address, etc.), an IP address or preferred contact information, contacts list, custom parameters for the user (e.g., age, location, hobbies, etc.), and identified trends and/or likes/dislikes of the user; and o user data 344 storing data authored, saved, liked, or chosen as favorites by the user of client device 104 in the social networking platform.
  • a user identifier e.g., an account name or handle
  • payment data e.g., linked credit card information, app credit or gift card balance, billing address, shipping address, etc.
  • IP address or preferred contact information e.g., contacts list, custom parameters for the
  • Each of the above identified elements may be stored in one or more of the previously mentioned memory devices, and corresponds to a set of instructions for
  • memory 306 optionally, stores a subset of the modules and data structures identified above. Furthermore, memory 306, optionally, stores additional modules and data structures not described above.
  • server system 108 are performed by client device 104, and the corresponding sub-modules of these functions may be located within client device 104 rather than server system 108. In some embodiments, at least some of the functions of client device 104 are performed by server system 108, and the corresponding sub-modules of these functions may be located within server system 108 rather than client device 104.
  • Client device 104 and server system 108 shown in Figures 2-3, respectively, are merely illustrative, and different configurations of the modules for implementing the functions described herein are possible in various embodiments.
  • FIG. 4 is a block diagram illustrating generation service 122 in accordance with some embodiments.
  • Generation service 122 typically, includes one or more processing units (CPUs) 402, one or more network interfaces 404, memory 406, and one or more communication buses 408 for interconnecting these components (sometimes called a chipset).
  • Memory 406 includes high-speed random access memory, such as DRAM, SRAM, DDR RAM, or other random access solid state memory devices; and, optionally, includes nonvolatile memory, such as one or more magnetic disk storage devices, one or more optical disk storage devices, one or more flash memory devices, or one or more other non- volatile solid state storage devices.
  • Memory 406, optionally, includes one or more storage devices remotely located from one or more processing units 402.
  • Memory 406, or alternatively the non-volatile memory within memory 406, includes a non-transitory computer readable storage medium.
  • memory 406, or the non-transitory computer readable storage medium of memory 406, stores the following programs, modules, and data structures, or a subset or superset thereof:
  • operating system 410 including procedures for handling various basic system services and for performing hardware dependent tasks
  • network communication module 412 for connecting generation service 122 to other computing devices (e.g., server system 108, client devices 104, and web-based services 124) connected to one or more networks 110 via one or more network interfaces 404 (wired or wireless);
  • generation module 420 for generating challenge-response tests to authenticate users associated with client devices 104 to use the social networking platform provided by server system 108 or services provided by web-based services 124, including but not limited to: o request handling module 422 for receiving a request from server system 108 or one of web-based services 124 to generate a challenge-response test to authenticate a user to use corresponding services; o trigger detection module 424 for detecting a trigger condition in response to receiving the request; o question and answer (Q&A) generation module 426 for generating a question for a challenge-response test and an answer to the question in response to detecting the trigger condition; o image generation module 428 for generating an image for the challenge- response test including the question generated by Q&A generation module 426 in a human-readable form; o (optionally) color selection module 430 for selecting a predefined user answer color (e.g., based on random or pseudo-random selection process); o encryption key selection module 4
  • memory 406 optionally, stores a subset of the modules and data structures identified above. Furthermore, memory 406, optionally, stores additional modules and data structures not described above.
  • At least some of the functions of server system 108 are performed by generation module 122, and the corresponding sub-modules of these functions may be located within generation module 122 rather than server system 108.
  • generation module 220 may be implemented at least in part on the generation module 122.
  • at least some of the functions of client generation module 122 are performed by server system 108, and the corresponding sub- modules of these functions may be located within server system 108 rather than generation module 122.
  • Generation module 122 and server system 108 shown in Figures 2 and 4, respectively, are merely illustrative, and different configurations of the modules for implementing the functions described herein are possible in various embodiments.
  • FIG. 5A-5C and 6A-6C illustrate exemplary user interfaces for a challenge-response test in accordance with some embodiments.
  • Figures 5A-5C and 6A-6C show a user interface displayed on client device
  • a user of client device 104 attempts to login into a service such as the social networking platform provided by server system 108.
  • server system 108 in response to the login attempt, server system 108 generates a question and an answer for a challenge- response test (e.g., a CAPTCHA image) so as to authenticate the user to use the service (e.g., the social networking platform).
  • a challenge- response test e.g., a CAPTCHA image
  • server system 108 sends authentication information, to client device 104, including the encrypted answer and an image with the question for the challenge-response test to be displayed at client device 104.
  • the challenge-response test verifies that the user is not a machine, bot, or other non-human entity.
  • server system 108 in response to the login attempt, sends a request to generation service 124 ( Figures 1 and 4) to generate a challenge-response test (e.g., a CAPTCHA image) so as to authenticate the user to use the service (e.g., the social networking platform).
  • generation service 124 generates a question and an answer for a challenge-response test so as to authenticate the user to use the service (e.g., the social networking platform).
  • generation service 124 sends authentication information to client device 104, including the encrypted answer and an image with the question for the challenge-response test to be displayed at client device 104.
  • generation service 124 sends the authentication information to server system 108 for routing to client device 104.
  • client device 104 or a component thereof sends a notification to generation service 124 ( Figures 1 and 4) indicating the login attempt and the service corresponding to the login attempt (e.g., the social networking platform provided by server system 108).
  • generation service 124 generates a challenge-response test (e.g., a CAPTCHA image) so as to authenticate the user to use the service (e.g., the social networking platform) by generating a question and an answer for the challenge-response test.
  • a challenge-response test e.g., a CAPTCHA image
  • FIG. 5A illustrates client device 104 displaying an image 500 for a challenge-response test (e.g., CAPTCHA image) on a touch screen display.
  • a challenge-response test e.g., CAPTCHA image
  • generated image 500 includes question 502 for the challenge-response test: "Which in 'a b c D e' is in upper case?" and an answer entry field 504.
  • a portion of image 500 is editable for the user to enter his/her answer. For example, in Figure 5A, only answer entry field 504 in image 500 is editable.
  • the user of client device 104 interacts with the touch screen display with his/her finger, a stylus, or other writing implement to enter his/her answer to question 502 in answer entry field 504.
  • Figure 5B illustrates client device 104 displaying the user's answer 506 "D" in answer entry field 504.
  • Figure 5C illustrates revised image 550 (sometimes also herein called a
  • changed CAPTCHA image including question 502 for the challenge-response test augmented with the user's answer 506 to question 502.
  • revised image 550 is sent to server system 108 and, subsequently, analyzed and processed by server system 108 so as to determine whether to authenticate the user of client device 104 to use the service.
  • Figure 6A illustrates an image 610 generated for a challenge-response test
  • image 610 includes a first prompt 612, a second prompt 614, and (optionally) hidden region 616 with an encrypted answer to first prompt 612 and second prompt 614.
  • First prompt 612 requires the user to answer a question: "What is 32 + 7?" and second prompt 614 requires the user to answer the question corresponding to first prompt 612 in a pen color that "corresponds to the color of grass.”
  • Figure 6B illustrates client device 104 displaying image 610 for the challenge- response test on a touch screen display.
  • user interface components for answering the challenge-response test have been overlaid on image 610.
  • the user interface components include user interface (UI) component(s) 618 for selecting a pen color for entering the answer and answer entry box 620 indicating an editable area of image 610 for entering the answer in the selected pen color.
  • UI component(s) 618 for selecting the pen color is a scrollable list of colors, a plurality of colored affordances, a plurality of affordances with color names, a scrollable color wheel, or the like.
  • UI component(s) 618 for selecting the pen color is a scrollable list of colors, a plurality of colored affordances, a plurality of affordances with color names, a scrollable color wheel, or the like.
  • the user of client device 104 interacts with UI component(s) 618 for selecting a pen color to select a pen color responsive to second prompt 614 (e.g., green) and enters his/her answer to first prompt 612 in answer entry box 620 with his/her finger, a stylus, or other writing implement.
  • Figure 6B also illustrates client device 104 displaying the user's answer 622 "39" in answer entry box 620.
  • Figure 6C illustrates revised image 650 (sometimes also herein called a
  • “changed CAPTCHA image” including first prompt 612, a second prompt 614, and
  • revised image 650 is sent to server system 108 and, subsequently, analyzed and processed by server system 108 so as to determine whether to authenticate the user of client device 104 to use the service.
  • FIG. 7 illustrates a flowchart diagram of a method 700 of CAPTCHA generation and verification in accordance with some embodiments.
  • method 700 is performed in a server-client environment 100.
  • server- client environment 100 includes a server system 108 ( Figures 1-2) (e.g., associated with a service such as a social networking platform), one or more client devices 104 ( Figures 1 and 3) (e.g., associated with an user of the service), and (optionally) a generation service 122 ( Figures 1 and 4) (e.g., for generating challenge-response tests for services such as the social networking platform provided by server system 108 and other online applications/services provided by web-based services 124).
  • a server system 108 Figures 1-2
  • client devices 104 Figures 1 and 3
  • a generation service 122 Figures 1 and 4
  • server system 108 manages and operates a social networking platform.
  • server system 108 or a component thereof e.g., generation module 220 ( Figure 2) of server- side module 106) generates challenge-response tests to authenticate users associated with client devices 104 to use the social networking platform provided by server system 108.
  • generation service 122 generates challenge-response tests to authenticate the users associated with client devices 104 to use the social networking platform provided by server system 108 and, also, generates challenge-response tests to authenticate the users associated with client devices 104 to use other online application/services provided by web-based services 124.
  • operations 702-704 are performed by server system 108 or a component thereof (e.g., generation module 220, Figure 2); however, one of skill in the art will appreciate that operations 702-704 may also be performed by generation service 122 based on a different division of functionalities in server-client environment 100. Furthermore, operations 706-708 are performed at a respective client device 104 and operation 710 is performed at server system 108.
  • Server system 108 generates (702) a question and a corresponding answer.
  • the question and the answer may be randomly or pseudo-randomly generated according to a specified formula or a template.
  • the generated question is: "Which letter in 'a b c D e' is in upper case?” and the corresponding answer is: "D.”
  • the template is "Which letter in ' ' is in upper case?” where server system 108 randomly or pseudo-randomly selects a sequence of letters for the five blanks and also randomly or pseudo-randomly capitalizes one of the letters in the selected sequence of letters.
  • Server system 108 generates (704) a color value, generates a question image with the question, and loads the answer corresponding to the question and the color value into file data of the image, so as to obtain a corresponding CAPTCHA image.
  • server system 108 sends authentication information (i.e., the file data) to a respective client device 104 including the CAPTCHA image, the color value, and the answer.
  • the color value is randomly or pseudo-randomly generated.
  • the color value is clearly different from the text color of the question in the question image to ease character recognition in operation 710.
  • the pen color in which the user inputs answer 506 is red is set by the generated color value
  • the color of the text for the generated question 502 is blue.
  • server system After the question image is generated, server system
  • server system 108 acquires a timestamp and loads the timestamp together with the answer to the question and the color value into the file data of the image, so as to obtain a corresponding CAPTCHA image.
  • server system 108 encrypts the timestamp, the answer to the question, and the color value using a private key, so as to obtain an encrypted character string, and loads the encrypted character string into the file data of the image.
  • server system 108 loads the encrypted character string into the file data of the image by:
  • server system 108 adds the encrypted character string in image data in a concealed manner by adding binary data of the encrypted character string in a header or a trailer of binary data of the image.
  • the respective client device 104 displays (706) the CAPTCHA image on a display and sets a color for an input unit corresponding to the color value in the file data of the CAPTCHA image.
  • the input unit is a drawing board, and a color of the drawing pen corresponding to the drawing board is set according to the color value in the file data.
  • a canvas technology associated with Hypertext Markup Language (HTML) 5 may be adopted to display a drawing board and set a drawing pen color at the user's client device 104.
  • the display drawing board is an editable portion of a touch screen display of client device 104 that is inside of the CAPTCHA image or at another position on the touch screen display.
  • answer entry field 504 indicates an editable portion of the touch screen display where the user is able to input his/her answer.
  • client device 104 is implemented with touchscreen technology because the drawing pen is used to input the character image in the drawing board.
  • respective client device 104 is a smart terminal with a touchscreen selected from one of the following non-limiting examples: a smart mobile phone, a handheld computer, a tablet computer, a smart television (Smart TV), or the like.
  • the user of respective client device 104 determines the answer of question 502 in Figures 5A-5B to be "D," the user uses the drawing pen to input the answer "D" into answer entry field 504.
  • the color of the drawing pen is adapted by the client device to correspond with the color value in the file data of the CAPTCHA image.
  • the respective client device 104 determines (708) a character image for one or more characters input via the input unit, and combines the character image and the CAPTCHA image to obtain a changed CAPTCHA image. In some embodiments, respective client device 104 determines a character image corresponding to the user's answer based on the one or more character input by the user. For example, in Figure 5B, the character image corresponds to answer entry field 504, which includes the user's answer 506 "D.” In some embodiments, respective client device 104 combines the character image and the CAPTCHA image to obtain a changed CAPTCHA image.
  • revised image 550 (i.e., the changed CAPTCHA image) includes question 502 for the challenge-response test augmented with the user's answer 506 to question 502.
  • respective client device 104 sends the changed CAPTCHA image to server system 108 for analysis and processing.
  • Server system 108 retrieves (710) the color value and the answer from the changed CAPTCHA image, recognizes one or more characters with a same color as the color value in the changed CAPTCHA image, and compares the one or more recognized characters and the answer. In some embodiments, in accordance with a determination that the comparison satisfies predetermined matching/comparison confidence criteria, server system 108 verifies or authenticates the user of the respective client device 104. For example, the predetermined matching/comparison confidence criteria are satisfied when the one or more recognized characters match the answer with a confidence rating of 100%, 90%, 80%, or the like.
  • server system 108 retrieves the timestamp from the changed CAPTCHA image; and determines a time difference between the timestamp and a current time. If the time difference exceeds a preset time limit, the verification fails. However, if the time difference does not exceed the preset time limit, server system 108: recognizes one or more characters with a same color as the color value in the changed CAPTCHA image; and compares the one or more recognized characters and the answer.
  • server system 108 retrieves the encrypted character string from the changed CAPTCHA image and decrypts the encrypted character string by using the private key, so as to obtain the timestamp, the color value, and the answer.
  • server system 108 retrieves the color value, the answer, and timestamp from the changed CAPTCHA image by: retrieving the binary data of the encrypted character string from the header or trailer of the binary data of the image; converting the binary data into the encrypted character string; and decrypting the encrypted character string by using the private key, so as to obtain the timestamp, the color value, and the answer from the encrypted character string.
  • server system 108 retrieves the color value, the answer, and timestamp from the changed CAPTCHA image by: retrieving the encrypted character string from the file header of the image; and decrypting the encrypted character string by using the private key, so as to obtain the timestamp, the color value, and the answer from the encrypted character string.
  • server system 108 retrieves the color value, the answer, and timestamp from the changed CAPTCHA image by: retrieving the encrypted character string from the file name of the image file; and decrypting the encrypted character string by using the private key, so as to obtain the timestamp, the color value, and the answer from the encrypted character string.
  • server system 108 recognizes one or more characters with the same color as the color value in the changed CAPTCHA image by processing each pixel in the changed CAPTCHA image. For example, if a pixel color is the same as the color value in the changed CAPTCHA image, server system 108 turns the pixel color into color A, and, if the pixel color is not the same as the color value in the changed CAPTCHA image, server system 108 turns the pixel color into color B.
  • color A and color B have a color difference with a specified magnitude such as black and white, respectively.
  • an image with only black and white colors is obtained after processing.
  • Such an image with distinctive black and white colors makes image recognition with a character recognition tool very efficient and fast. Character recognition is performed on the changed CAPTCHA image after the foregoing processing to obtain a group of recognition results, and a recognition result that has the highest degree of similarity with the characters in the changed CAPTCHA image is used as the character recognized in the end.
  • Figures 8A-8B illustrate a flowchart diagram of a method 800 of
  • method 800 is performed by a server with one or more processors and memory.
  • method 800 is performed by server system 108 ( Figures 1-2) or a component thereof (e.g., server-side module 106, Figures 1-2).
  • method 800 is performed by generation service 122 ( Figures 1 and 4) or a component thereof (e.g., generation module 420, Figure 4).
  • method 800 is governed by instructions that are stored in a non-transitory computer readable storage medium and the instructions are executed by one or more processors of the server system. Optional operations are indicated by dashed lines (e.g., boxes with dashed-line borders).
  • the server (802) receives a request from the service to generate the challenge-response test, where the request specifies the client device; in response to receiving the request, detects the trigger condition; and identifies an encryption key corresponding to the service.
  • the answer generated in operation 806 is encrypted with the identified encryption key corresponding to the service.
  • the service when a user of a client device 104 attempts to log into a service, the service sends a request (i.e., the trigger condition) to generation service 122 ( Figures 1 and 4) (i.e., the server in operation 802) to generate a challenge-response test (e.g., a CAPTCHA image) to authenticate the user for login to the service.
  • generation service 122 generates challenge-response test for multiple different online application or services such as the social networking platform provided by server system 108 and the online
  • each of the different services is associated with a distinct encryption key known to the respective service.
  • generation service 122 receives a request from server system 108 to generate a challenge-response because a user is attempting to log into the social
  • generation service 122 detects the trigger condition in response to receiving the request, generation service 122 or a component thereof (e.g., encryption key selection module 432, Figure 4). Continuing with this example, in response to detecting the trigger condition, generation service 122 selects an encryption key from encryption key table 454 ( Figure 4) that corresponds to server system 108 and encrypts the answer with the selected encryption key.
  • generation service 122 instead of receiving the request from a service (e.g., server system 108 or one of web-based services 124), generation service 122 receives the request from a client device of a user attempting to log into a service, where the request identifies the service.
  • generation service 122 detects the trigger condition in response to receiving the login request from the client device to login to a respective service among a plurality of services, each service having a corresponding encryption key.
  • each of the services may have made prior agreement regarding the encryption key to use, such that the service may use its own server to decrypt the modified image and verify the user's login request.
  • operations 804-816 are performed by server system 108 or a component thereof (e.g., generation module 220, Figure 2); however, one of skill in the art will appreciate that operations 804-816 may also be performed by generation service 122 based on a different division of functionalities in server-client environment 100. Furthermore, operations 818-824 are performed at server system 108.
  • server system 108 operates and manages a social networking platform, whereby users associated with client devices 104 have accounts in the social networking platform.
  • the server In response to detecting a trigger condition (804), the server generates (806) a question for a challenge-response test and an answer to the question.
  • server system 108 or a component thereof e.g., trigger detection module 222, Figure 2 detects a trigger condition when a user attempts to login into the social networking platform.
  • system 108 or a component thereof In response to detecting the trigger condition, system 108 or a component thereof (e.g., Q&A generation module 224, Figure 2) generates a challenge-response test (e.g., a CAPTCHA image) to authenticate the user and verify that the user is a human and not a machine by generating a question and a corresponding answer based on a random, pseudo-random, or template-based process
  • the blanks of a second question template - "Which of the following letters is capitalized: ' '?" - are filled in with a sequence of pseudo-randomly or randomly selected letters or character and one of the letters in the sequence is selected to be capitalized according to a pseudo-random or random selection process.
  • the server encrypts (808) the answer.
  • server system In some embodiments, server system
  • 108 or a component thereof encrypts the answer generated by Q&A generation module 224.
  • the encrypted answer cannot be decrypted, viewed, or changed by the user of client device 104 or other interlopers.
  • the server generates (810) an image for the challenge-response test, where the image includes the question in a human-readable form.
  • server system 108 or a component thereof e.g., image generation module 226, Figure 2
  • the question includes text and/or graphics.
  • Figures 5A-5B show image 500 with question 502 for the challenge-response test.
  • Figures 6A-6B show image 610 with first prompt 612 and second prompt 614 for the challenge-response test.
  • the encrypted answer is (812) encoded in the image.
  • server system 108 or a component thereof e.g., encoding module 232, Figure 2 encodes the encrypted answer into the image generated by image generation module 226.
  • the answer is included in a hidden and/or un-editable portion of the image.
  • the answer is encoded in the pixels of the image.
  • the answer is included in a file name or header of the image.
  • server system 108 does not need to generate a serial number for the question and store the answer paired with the question's serial number in a look-up table and, subsequently, identify the pre-stored answer from a look-up table based on the serial number for the question when comparing the user's answer to the pre-stored answer.
  • Figures 6A-6B show image 610 for the challenge-response test, which includes hidden region 616 with the encrypted answer to prompts 612 and 614. For example, hidden region 616 cannot be edited or viewed by the user of client device 104.
  • the encrypted information (e.g., the answer, the timestamp, the predefined pen color, the location of the editable portion, etc.) that is included with the generated image in the authentication information (e.g., either as part of the image, or as encoded text sent with the image) cannot be processed or changed by the client device or the user.
  • the encrypted information is encoded in the generated image, the portion of the generated image that includes the encoded image must be part of the revised image. If the encrypted information is encoded as text that is printed on the generated image, the encoded text must be sent in its original form in the revised image.
  • the generated image for the challenge-response test indicates (814) an editable portion for the user's answer to the question.
  • the image generated by image generation module 226 includes a bordered field/portion that is editable and enabled to receive the user's answer to the question.
  • client device 104 overlays a bordered field/portion on the image generated by image generation module 226 to indicate an editable portion of the image that is enabled to receive the user's answer to the question.
  • entry field 504 indicates the editable portion of image 500 for the user to enter his/her answer to question 502.
  • answer entry box 620 indicates an editable area of image 610 for entering the user's answer.
  • the server sends (816), to a client device associated with the user,
  • server system 108 or a component thereof (e.g., transmitting module 234, Figure 2) sends authentication information to a client device 104 associated with the user attempting to use the service (e.g., the social networking platform).
  • the authentication information at least includes the image generated by image generation module 226 and the encrypted answer.
  • the server discards the authentication information or the link between the question and the answer after sending the authentication information to client device 104. This saves storage space in some embodiments. This way, the authentication information can be passed out freely to anyone that asks for it, but the server generating the authentication information does not keep track of who has received what authentication information. Only the answer information that is returned to server system 108 in operations 816 or 824 with a user's answer to the question in the authentication information is reviewed by server system 108.
  • the entity reviewing (the answer in operation 820 e.g., server system 108) may be different from the one that disseminates the authentication information in operation 816 (e.g., generation module 122, Figures 1 and 4), which results in better separation of duties among modules and/or servicing entities.
  • the server obtains (818), from the client device, answer information responsive to the challenge-response test, the answer information including the encrypted answer and a revised image, where the revised image includes the generated image augmented with the user's answer to the question.
  • server system 108 or a component thereof e.g., receiving module 242, Figure 2 obtains answer information from client device 104 that at least includes the encrypted answer and a revised image that includes the question augmented to the user's answer to the question.
  • Figure 5C shows client device 104 displaying revised image 550 (sometimes also herein called a "changed CAPTCHA image") including question 502 for the challenge-response test augmented with the user's answer 506 to question 502.
  • client device 104 sends the revised image 550 to server system 108.
  • the user enters his/her answer 506 to the question in an editable portion of the un-augmented image 500 (e.g., answer entry field 504).
  • Figure 6C shows client device 104 displaying revised image 650 (sometimes also herein called a "changed CAPTCHA image") including first prompt 612, a second prompt 614, and (optionally) hidden region 616 with an encrypted answer to first prompt 612 and second prompt 614 for the challenge-response test augmented with the user's answer 622 to first prompt 612 in a color responsive to second prompt 614.
  • client device 104 sends the revised image 650 to server system 108.
  • the user enters his/her answer 622 to prompts 612 and 614 in an editable portion of the un-augmented image 610 (e.g., answer entry box 620).
  • the server (820) after obtaining the answer information responsive to the challenge-response test, the server (820): performs image recognition on the revised image to extract the user's answer to the question; decrypts the encrypted answer included in the answer information responsive to the challenge-response test; and, in accordance with a determination that the user's answer to the question matches the decrypted answer, authenticating the user to use the service.
  • server system 108 or a component thereof e.g., image analysis module 244, Figure 2 performs character and/or image recognition analysis on the revised image to extract the user's answer to the question from the revised image.
  • server system 108 or a component thereof decrypts the encrypted answer included in the answer information.
  • server system 108 or a component thereof e.g., comparison module 248, Figure 2 compares the user's answer extracted from the revised image to the decrypted answer to generate a matching confidence rating.
  • the matching confidence rating is based on a count of the matching characters between the decrypted answer and the extracted answer.
  • predetermined matching/comparison confidence criteria are satisfied when the matching confidence rating exceeds a predefined matching confidence.
  • server system 108 In accordance with a determination that predetermined matching/comparison confidence criteria are satisfied, server system 108 or a component thereof (e.g.,
  • authentication module 250 Figure 2 authenticates the user to use the service (e.g., the social networking service) and/or verifies that the user is a human and not a machine. In accordance with a determination that predetermined matching/comparison confidence criteria are not satisfied, the authentication fails.
  • the user is required to enter login credentials to access the service. For example, server system 108 determines whether the entered login credentials match stored login credentials in a user profile for the user (e.g., stored in profiles database 1116, Figures 1-2) before allowing the user to access the service (e.g., the social networking service).
  • the authentication information further includes (822) a timestamp
  • the answer information responsive to the challenge-response test further includes the timestamp
  • the server authenticates the user to use the service by authenticating the user to use the service in accordance with the determination that the user's answer to the question matches the decrypted answer and in accordance with a determination that a difference between the timestamp and a current time is not greater than a predefined time period.
  • the user's answer must be received by server system 108 within a predefined time period (i.e., X seconds), else the authentication fails.
  • the authentication information includes a timestamp
  • the answer information also includes the timestamp.
  • server system 108 After receiving the answer information and prior to performing image and/or character recognition on the revised image, server system 108 or a component thereof determines a time difference between the timestamp in the answer information and a current time. In accordance with a determination that the time difference exceeds a predefined time period (i.e., X seconds), the authentication fails. In accordance with a determination that the time difference does not the predefined time period (i.e., X seconds), server system performs operation 820.
  • a predefined time period i.e., X seconds
  • the authentication information further includes (824) a predefined user answer color
  • the server obtains, from the client device, answer information responsive to the challenge-response test, including the encrypted answer, the predefined pen color and a revised image, where the revised image includes the generated image augmented with the user's answer to the question produced in the predefined answer color.
  • the authentication information further includes a predefined pen color (i.e., a randomly or pseudo-randomly color value) in which to input the user's answer to the question in the generated image.
  • the predefined pen color is clearly different from the text color of the question in the generated image to ease image and/or character recognition performed on the revised image in operation 820.
  • server system 108 filters out all colors other than the predefined pen color from the revised image so as to recognize the character for the user's answer in the revised image. For example, with reference to Figure 5B, the pen color in which the user inputs answer 506 is red (as set by the generated color value) and the color of the text for the generated question 502 is blue.
  • FIG. 9 is a block diagram of a processing system 900 for CAPTCHA generation and verification in accordance with some embodiments.
  • processing system 900 includes: (A) CAPTCHA generation and verification apparatus 910; and (B) CAPTCHA human-machine interaction apparatus 920.
  • CAPTCHA generation and verification apparatus 910 corresponds to server-side module 106 or a component thereof (e.g., generation module 220, Figure 2), which is executed on server system 108.
  • server system 108 manages and operates a social networking platform.
  • CAPTCHA generation and verification apparatus 910 corresponds to generation service 122 or a component thereof (e.g., generation module 420, Figure 4).
  • CAPTCHA human-machine interaction apparatus 920 corresponds to a respective client device 104 or a component thereof (e.g., authentication module 328, Figure 3).
  • CAPTCHA generation and verification apparatus 910 includes the following modules: question and answer (Q&A) generation module 912;
  • CAPTCHA image generation module 914 and verification module 916.
  • Q&A generation module 912 is configured to generate a question and a corresponding answer.
  • CAPTCHA image generation module 914 is configured to generate a color value, generate a question image with the question, and load the answer corresponding to the question and the color value into file data of the image, so as to obtain a corresponding CAPTCHA image.
  • verification module 916 is configured to receive a changed CAPTCHA image from CAPTCHA human-machine interaction apparatus 920, retrieve the color value and the answer from the changed CAPTCHA image, recognize one or more characters with a same color as the color value in the changed CAPTCHA image, and compare the one or more recognized character and the answer. In some embodiments, in accordance with a determination that the comparison satisfies predetermined
  • verification module 916 verifies or authenticates the user of the respective client device 104.
  • CAPTCHA generation and verification apparatus 910 is configured to receive authentication information from CAPTCHA generation and verification apparatus 910 including: the CAPTCHA image, the color value, and the answer.
  • CAPTCHA human-machine interaction apparatus 920 includes the following modules: display module 922; and response module 924.
  • display module 922 is configured to display the
  • CAPTCHA image on a display sets a color for an input unit corresponding to the color value in the file data of the CAPTCHA image.
  • the input unit is a drawing board, and a color of the drawing pen corresponding to the drawing board is set according to the color value in the file data.
  • response module 924 is configured to determine a character image for one or more characters input via the input unit, and combine the character image and the CAPTCHA image to obtain a changed CAPTCHA image (e.g., revised image 550 in Figure 5C or revised image 650 in Figure 6C).
  • a changed CAPTCHA image e.g., revised image 550 in Figure 5C or revised image 650 in Figure 6C.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Character Input (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Image Processing (AREA)

Abstract

Un serveur comprenant un ou plusieurs processeurs et une mémoire authentifie un utilisateur demandant à utiliser un service. En réponse à la détection d'une condition de déclenchement (804), le serveur génère une question pour un essai défi-réponse et une réponse à la question (806), il génère une image pour l'essai défi-réponse, l'image contenant la question sous une forme lisible par l'homme (810), et il transmet à un dispositif client associé à l'utilisateur des informations d'authentification comprenant la réponse chiffrée et l'image générée pour l'essai défi-réponse dans le but d'authentifier l'utilisateur demandant à utiliser le service (816).
PCT/CN2014/085115 2013-09-03 2014-08-25 Procédé et système de génération et de traitement d'essais défi-réponse WO2015032281A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310394006.7 2013-09-03
CN201310394006.7A CN104426879B (zh) 2013-09-03 2013-09-03 验证码生成和验证的处理方法及对应的方法、装置和系统

Publications (1)

Publication Number Publication Date
WO2015032281A1 true WO2015032281A1 (fr) 2015-03-12

Family

ID=52627789

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/085115 WO2015032281A1 (fr) 2013-09-03 2014-08-25 Procédé et système de génération et de traitement d'essais défi-réponse

Country Status (2)

Country Link
CN (1) CN104426879B (fr)
WO (1) WO2015032281A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220261473A1 (en) * 2021-02-16 2022-08-18 Beijing Didi Infinity Technology And Development Co., Ltd. System and method for protecting a login process

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483385A (zh) * 2016-06-08 2017-12-15 中国移动通信有限公司研究院 验证方法及装置
CN106330439A (zh) * 2016-10-25 2017-01-11 先锋智道(北京)科技有限公司 验证码生成方法、生成装置及生成系统
CN108062381B (zh) * 2017-12-13 2019-03-15 高艳 图像信息处理方法、装置和存储介质
CN110543754A (zh) * 2018-05-29 2019-12-06 武汉极意网络科技有限公司 存储器、验证码实现方法、装置和设备
CN110502890B (zh) * 2019-08-09 2020-11-10 北京达佳互联信息技术有限公司 一种验证码的处理方法、装置、电子设备及存储介质
CN112836185B (zh) * 2019-11-22 2022-12-30 上海哔哩哔哩科技有限公司 用户验证方法及系统
CN111143813B (zh) * 2019-12-27 2022-02-22 网易(杭州)网络有限公司 一种验证问题的生成方法、验证方法及装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1845489A (zh) * 2005-04-06 2006-10-11 腾讯科技(深圳)有限公司 验证信息生成装置及其方法、反自动机验证装置及其方法
CN101059830A (zh) * 2007-06-01 2007-10-24 华南理工大学 一种可结合游戏特征的机器人外挂识别方法
JP2009266067A (ja) * 2008-04-28 2009-11-12 Kawamura Electric Inc ユーザ認証システム

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102298763A (zh) * 2010-06-28 2011-12-28 腾讯科技(北京)有限公司 一种图片验证码的生成方法及系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1845489A (zh) * 2005-04-06 2006-10-11 腾讯科技(深圳)有限公司 验证信息生成装置及其方法、反自动机验证装置及其方法
CN101059830A (zh) * 2007-06-01 2007-10-24 华南理工大学 一种可结合游戏特征的机器人外挂识别方法
JP2009266067A (ja) * 2008-04-28 2009-11-12 Kawamura Electric Inc ユーザ認証システム

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220261473A1 (en) * 2021-02-16 2022-08-18 Beijing Didi Infinity Technology And Development Co., Ltd. System and method for protecting a login process

Also Published As

Publication number Publication date
CN104426879B (zh) 2019-01-25
CN104426879A (zh) 2015-03-18

Similar Documents

Publication Publication Date Title
EP3400551B1 (fr) Autorisation de transaction sur un dispositif partagé à l'aide d'un dispositif personnel
WO2015032281A1 (fr) Procédé et système de génération et de traitement d'essais défi-réponse
US20190124076A1 (en) Method and system for verifying an account operation
US9378352B2 (en) Barcode authentication for resource requests
US9178890B1 (en) Passwordless strong authentication using trusted devices
TWI728261B (zh) 判定認證能力之查詢系統、方法及非暫態機器可讀媒體
EP3378214B1 (fr) Contrôle d'un accès à des ressources en ligne à l'aide de validations de dispositif
US11831680B2 (en) Electronic authentication infrastructure
US20150222435A1 (en) Identity generation mechanism
US9979725B1 (en) Two-way authentication using two-dimensional codes
US9077713B1 (en) Typeless secure login to web-based services
US20150088760A1 (en) Automatic injection of security confirmation
US20150244695A1 (en) Network authentication method for secure user identity verification
US20190166118A1 (en) Secure multifactor authentication with push authentication
US20210273935A1 (en) Systems, methods, and media for managing user credentials
KR101027228B1 (ko) 인터넷 보안을 위한 본인인증 장치, 그 방법 및 이를 기록한 기록매체
CN106997432A (zh) 图片密码认证方法和图片密码认证装置
KR102313868B1 (ko) Otp를 이용한 상호 인증 방법 및 시스템
CN107169341A (zh) 图片密码生成方法和图片密码生成装置
JP5699671B2 (ja) 認証システム、認証方法、認証プログラム及び記録媒体
KR20060013949A (ko) 그림파일을 이용한 인증시스템 및 그 인증방법
JP2007065789A (ja) 認証システム及び方法
US20230267463A1 (en) Authenticating a transaction
TW201437840A (zh) 透過檔案比對進行驗證之方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14842831

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC ( EPO FORM 1205A DATED 28/07/2016 )

122 Ep: pct application non-entry in european phase

Ref document number: 14842831

Country of ref document: EP

Kind code of ref document: A1