CN104702406B - Identity verification method and device - Google Patents
Identity verification method and device Download PDFInfo
- Publication number
- CN104702406B CN104702406B CN201310647983.3A CN201310647983A CN104702406B CN 104702406 B CN104702406 B CN 104702406B CN 201310647983 A CN201310647983 A CN 201310647983A CN 104702406 B CN104702406 B CN 104702406B
- Authority
- CN
- China
- Prior art keywords
- picture
- sub
- verification code
- verification
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Information Transfer Between Computers (AREA)
- Telephonic Communication Services (AREA)
Abstract
本发明提出一种成本较低且抗破解能力强、安全性高的身份验证方法及装置。该方法包括:服务器接收用户终端发送的验证码拉取请求;根据所述验证码拉取请求,随机抽取一个验证码背景图片以及与所抽取的验证码背景图片对应的子图片,所述验证码背景图片中包括与所述子图片对应的空缺区域;将所抽取的验证码背景图片以及子图片下发给所述用户终端,以使所述用户终端将所述验证码背景图片以及子图片展示给用户;以及接收所述用户终端返回的、根据所述用户的指令进行拼接的验证码背景图片与子图片的拼接图片,当所述子图片按照预定的位置以及预定的旋转角度拼接在所述验证码背景图片的空缺区域时,验证结果为通过。
The present invention provides a low-cost, highly resistant to cracking, and highly secure identity authentication method and device. The method comprises: a server receiving a verification code pull request sent by a user terminal; randomly extracting a verification code background image and a sub-image corresponding to the extracted verification code background image based on the verification code pull request, wherein the verification code background image includes a vacant area corresponding to the sub-image; sending the extracted verification code background image and sub-image to the user terminal so that the user terminal displays the verification code background image and sub-image to the user; and receiving a spliced image of the verification code background image and sub-image returned by the user terminal, which is spliced according to the user's instructions. When the sub-image is spliced into the vacant area of the verification code background image according to a predetermined position and a predetermined rotation angle, the verification result is passed.
Description
技术领域technical field
本发明涉及计算机网络技术领域,特别是涉及一种身份验证方法及装置。The invention relates to the technical field of computer networks, in particular to an identity verification method and device.
背景技术Background technique
随着计算机和计算机网络的日益普及,互联网已经深入到人们工作、学习和生活的各个领域。网络的发展在为人们提供便利的同时也带来各种挑战。一些人会利用机器人程序大量地不当使用网络资源,例如群发垃圾邮件等,使服务器效能大为降低。也有人利用程序不断发出服务请求回应,进行“饱和攻击”以达到使服务器瘫痪的目的。甚至还有人尝试利用暴利破解等手段进行恶意破解密码等行为。为避免上述恶意行为,设计一套能够让计算机自动分辨信息是来自合理用户或是非正当使用的机器人程序的工具,就显得非常重要。With the increasing popularity of computers and computer networks, the Internet has penetrated into all areas of people's work, study and life. While the development of the network provides convenience for people, it also brings various challenges. Some people will use robot programs to improperly use network resources in large quantities, such as mass spam, etc., which will greatly reduce server performance. There are also people who use the program to continuously send out service request responses to carry out "saturation attacks" to achieve the purpose of paralyzing the server. Some people even try to maliciously crack passwords by means of profiteering cracking. In order to avoid the above-mentioned malicious behaviors, it is very important to design a set of tools that can allow the computer to automatically distinguish whether the information comes from a legitimate user or a robot program that is improperly used.
使用图像验证码是现在比较通行的方式,图像验证码的主要目的是分辨网络服务用户是程序还是人类。图像验证码是含有字符串的图片,在验证时要求用户输入字符串的内容。字符串通常由大小写字母和数字组成,部分验证码包含汉字或数学公式,字符串的长度可以是随机或固定的。为了避免被机器自动识别,通常会对图片的背景进行改进,例如增加各种纹理图案等,从而对机器自动识别进行干扰。Using image verification codes is a relatively common way now. The main purpose of image verification codes is to distinguish whether network service users are programs or humans. The image verification code is a picture containing a string, and the user is required to input the content of the string during verification. Strings are usually composed of uppercase and lowercase letters and numbers. Part of the verification code contains Chinese characters or mathematical formulas. The length of the string can be random or fixed. In order to avoid being automatically recognized by the machine, the background of the picture is usually improved, such as adding various texture patterns, etc., thereby interfering with the automatic recognition of the machine.
然而,只要收集足够的样本,使用字符识别技术进行机器学习和训练,就可以开发出机器程序来解码图像验证码。即使是改进的图像验证码,如果它的背景库不够庞大,依然能够被机器识别。传统的图像验证码无法避免这个问题,以字符图像验证码为例,如果是大小写字符和数字,最多只有62个。因此,现有的图像验证码抗破解能力差、安全性不够高。However, as long as enough samples are collected, machine learning and training using character recognition techniques, machine programs can be developed to decode image captchas. Even the improved image captcha can still be recognized by machines if its background library is not large enough. Traditional image verification codes cannot avoid this problem. Taking character image verification codes as an example, if there are uppercase and lowercase characters and numbers, there are only 62 characters at most. Therefore, the existing image verification code has poor anti-cracking ability and insufficient security.
为了提高验证码的抗破解能力,研发人员开发了点选验证码,点选验证码在使用时通常会向用户展示包含多个包含自然物体的图片以及与这些图片内容相关的提示信息,由用户根据提示信息对这些图片进行选择,根据用户的选择来对用户的身份进行验证,由于机器在对提示信息的理解以及对对象的分类这两方面都存在很大的困难,因此可以大大增加机器破解验证码的难度。In order to improve the anti-cracking ability of the verification code, the research and development personnel developed the click verification code. When the click verification code is used, it usually shows the user multiple pictures containing natural objects and prompt information related to the content of these pictures. Select these pictures according to the prompt information, and verify the user's identity according to the user's choice. Since the machine has great difficulties in understanding the prompt information and classifying objects, it can greatly increase the number of machine cracking. Captcha difficulty.
但是,点选验证码在使用时,图片资源要求很高,而且需要人工筛选分类入库,成本较高。However, when the verification code is used, the image resource requirements are very high, and it needs to be manually screened and sorted into the warehouse, which is costly.
发明内容Contents of the invention
本发明实施例的目的在于,提供一种成本较低且抗破解能力强、安全性高的身份验证方法及装置。The purpose of the embodiments of the present invention is to provide an identity verification method and device with low cost, strong anti-cracking ability, and high security.
为了解决上述问题,本发明实施例提供一种身份验证方法,所述方法包括:服务器接收用户终端发送的验证码拉取请求;根据所述验证码拉取请求,随机抽取一个验证码背景图片以及与所抽取的验证码背景图片对应的子图片,所述验证码背景图片中包括与所述子图片对应的空缺区域;将所抽取的验证码背景图片以及子图片下发给所述用户终端,以使所述用户终端将所述验证码背景图片以及子图片展示给用户;以及接收所述用户终端返回的、根据所述用户的指令进行拼接的验证码背景图片与子图片的拼接图片,当所述子图片按照预定的位置以及预定的旋转角度拼接在所述验证码背景图片的空缺区域时,验证结果为通过。In order to solve the above problems, an embodiment of the present invention provides an identity verification method, the method comprising: the server receives a verification code pull request sent by a user terminal; according to the verification code pull request, randomly extracts a verification code background picture and A sub-picture corresponding to the extracted verification code background picture, wherein the verification code background picture includes a vacant area corresponding to the sub-picture; sending the extracted verification code background picture and the sub-picture to the user terminal, To make the user terminal display the verification code background picture and sub-pictures to the user; and receive the spliced pictures of the verification code background picture and sub-pictures returned by the user terminal and spliced according to the user's instructions, when When the sub-picture is spliced in the vacant area of the background picture of the verification code according to the predetermined position and the predetermined rotation angle, the verification result is passed.
本发明实施例还提供一种身份验证方法,所述方法包括:用户终端向服务器发送验证码拉取请求;接收并展示所述服务器下发的验证码背景图片以及子图片,所述验证码背景图片包括与所述子图片对应的空缺区域;根据所述用户的指令将所述子图片与所述验证码背景图片进行拼接,所述用户的指令中包括所述子图片旋转的角度、以及移动的路径或移动的目标位置;以及将验证码背景图片与子图片的拼接图片发送给所述服务器进行验证,当所述子图片按照预定的位置以及预定的旋转角度拼接在所述空缺区域时,验证结果为通过。The embodiment of the present invention also provides an identity verification method, the method includes: the user terminal sends a verification code pull request to the server; receives and displays the verification code background picture and sub-picture issued by the server, the verification code background The picture includes a vacant area corresponding to the sub-picture; the sub-picture is spliced with the verification code background picture according to the user's instruction, and the user's instruction includes the rotation angle of the sub-picture and the movement path or moving target position; and send the spliced image of the verification code background image and sub-picture to the server for verification, when the sub-picture is spliced in the vacant area according to the predetermined position and predetermined rotation angle, The verification result is pass.
相应的,本发明实施例还提供一种身份验证装置,所述装置可以运行于服务器,所述装置可以包括:请求接收模块,用于接收用户终端发送的验证码拉取请求;图片抽取模块,用于根据所述验证码拉取请求,随机抽取一个验证码背景图片以及与所抽取的验证码背景图片对应的子图片,所述验证码背景图片中包括与所述子图片对应的空缺区域;图片下发模块,用于将所抽取的验证码背景图片以及子图片下发给所述用户终端,以使所述用户终端将所述验证码背景图片以及子图片展示给用户;以及身份验证模块,用于接收所述用户终端返回的、根据所述用户的指令进行拼接的验证码背景图片与子图片的拼接图片,当所述子图片按照预定的位置以及预定的旋转角度拼接在所述验证码背景图片的空缺区域时,验证结果为通过。Correspondingly, the embodiment of the present invention also provides an identity verification device, the device may run on a server, and the device may include: a request receiving module, configured to receive a verification code pull request sent by a user terminal; a picture extraction module, It is used to randomly extract a verification code background picture and a sub-picture corresponding to the extracted verification code background picture according to the verification code pull request, and the verification code background picture includes a vacant area corresponding to the sub-picture; A picture sending module, configured to send the extracted verification code background picture and sub-pictures to the user terminal, so that the user terminal displays the verification code background picture and sub-pictures to the user; and an identity verification module , for receiving the spliced picture of the verification code background picture and sub-picture returned by the user terminal and spliced according to the user’s instruction, when the sub-picture is spliced in the verification code according to a predetermined position and a predetermined rotation angle When the vacant area of the background image is coded, the verification result is passed.
相应的,本发明实施例还提供一种身份验证装置,可以运行于用户终端,所述装置可以包括:请求发送模块,用于向服务器发送验证码拉取请求;展示模块,用于接收并展示所述服务器下发的验证码背景图片以及子图片,所述验证码背景图片包括与所述子图片对应的空缺区域;拼接模块,用于根据所述用户的指令将所述子图片与所述验证码背景图片进行拼接,所述用户的指令中包括所述子图片旋转的角度、以及移动的路径或移动的目标位置;以及验证信息发送模块,用于将验证码背景图片与子图片的拼接图片发送给所述服务器进行验证,当所述子图片按照预定的位置以及预定的旋转角度拼接在所述空缺区域时,验证结果为通过。Correspondingly, the embodiment of the present invention also provides an identity verification device, which can run on a user terminal, and the device can include: a request sending module, used to send a verification code pull request to the server; a display module, used to receive and display The verification code background picture and sub-picture issued by the server, the verification code background picture includes a blank area corresponding to the sub-picture; the splicing module is used to combine the sub-picture and the sub-picture according to the user's instruction The background picture of the verification code is spliced, and the user's instruction includes the angle of rotation of the sub-picture, the path of movement or the target position of the movement; and a verification information sending module, which is used to splice the background picture of the verification code with the sub-picture The picture is sent to the server for verification, and when the sub-picture is spliced in the vacant area according to the predetermined position and the predetermined rotation angle, the verification result is passed.
相对于现有技术,本发明实施例中,验证码背景图片的具体内容不需要具有很强的类别辨识度,可以由服务器直接从互联网上获取,资源非常丰富,不需要人工进行分类,可以降低成本,另外也可以增加人工收集图片作为破解题库的难度;充分利用了人类对图片内容理解的先天优势,用户根据对验证码背景图片以及子图片中内容的关联关系的认识对子图片进行正确的摆放,由于机器在对图片内容的理解以及子图片被旋转后与背景图片之间的关联关系的认识这两方面都存在很大的困难,因此大大增加了机器破解验证码的难度,安全性高;相对于点选验证码来说,不需要用户根据问题对图片进行类别辨识,提供了空缺区域供用户选择,降低了用户的使用门槛。也就是说本发明在不影响用户体验的前提下可以大大提高验证码的抗破解力,有效的提高了用户验证的安全性。Compared with the prior art, in the embodiment of the present invention, the specific content of the background picture of the verification code does not need to have a strong category recognition, and can be obtained directly from the Internet by the server. The resources are very rich, and manual classification is not required, which can reduce the In addition, it can also increase the difficulty of manually collecting pictures as a solution to the question bank; making full use of the innate advantages of human beings in understanding the content of pictures, users can correctly correct the sub-pictures based on the knowledge of the background picture of the verification code and the relationship between the contents of the sub-pictures. Placement, because the machine has great difficulties in understanding the content of the picture and the recognition of the relationship between the rotated sub-picture and the background picture, so it greatly increases the difficulty of the machine to crack the verification code, security High; compared to clicking the verification code, users do not need to identify the category of the picture according to the question, and provide a blank area for users to choose, which reduces the user's threshold for use. That is to say, the present invention can greatly improve the cracking resistance of the verification code without affecting the user experience, and effectively improve the security of user verification.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其他目的、特征和优点能够更明显易懂,以下特举较佳实施例,并配合附图,详细说明如下。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the following preferred embodiments are specifically cited below, and are described in detail as follows in conjunction with the accompanying drawings.
附图说明Description of drawings
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present invention. For those skilled in the art, other drawings can also be obtained based on these drawings without creative effort.
图1是本发明实施例的应用环境图。FIG. 1 is an application environment diagram of an embodiment of the present invention.
图2是一种可应用于本发明实施例的用户终端的结构框图。Fig. 2 is a structural block diagram of a user terminal applicable to an embodiment of the present invention.
图3是一种可应用于本发明实施例的服务器的结构框图。Fig. 3 is a structural block diagram of a server applicable to the embodiment of the present invention.
图4是本发明实施例提供的一种身份验证方法的流程图。Fig. 4 is a flowchart of an identity verification method provided by an embodiment of the present invention.
图5是本发明实施例中验证码背景图片以及子图片的生成过程的具体流程图。FIG. 5 is a specific flow chart of the process of generating the verification code background picture and sub-pictures in the embodiment of the present invention.
图6是本发明实施例中验证码背景图片以及对应子图片的示意图。Fig. 6 is a schematic diagram of a verification code background picture and corresponding sub-pictures in an embodiment of the present invention.
图7是本发明实施例提供的另一种身份验证方法的流程图。Fig. 7 is a flowchart of another identity verification method provided by an embodiment of the present invention.
图8是本发明实施例提供的又一种身份验证方法的流程图。Fig. 8 is a flowchart of another identity verification method provided by an embodiment of the present invention.
图9是本发明实施例提供的一种身份验证装置的结构框图。Fig. 9 is a structural block diagram of an identity verification device provided by an embodiment of the present invention.
图10是图9中身份验证模块的结构框图。Fig. 10 is a structural block diagram of the identity verification module in Fig. 9 .
图11是图9中验证码生成模块的结构框图。Fig. 11 is a structural block diagram of the verification code generating module in Fig. 9 .
图12是本发明实施提供的另一种身份验证装置的结构框图。Fig. 12 is a structural block diagram of another identity verification device provided by the implementation of the present invention.
图13为本发明实施例中的身份验证系统的结构框图。Fig. 13 is a structural block diagram of the identity verification system in the embodiment of the present invention.
具体实施方式Detailed ways
为更进一步阐述本发明为达成预定发明目的所采取的技术手段及功效,以下结合附图及较佳实施例,对依据本发明提出的身份验证方法及身份验证装置的具体实施方式、方法、步骤、结构、特征及其功效,详细说明如下。In order to further explain the technical means and effects of the present invention to achieve the intended purpose of the invention, the specific implementation methods, methods, and steps of the identity verification method and identity verification device proposed according to the present invention will be described below in conjunction with the accompanying drawings and preferred embodiments. , structure, feature and effect thereof are described in detail as follows.
有关本发明的前述及其他技术内容、特点及功效,在以下配合参考图式的较佳实施例的详细说明中将可清楚呈现。通过具体实施方式的说明,当可对本发明为达成预定目的所采取的技术手段及功效得以更加深入且具体的了解,然而所附图式仅是提供参考与说明之用,并非用来对本发明加以限制。The aforementioned and other technical contents, features and effects of the present invention will be clearly presented in the following detailed description of preferred embodiments with reference to the drawings. Through the description of specific implementation methods, the technical means and effects of the present invention to achieve the intended purpose can be understood more deeply and specifically, but the attached drawings are only for reference and description, and are not used to explain the present invention limit.
请参阅图1,所示为本发明实施例提供的身份验证方法的应用环境图。如图1所示,用户终端100以及服务器200位于无线或有线网络300中,通过该无线或有线网络300,用户终端100以及服务器200相互通信。Please refer to FIG. 1 , which shows an application environment diagram of the identity verification method provided by the embodiment of the present invention. As shown in FIG. 1 , the user terminal 100 and the server 200 are located in a wireless or wired network 300 , and through the wireless or wired network 300 , the user terminal 100 and the server 200 communicate with each other.
用户终端100具体可以包括智能手机、平板电脑、电子书阅读器、MP3播放器(Moving Picture Experts Group Audio Layer III,动态影像专家压缩标准音频层面3)、MP4(Moving Picture Experts Group Audio Layer IV,动态影像专家压缩标准音频层面4)播放器、膝上型便携计算机、车载终端等等。Specifically, the user terminal 100 may include a smart phone, a tablet computer, an e-book reader, an MP3 player (Moving Picture Experts Group Audio Layer III, moving picture expert compression standard audio level 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic Video experts compress standard audio level 4) Players, laptops, vehicle terminals, etc.
图2示出了一种可应用于本发明实施例中的用户终端的结构框图。如图2所示,用户终端100包括存储器102、存储控制器104,一个或多个(图中仅示出一个)处理器106、外设接口108、射频模块110、定位模块112、图像采集模块114、音频模块116、触控屏幕118以及按键模块120。这些组件通过一条或多条通讯总线/信号线122相互通讯。Fig. 2 shows a structural block diagram of a user terminal applicable to an embodiment of the present invention. As shown in Figure 2, the user terminal 100 includes a memory 102, a storage controller 104, one or more (only one is shown in the figure) processors 106, a peripheral interface 108, a radio frequency module 110, a positioning module 112, an image acquisition module 114 , an audio module 116 , a touch screen 118 and a button module 120 . These components communicate with each other via one or more communication buses/signal lines 122 .
可以理解,图2所示的结构仅为示意,用户终端100还可包括比图2中所示更多或者更少的组件,或者具有与图2所示不同的配置。图2中所示的各组件可以采用硬件、软件或其组合实现。It can be understood that the structure shown in FIG. 2 is only for illustration, and the user terminal 100 may also include more or fewer components than those shown in FIG. 2 , or have a configuration different from that shown in FIG. 2 . Each component shown in Fig. 2 may be implemented by hardware, software or a combination thereof.
存储器102可用于存储软件程序以及模块,如本发明实施例中的身份验证方法及装置对应的程序指令/模块,处理器102通过运行存储在存储器104内的软件程序以及模块,从而执行各种功能应用以及数据处理,如本发明实施例提供的身份验证方法。The memory 102 can be used to store software programs and modules, such as program instructions/modules corresponding to the identity verification method and device in the embodiment of the present invention, and the processor 102 executes various functions by running the software programs and modules stored in the memory 104 Applications and data processing, such as the identity verification method provided by the embodiment of the present invention.
存储器102可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器102可进一步包括相对于处理器106远程设置的存储器,这些远程存储器可以通过网络连接至用户终端100。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。处理器106以及其他可能的组件对存储器102的访问可在存储控制器104的控制下进行。The memory 102 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 102 may further include a memory that is remotely located relative to the processor 106, and these remote memories may be connected to the user terminal 100 through a network. Examples of the aforementioned networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof. Access to memory 102 by processor 106 and possibly other components may be under the control of memory controller 104 .
外设接口108将各种输入/输入装置耦合至CPU以及存储器102。处理器106运行存储器102内的各种软件、指令以执行用户终端100的各种功能以及进行数据处理。Peripherals interface 108 couples various input/output devices to CPU and memory 102 . The processor 106 runs various software and instructions in the memory 102 to perform various functions of the user terminal 100 and perform data processing.
在一些实施例中,外设接口108,处理器106以及存储控制器104可以在单个芯片中实现。在其他一些实例中,他们可以分别由独立的芯片实现。In some embodiments, peripherals interface 108, processor 106, and memory controller 104 may be implemented in a single chip. In some other instances, they can be implemented by independent chips respectively.
射频模块110用于接收以及发送电磁波,实现电磁波与电信号的相互转换,从而与通讯网络或者其他设备进行通讯。射频模块110可包括各种现有的用于执行这些功能的电路元件,例如,天线、射频收发器、数字信号处理器、加密/解密芯片、用户身份模块(SIM)卡、存储器等等。射频模块110可与各种网络如互联网、企业内部网、无线网络进行通讯或者通过无线网络与其他设备进行通讯。上述的无线网络可包括蜂窝式电话网、无线局域网或者城域网。上述的无线网络可以使用各种通信标准、协议及技术,包括但并不限于全球移动通信系统(Global System for Mobile Communication,GSM)、增强型移动通信技术(Enhanced Data GSM Environment,EDGE),宽带码分多址技术(wideband code divisionmultiple access,W-CDMA),码分多址技术(Code division access,CDMA)、时分多址技术(time division multiple access,TDMA),蓝牙,无线保真技术(Wireless,Fidelity,WiFi)(如美国电气和电子工程师协会标准IEEE802.11a,IEEE802.11b,IEEE802.11g和/或IEEE802.11n)、网络电话(Voice over internet protocal,VoIP)、全球微波互联接入(Worldwide Interoperability for Microwave Access,Wi-Max)、其他用于邮件、即时通讯及短消息的协议,以及任何其他合适的通讯协议,甚至可包括那些当前仍未被开发出来的协议。The radio frequency module 110 is used to receive and send electromagnetic waves, realize mutual conversion between electromagnetic waves and electrical signals, and communicate with communication networks or other devices. The radio frequency module 110 may include various existing circuit elements for performing these functions, such as antenna, radio frequency transceiver, digital signal processor, encryption/decryption chip, Subscriber Identity Module (SIM) card, memory and so on. The radio frequency module 110 can communicate with various networks such as the Internet, intranet, wireless network or communicate with other devices through the wireless network. The wireless network mentioned above may include a cellular telephone network, a wireless local area network or a metropolitan area network. The wireless network mentioned above can use various communication standards, protocols and technologies, including but not limited to Global System for Mobile Communication (GSM), Enhanced Data GSM Environment (EDGE), broadband code Division multiple access technology (wideband code division multiple access, W-CDMA), code division multiple access technology (Code division access, CDMA), time division multiple access technology (time division multiple access, TDMA), Bluetooth, wireless fidelity technology (Wireless, Fidelity, WiFi) (such as IEEE802.11a, IEEE802.11b, IEEE802.11g and/or IEEE802.11n), Internet telephony (Voice over internet protocol, VoIP), global microwave interconnection access (Worldwide Interoperability for Microwave Access, Wi-Max), other protocols for mail, instant messaging, and short messaging, and any other suitable communication protocol, even those that have not yet been developed.
定位模块112用于获取用户终端100的当前位置。定位模块112的实例包括但不限于全球卫星定位系统(GPS)、基于无线局域网或者移动通信网的定位技术。The positioning module 112 is used to obtain the current location of the user terminal 100 . Examples of the positioning module 112 include but are not limited to Global Positioning System (GPS), positioning technology based on wireless local area network or mobile communication network.
图像采集模块114用于拍摄照片或者视频。拍摄的照片或者视频可以存储至存储器102内,并可通过射频模块110发送。The image acquisition module 114 is used for taking photos or videos. The photographs or videos taken can be stored in the memory 102 and sent through the radio frequency module 110 .
音频模块116向用户提供音频接口,其可包括一个或多个麦克风、一个或者多个扬声器以及音频电路。音频电路从外设接口108处接收声音数据,将声音数据转换为电信息,将电信息传输至扬声器。扬声器将电信息转换为人耳能听到的声波。音频电路还从麦克风处接收电信息,将电信号转换为声音数据,并将声音数据传输至外设接口108中以进行进一步的处理。音频数据可以从存储器102处或者通过射频模块110获取。此外,音频数据也可以存储至存储器102中或者通过射频模块110进行发送。在一些实例中,音频模块116还可包括一个耳机播孔,用于向耳机或者其他设备提供音频接口。The audio module 116 provides an audio interface to the user and may include one or more microphones, one or more speakers, and audio circuitry. The audio circuit receives sound data from the peripheral interface 108, converts the sound data into electrical information, and transmits the electrical information to the speaker. Speakers convert electrical information into sound waves that can be heard by the human ear. The audio circuit also receives electrical information from the microphone, converts the electrical signal into sound data, and transmits the sound data to the peripheral interface 108 for further processing. The audio data can be obtained from the memory 102 or through the radio frequency module 110 . In addition, the audio data can also be stored in the memory 102 or sent through the radio frequency module 110 . In some examples, the audio module 116 may further include a headphone jack for providing an audio interface for headphones or other devices.
触控屏幕118在用户终端100与用户之间同时提供一个输出及输入界面。具体地,触控屏幕118向用户显示视频输出,这些视频输出的内容可包括文字、图形、视频、及其任意组合。一些输出结果是对应于一些用户界面对象。触控屏幕118还接收用户的输入,例如用户的点击、滑动等手势操作,以便用户界面对象对这些用户的输入做出响应。检测用户输入的技术可以是基于电阻式、电容式或者其他任意可能的触控检测技术。触控屏幕118显示单元的具体实例包括但并不限于液晶显示器或发光聚合物显示器。The touch screen 118 simultaneously provides an output and input interface between the user terminal 100 and the user. Specifically, the touch screen 118 displays video output to the user, and the content of the video output may include text, graphics, video, and any combination thereof. Some output results correspond to some user interface objects. The touch screen 118 also receives user input, such as user gesture operations such as clicking and sliding, so that the user interface objects respond to these user inputs. The technique for detecting user input may be based on resistive, capacitive or any other possible touch detection techniques. Specific examples of the display unit of the touch screen 118 include, but are not limited to, liquid crystal displays or light emitting polymer displays.
按键模块120同样提供用户向用户终端100进行输入的接口,用户可以通过按下不同的按键以使用户终端100执行不同的功能。The button module 120 also provides an interface for the user to input to the user terminal 100 , and the user can make the user terminal 100 perform different functions by pressing different buttons.
图3为一种可应用于本发明实施例的中的服务器的结构框图。如图3所示,服务器200包括:存储器201、处理器202以及网络模块203。可以理解,图3所示的结构仅为示意,其并不对本发明实施例中的服务器的结构造成限定。例如,本发明实施例中的服务器还可包括比图3中所示更多或者更少的组件,或者具有与图3所示不同的配置。另外,本发明实施例中的服务器还可以包括多个具体不同功能的服务器。Fig. 3 is a structural block diagram of a server applicable to an embodiment of the present invention. As shown in FIG. 3 , the server 200 includes: a memory 201 , a processor 202 and a network module 203 . It can be understood that the structure shown in FIG. 3 is only for illustration, and does not limit the structure of the server in the embodiment of the present invention. For example, the server in the embodiment of the present invention may also include more or fewer components than those shown in FIG. 3 , or have a different configuration from that shown in FIG. 3 . In addition, the server in this embodiment of the present invention may also include multiple servers with different specific functions.
存储器201可用于存储软件程序以及模块,如本发明实施例中的身份验证方法及装置对应的程序指令/模块,处理器202通过运行存储在存储器201内的软件程序以及模块,从而执行各种功能应用以及数据处理,即实现本发明实施例中的身份验证方法。存储器201可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器201可进一步包括相对于处理器202远程设置的存储器,这些远程存储器可以通过网络连接至服务器200。The memory 201 can be used to store software programs and modules, such as program instructions/modules corresponding to the identity verification method and device in the embodiment of the present invention, and the processor 202 executes various functions by running the software programs and modules stored in the memory 201 The application and data processing are to implement the identity verification method in the embodiment of the present invention. The memory 201 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 201 may further include a memory that is remotely located relative to the processor 202, and these remote memories may be connected to the server 200 through a network.
网络模块203用于接收以及发送网络信号。上述网络信号可包括无线信号或者有线信号。在一个实例中,上述网络信号为有线网络信号。此时,网络模块203可包括处理器、随机存储器、转换器、晶体振荡器等元件。The network module 203 is used for receiving and sending network signals. The foregoing network signals may include wireless signals or wired signals. In an example, the aforementioned network signal is a wired network signal. At this time, the network module 203 may include components such as a processor, a random access memory, a converter, and a crystal oscillator.
上述的软件程序以及模块还包括操作系统,例如可为LINUX,UNIX,WINDOWS,其可包括各种用于管理系统任务(例如内存管理、存储设备控制、电源管理等)的软件组件和/或驱动,并可与各种硬件或软件组件相互通讯,从而提供其他软件组件的运行环境。The above-mentioned software programs and modules also include an operating system, such as LINUX, UNIX, WINDOWS, which may include various software components and/or drivers for managing system tasks (such as memory management, storage device control, power management, etc.) , and can communicate with various hardware or software components to provide an operating environment for other software components.
下面将结合附图,对本发明实施例提供的身份验证方法、装置进行详细的介绍。The identity verification method and device provided by the embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
请参阅图4,所示为本发明实施例提供的一种身份验证方法的流程图。结合图1,本实施例描述的是服务器的处理流程,本实施例提供的身份验证方法包括以下步骤:Please refer to FIG. 4 , which is a flow chart of an identity verification method provided by an embodiment of the present invention. In conjunction with FIG. 1, what this embodiment describes is the processing flow of the server, and the identity verification method provided by this embodiment includes the following steps:
步骤S11,服务器接收用户终端发送的验证码拉取请求。In step S11, the server receives the verification code pull request sent by the user terminal.
于此步骤中,用户终端可以向预先配置的服务器,例如可以为一个网页地址,发送验证码拉取请求,以获取验证码。具体的,验证码拉取请求中可以携带有页面标识(checkcode),页面标识用于标识一个唯一的页面,例如可以是一个数字,每次刷新页面时页面标识都会变化,与验证码拉取请求具有对应关系。In this step, the user terminal may send a verification code pull request to a pre-configured server, for example, a webpage address, to obtain the verification code. Specifically, the verification code pull request can carry a page identifier (checkcode). The page identifier is used to identify a unique page. For example, it can be a number. The page identifier will change every time the page is refreshed. It is different from the verification code pull request. have a corresponding relationship.
步骤S12,根据所述验证码拉取请求,随机抽取一个验证码背景图片以及与所抽取的验证码背景图片对应的子图片,所述验证码背景图片中包括与所述子图片对应的空缺区域。Step S12, according to the verification code pull request, randomly extract a verification code background picture and a sub-picture corresponding to the extracted verification code background picture, and the verification code background picture includes a vacant area corresponding to the sub-picture .
服务器在接收到用户终端发送的验证码拉取请求后,可以从验证码数据库中随机抽取一个验证码背景图片以及与所抽取的验证码背景图片对应的子图片。After receiving the verification code pull request sent by the user terminal, the server may randomly extract a verification code background picture and a sub-picture corresponding to the extracted verification code background picture from the verification code database.
验证码数据库中存放有预先生成的验证码背景图片以及子图片。每个验证码背景图片都有与其对应的一个或多个子图片,每个验证码背景图片中都具有与子图片对应的空缺区域,当子图片按照预定的位置以及预定的旋转角度拼接在验证码背景图片的空缺区域时,可以构成一个完整的图片。The verification code database stores pre-generated verification code background pictures and sub-pictures. Each verification code background picture has one or more sub-pictures corresponding to it, and each verification code background picture has a vacant area corresponding to the sub-picture. When the vacant area of the background image is filled, a complete image can be formed.
请参照图5,验证码背景图片以及子图片的生成过程可以包括以下步骤:Referring to Figure 5, the generation process of the captcha background image and sub-image may include the following steps:
步骤S101,选取背景图片库中的图片,由所述图片切割至少一张子图片,所述图片被切割子图片后剩余的部分形成所述验证码背景图片,所述验证码背景图片中被切割的区域形成所述空缺区域。Step S101, select a picture in the background picture library, cut at least one sub-picture from the picture, and the remaining part of the picture after the sub-picture is cut forms the background picture of the verification code, and the background picture of the verification code is cut The region of forms the vacant region.
背景图片库可以是事先建立好的,设置在服务器中。本发明实施例对验证码背景图片的具体内容不需要具有很强的类别辨识度,直接使用自然界中采集的图片即可,例如风景、动物、建筑等,背景图片库中的图片可以由服务器直接从互联网上获取,资源非常丰富,因此,背景图片库的图片数量很容易达到一定的规模,可以增加人工收集图片作为破解题库的难度。背景图片库中的图片也可以是由广告图片发布服务器上获取的广告图片,由此,当用户按照预定的位置以及预定的旋转角度将子图片拼接在验证码背景图片的空缺区域时,可以看到一个完整的广告图片,从而可以利用验证码来进行产品推广等服务。The background picture library can be established in advance and set in the server. In the embodiment of the present invention, the specific content of the verification code background picture does not need to have a strong category recognition, and the pictures collected in nature can be used directly, such as landscapes, animals, buildings, etc. The pictures in the background picture library can be directly provided by the server Obtained from the Internet, the resources are very rich. Therefore, the number of pictures in the background picture library can easily reach a certain scale, which can increase the difficulty of manually collecting pictures as a cracking question bank. The pictures in the background picture library can also be advertisement pictures obtained from the advertisement picture publishing server. Therefore, when the user stitches the sub-pictures into the vacant area of the background picture of the verification code according to the predetermined position and predetermined rotation angle, you can see To a complete advertising picture, so that the verification code can be used for product promotion and other services.
由背景图片库中选取出图片后,服务器可以由所述图片切割一张或多张(两张或两张以上)子图片,所述图片被切割子图片后剩余的部分形成所述验证码背景图片,所述验证码背景图片中被切割的区域形成所述空缺区域。After the picture is selected from the background picture library, the server can cut one or more (two or more) sub-pictures from the picture, and the remaining part of the picture after the sub-picture is cut forms the verification code background picture, the cut area in the verification code background picture forms the vacant area.
当由所述图片切割出多张子图片时,所述多张子图片优选的具有相同大小和形状。When multiple sub-pictures are cut out from the picture, the multiple sub-pictures preferably have the same size and shape.
以图6为例,图6中的风景图片是被选取的图片,服务器由该风景图片上切割出4张大小相同的圆形的子图片,原图片中空白的区域即为空缺区域。Taking Figure 6 as an example, the landscape picture in Figure 6 is a selected picture, and the server cuts out four circular sub-pictures of the same size from the landscape picture, and the blank area in the original picture is the vacant area.
切割图片可以从图片的任意位置开始,切割的形状可以包括圆形、方形、多边形等具有多个对称轴的形状,这样不容被机器或人工恶意破解。Cutting pictures can start from any position in the picture, and the cutting shapes can include circles, squares, polygons and other shapes with multiple symmetry axes, which cannot be maliciously cracked by machines or humans.
步骤S102,将切割出的子图片进行随机角度的旋转,根据所旋转的角度计算与所述子图片对应的所述预定的旋转角度。Step S102 , rotating the cut sub-picture by a random angle, and calculating the predetermined rotation angle corresponding to the sub-picture according to the rotated angle.
将切割出的子图片进行随机角度的旋转可以进一步增加破解难度。以现有的计算机发展水平,直接辨认出图片的目标位置和角度是比较困难的,破解难度与可选目标空缺区域的个数a和子图片的旋转角度b相关,破解难度=1/(a!*ba)。即时收集了图片,由于切割图片的位置和角度都是随机的,因此如果想通过人工收集验证码背景图片以及子图片的位置和角度作为破解题库,基本上是非常困难的,因此,具有很强的抗破解能力。Rotating the cut sub-pictures at random angles can further increase the difficulty of cracking. With the current level of computer development, it is difficult to directly identify the target position and angle of the picture. The difficulty of cracking is related to the number a of optional target vacant areas and the rotation angle b of the sub-picture. The difficulty of cracking=1/(a! *b a ). Immediately collect the pictures, because the positions and angles of the cut pictures are random, so it is basically very difficult to manually collect the background pictures of the verification code and the positions and angles of the sub-pictures as the cracking question bank, so it has a strong anti-cracking ability.
根据子图片所旋转的角度可以计算出与子图片对应的预定的旋转角度。假设子图片为圆形图片,被旋转了50度,当其被反方向旋转50度或者再旋转310度才可以将子图片正确的拼接在验证码背景图片中。也就是说,假设某子图片在生成时被旋转了x度,其预定的旋转角度可以为(-x±n*360)度或者(360-x±n*360)度,其中,n为自然数。A predetermined rotation angle corresponding to the sub-picture can be calculated according to the angle at which the sub-picture is rotated. Assuming that the sub-picture is a circular picture, which is rotated by 50 degrees, the sub-picture can be correctly stitched into the verification code background picture when it is rotated by 50 degrees in the opposite direction or rotated by 310 degrees. That is to say, assuming that a sub-picture is rotated by x degrees when it is generated, its predetermined rotation angle can be (-x±n*360) degrees or (360-x±n*360) degrees, where n is a natural number .
步骤S103,保存所述验证码背景图片以及旋转后的子图片,生成对应关系表,所述对应关系表包括:所述子图片的编号、预定的旋转角度以及目标空缺区域的序号之间的对应关系,其中,目标空缺区域所在的位置为所述预定的位置;或者包括:所述子图片在所述验证码背景图片中的预定位置、预定的旋转角度以及目标空缺区域的序号之间的对应关系,其中,所述子图片在所述验证码背景图片中的预定位置与所述子图片对应的目标空缺区域所在的位置之间的误差在预定范围内。Step S103, save the verification code background picture and the rotated sub-picture, and generate a correspondence table, the correspondence table includes: the correspondence between the number of the sub-picture, the predetermined rotation angle, and the sequence number of the target vacant area relationship, wherein the position of the target vacant area is the predetermined position; or includes: the correspondence between the predetermined position of the sub-picture in the verification code background picture, the predetermined rotation angle, and the sequence number of the target vacant area relationship, wherein the error between the predetermined position of the sub-picture in the verification code background picture and the position of the target blank area corresponding to the sub-picture is within a predetermined range.
在一种实施方式中,对应关系表可以包括:所述子图片的编号、预定的旋转角度以及目标空缺区域的序号之间的对应关系,其中,目标空缺区域所在的位置为所述预定的位置。假设一个验证码背景图片对应多张子图片,多张子图片各自对应的编号s=(s1,s2,…,sn),多张子图片对应的预定的旋转角度a=(a1,a2,…,am),验证码背景图片中的空缺区域的序号为t1,t2,…tn。正确的验证码答案可以是指定顺序的(s,a)组合,指定顺序指的是子图片正确拼接在序号依次为t1,t2,..tn的空缺区域的顺序。例如,子图片为s1,s2,s3,s4,s1对应的预定旋转角度为a1,s2对应的预定旋转角度为a2,s3对应的预定旋转角度为a3,s4对应的预定旋转角度为a4,验证码背景图片中的空缺区域的序号为t1,t2,t3,t4。假设按照正确的答案,拼接在t1位置的子图片是s2,拼接在t2位置的子图片为s1,拼接在t3位置的子图片为s4,拼接在t4位置的子图片为s3,则正确的验证码答案即为顺序为(s2,a2)、(s1,a1)、(s4,a4)、(s3,a3)的组合。In one embodiment, the correspondence table may include: the correspondence between the number of the sub-picture, the predetermined rotation angle, and the sequence number of the target blank area, where the position of the target blank area is the predetermined position . Suppose a verification code background picture corresponds to multiple sub-pictures, the number s=(s1,s2,...,sn) corresponding to each of the multiple sub-pictures, and the predetermined rotation angle a=(a1,a2,... ,am), the serial numbers of the vacant areas in the verification code background image are t1, t2,...tn. The correct verification code answer can be a combination of (s, a) in a specified order, and the specified order refers to the order in which the sub-pictures are correctly spliced in the vacant areas with sequence numbers t1, t2, ..tn. For example, the sub-pictures are s1, s2, s3, s4, the predetermined rotation angle corresponding to s1 is a1, the predetermined rotation angle corresponding to s2 is a2, the predetermined rotation angle corresponding to s3 is a3, and the predetermined rotation angle corresponding to s4 is a4, verify The sequence numbers of the vacant areas in the code background picture are t1, t2, t3, t4. Assuming that according to the correct answer, the sub-picture spliced at t1 is s2, the sub-picture spliced at t2 is s1, the sub-picture spliced at t3 is s4, and the sub-picture spliced at t4 is s3, then the correct verification The code answer is the combination of (s2, a2), (s1, a1), (s4, a4), (s3, a3) in order.
在另一种实施方式中,包括:所述子图片在所述验证码背景图片中的预定位置、预定的旋转角度以及目标空缺区域的序号之间的对应关系,其中,所述子图片在所述验证码背景图片中的预定位置与所述子图片对应的目标空缺区域所在的位置之间允许一定的误差,其误差范围例如可以为5%。以子图片在所述验证码背景图片中的预定位置代替子图片的编号,可以提高破解的门槛,因为在一个验证码中,子图片的数量是有限的,也就是编号是有限的,但是,子图片在验证码背景图片中的位置的可能性是很多的,以一张分辨率为400*500的图片为例,如果允许的误差为5%,就有19W种可能,因此可以大幅度提高抗破解能力。In another embodiment, it includes: the correspondence between the predetermined position of the sub-picture in the background picture of the verification code, the predetermined rotation angle, and the sequence number of the target vacant area, wherein the sub-picture is in the A certain error is allowed between the predetermined position in the verification code background picture and the position of the target blank area corresponding to the sub-picture, and the error range may be 5%, for example. Replacing the number of the sub-picture with the predetermined position of the sub-picture in the background picture of the verification code can increase the threshold for cracking, because in a verification code, the number of sub-pictures is limited, that is, the number is limited, but, There are many possibilities for the position of the sub-picture in the verification code background picture. Taking a picture with a resolution of 400*500 as an example, if the allowable error is 5%, there are 190,000 possibilities, so it can be greatly improved. Anti-cracking ability.
假设一个验证码背景图片对应多张子图片,多张子图片各自在验证码背景图片中的预定位置p=((x1,y1),(x2,y2),…,(xn,yn)),多张子图片对应的预定的旋转角度a=(a1,a2,…,am),验证码背景图片中的空缺区域的序号为t1,t2,…tn。正确的验证码答案可以是(p,s,a)数组。例如,子图片对应的预定位置为p1,p2,p3,p4,p1对应的预定旋转角度为a1,p2对应的预定旋转角度为a2,p3对应的预定旋转角度为a3,p4对应的预定旋转角度为a4,验证码背景图片中的空缺区域的序号为t1,t2,t3,t4。假设按照正确的答案,拼接在t1位置的子图片是s2,拼接在t2位置的子图片为s1,拼接在t3位置的子图片为s4,拼接在t4位置的子图片为s3,则正确的验证码答案即为(p2,t1,a2)、(p1,t2,a1)、(p4,t3,a4)、(p3,t4,a3)的组合。所述服务器将所抽取的验证码背景图片以及子图片下发给所述用户终端的同时还可以将所述子图片的编号或者所述子图片在所述验证码背景图片中的预定位置下发给所述用户终端Assuming that a verification code background picture corresponds to multiple sub-pictures, and the predetermined positions of the multiple sub-pictures in the verification code background picture are p=((x1,y1),(x2,y2),...,(xn,yn)), The predetermined rotation angle a=(a1, a2,...,am) corresponding to the multiple sub-pictures, and the sequence numbers of the vacant areas in the verification code background picture are t1, t2,...tn. The correct captcha answer can be a (p, s, a) array. For example, the predetermined positions corresponding to sub-pictures are p1, p2, p3, p4, the predetermined rotation angle corresponding to p1 is a1, the predetermined rotation angle corresponding to p2 is a2, the predetermined rotation angle corresponding to p3 is a3, and the predetermined rotation angle corresponding to p4 is a4, and the serial numbers of the vacant areas in the verification code background image are t1, t2, t3, t4. Assuming that according to the correct answer, the sub-picture spliced at t1 is s2, the sub-picture spliced at t2 is s1, the sub-picture spliced at t3 is s4, and the sub-picture spliced at t4 is s3, then the correct verification The code answer is the combination of (p2, t1, a2), (p1, t2, a1), (p4, t3, a4), (p3, t4, a3). When the server sends the extracted verification code background picture and sub-picture to the user terminal, it may also send the number of the sub-picture or the predetermined position of the sub-picture in the verification code background picture to the user terminal. to the user terminal
步骤S13,将所抽取的验证码背景图片以及子图片下发给所述用户终端,以使所述用户终端将所述验证码背景图片以及子图片展示给用户。Step S13, sending the extracted verification code background picture and sub-picture to the user terminal, so that the user terminal displays the verification code background picture and sub-picture to the user.
进一步的,所述服务器还下发给所述用户终端验证提示信息,用以提示用户将子图片通过移动和旋转拼接在所述验证码背景图片的空缺区域。当然,该提示信息也可以由用户终端生成并展示,本发明的具体实施方式并不以此为限。Further, the server also sends verification prompt information to the user terminal to prompt the user to move and rotate sub-pictures to the vacant area of the verification code background picture. Certainly, the prompt information may also be generated and displayed by the user terminal, and the specific implementation manner of the present invention is not limited thereto.
步骤S14,接收所述用户终端返回的、根据所述用户的指令进行拼接的验证码背景图片与子图片的拼接图片,当所述子图片按照预定的位置以及预定的旋转角度拼接在所述验证码背景图片的空缺区域时,验证结果为通过。Step S14, receiving the mosaic picture of the verification code background picture and sub-picture returned by the user terminal and spliced according to the user's instruction. When the vacant area of the background image is coded, the verification result is passed.
具体的,当服务器接收到用户终端返回的验证码背景图片与子图片的拼接图片时,同时还接收用户终端返回的验证码背景图片与子图片的拼接图片、所述子图片的编号、所述子图片实际被拼接在所述验证码背景图片中的空缺区域的序号以及在拼接时所述子图片被旋转的角度,或者所述用户终端返回的验证码背景图片与子图片的拼接图片、所述子图片在所述验证码背景图片中的预定位置、所述子图片实际被拼接在所述验证码背景图片中的位置以及在拼接时所述子图片被旋转的角度。Specifically, when the server receives the spliced picture of the verification code background picture and the sub-picture returned by the user terminal, it also receives the spliced picture of the verification code background picture and the sub-picture returned by the user terminal, the number of the sub-picture, the The number of the vacant area where the sub-picture is actually spliced in the background picture of the verification code and the angle at which the sub-picture is rotated during splicing, or the spliced picture of the background picture of the verification code and the sub-picture returned by the user terminal, the The predetermined position of the sub-picture in the verification code background picture, the position where the sub-picture is actually spliced in the verification code background picture, and the angle at which the sub-picture is rotated during splicing.
根据所述子图片的编号或者所述子图片在所述验证码背景图片中的预定位置,查找所述对应关系表,根据所述对应关系表判断所述子图片是否按照预定的位置以及预定的旋转角度拼接在所述空缺区域,如果是,则验证结果为通过,如果不是,则验证结果为不通过。According to the number of the sub-picture or the predetermined position of the sub-picture in the background picture of the verification code, look up the corresponding relationship table, and judge whether the sub-picture is according to the predetermined position and the predetermined position according to the corresponding relationship table If the rotation angle is spliced in the vacant area, the verification result is passed, and if not, the verification result is failed.
服务器还可以将验证结果返回用户终端展示给用户。The server can also return the verification result to the user terminal for display to the user.
本发明实施例中,验证码背景图片的具体内容不需要具有很强的类别辨识度,可以由服务器直接从互联网上获取,资源非常丰富,不需要人工进行分类,可以降低成本,另外也可以增加人工收集图片作为破解题库的难度;充分利用了人类对图片内容理解的先天优势,用户根据对验证码背景图片以及子图片中内容的关联关系的认识对子图片进行正确的摆放,由于机器在对图片内容的理解以及子图片被旋转后与背景图片之间的关联关系的认识这两方面都存在很大的困难,因此大大增加了机器破解验证码的难度,安全性高;相对于点选验证码来说,不需要用户根据问题对图片进行类别辨识,提供了空缺区域供用户选择,降低了用户的使用门槛。也就是说本发明在不影响用户体验的前提下可以大大提高验证码的抗破解力,有效的提高了用户验证的安全性。In the embodiment of the present invention, the specific content of the verification code background picture does not need to have a strong category recognition, and can be obtained directly from the Internet by the server. The resources are very rich, no manual classification is required, the cost can be reduced, and the cost can also be increased. The difficulty of manually collecting pictures as a solution to the question bank; making full use of the inherent advantages of human beings in understanding the content of pictures, the user can correctly place the sub-pictures based on the knowledge of the background picture of the verification code and the relationship between the contents of the sub-pictures. There are great difficulties in understanding the content of the picture and the relationship between the rotated sub-picture and the background picture, which greatly increases the difficulty of cracking the verification code by the machine and has high security; For verification codes, users are not required to identify the category of pictures according to the question, and a blank area is provided for users to choose, which lowers the threshold for users to use. That is to say, the present invention can greatly improve the cracking resistance of the verification code without affecting the user experience, and effectively improve the security of user verification.
图7为本发明实施例中的另一种身份验证方法的流程示意图。请结合图1,该实施例描述的是用户终端的处理流程,本实施例中的身份验证方法包括:FIG. 7 is a schematic flowchart of another identity verification method in an embodiment of the present invention. Please refer to FIG. 1, this embodiment describes the processing flow of the user terminal, and the identity verification method in this embodiment includes:
步骤S21,用户终端向服务器发送验证码拉取请求。In step S21, the user terminal sends a verification code pull request to the server.
步骤S22,接收并展示所述服务器下发的验证码背景图片以及子图片,所述验证码背景图片包括与所述子图片对应的空缺区域。Step S22, receiving and displaying the verification code background picture and the sub-picture issued by the server, the verification code background picture including the vacant area corresponding to the sub-picture.
所述用户终端还可以接收并展示所述服务器下发的验证提示信息,用以提示用户将子图片通过移动和旋转拼接在所述验证码背景图片的空缺区域。The user terminal may also receive and display verification prompt information issued by the server, to prompt the user to splice sub-pictures in the vacant area of the verification code background picture by moving and rotating.
步骤S23,根据所述用户的指令将所述子图片与所述验证码背景图片进行拼接,所述用户的指令中包括所述子图片旋转的角度、以及移动的路径或移动的目标位置。Step S23, splicing the sub-picture with the verification code background picture according to the user's instruction, the user's instruction includes the rotation angle of the sub-picture, and the moving path or moving target position.
所述用户的指令可以包括所述用户通过手势输入、语音输入、或字符串输入等方式输入给所述用户终端的指令。The user's instruction may include an instruction input by the user to the user terminal through gesture input, voice input, or character string input.
以手势输入为例,用户终端可以响应于所述用户对所述子图片的拖动操作、或者响应于所述用户对所述子图片的拖动以及旋转操作,将所述子图片拼接在所述验证码背景图片中。用户终端在响应用户对子图片的拖动及旋转操作的过程中可以得到子图片旋转的角度、以及移动的路径或移动的目标位置。Taking gesture input as an example, the user terminal may splice the sub-pictures on the In the verification code background image described above. During the process of responding to the user's dragging and rotating operations on the sub-picture, the user terminal can obtain the rotation angle of the sub-picture, the moving path or the moving target position.
以语音输入为例,用户可以语音输入图片旋转的角度以及移动的路径或移动的目标位置,例如顺时针旋转九十度,移动至第一个空缺区域等,用户终端接收到上述语音信号后将其转变为数字信号,并根据数字信息对子图片进行响应的操作。Taking voice input as an example, the user can voice input the rotation angle of the picture, the moving path or the moving target position, such as rotating 90 degrees clockwise, moving to the first vacant area, etc. After receiving the above voice signal, the user terminal will It is converted into a digital signal, and the sub-picture is responded to according to the digital information.
用户还可以直接输入“顺时针旋转九十度,移动至第一个空缺区域”等指令。Users can also directly input commands such as "rotate 90 degrees clockwise and move to the first vacant area".
步骤S24,将验证码背景图片与子图片的拼接图片发送给所述服务器进行验证,当所述子图片按照预定的位置以及预定的旋转角度拼接在所述空缺区域时,验证结果为通过。Step S24, sending the spliced image of the verification code background image and the sub-picture to the server for verification, and when the sub-picture is spliced in the vacant area according to the predetermined position and the predetermined rotation angle, the verification result is passed.
相对于现有技术,本发明实施例中,验证码背景图片的具体内容不需要具有很强的类别辨识度,可以由服务器直接从互联网上获取,资源非常丰富,不需要人工进行分类,可以降低成本,另外也可以增加人工收集图片作为破解题库的难度;充分利用了人类对图片内容理解的先天优势,用户根据对验证码背景图片以及子图片中内容的关联关系的认识对子图片进行正确的摆放,由于机器在对图片内容的理解以及子图片被旋转后与背景图片之间的关联关系的认识这两方面都存在很大的困难,因此大大增加了机器破解验证码的难度,安全性高;相对于点选验证码来说,不需要用户根据问题对图片进行类别辨识,提供了空缺区域供用户选择,降低了用户的使用门槛。也就是说本发明在不影响用户体验的前提下可以大大提高验证码的抗破解力,有效的提高了用户验证的安全性。Compared with the prior art, in the embodiment of the present invention, the specific content of the background picture of the verification code does not need to have a strong category recognition, and can be obtained directly from the Internet by the server. The resources are very rich, and manual classification is not required, which can reduce the In addition, it can also increase the difficulty of manually collecting pictures as a solution to the question bank; making full use of the innate advantages of human beings in understanding the content of pictures, users can correctly correct the sub-pictures based on the knowledge of the background picture of the verification code and the relationship between the contents of the sub-pictures. Placement, because the machine has great difficulties in understanding the content of the picture and the recognition of the relationship between the rotated sub-picture and the background picture, so it greatly increases the difficulty of the machine to crack the verification code, security High; compared to clicking the verification code, users do not need to identify the category of the picture according to the question, and provide a blank area for users to choose, which reduces the user's threshold for use. That is to say, the present invention can greatly improve the cracking resistance of the verification code without affecting the user experience, and effectively improve the security of user verification.
请参阅图8,所示为本发明实施例提供的又一种身份验证方法的流程图。结合图1,该实施例描述的是用户终端与服务器之间的交互处理流程。本实施例将具体以点选验证码为例对本发明进行说明。本实施例中的身份验证方法可以包括:Please refer to FIG. 8 , which is a flow chart of another identity verification method provided by an embodiment of the present invention. With reference to FIG. 1 , this embodiment describes the interaction processing flow between the user terminal and the server. In this embodiment, the present invention will be described specifically by taking the verification code selected as an example. The authentication methods in this embodiment may include:
步骤S301,服务器选取背景图片库中的图片,由所述图片切割至少一张子图片,所述图片被切割子图片后剩余的部分形成所述验证码背景图片,所述验证码背景图片中被切割的区域形成所述空缺区域。Step S301, the server selects a picture in the background picture library, cuts at least one sub-picture from the picture, and the remaining part of the picture after cutting the sub-picture forms the background picture of the verification code, in which the background picture of the verification code is The cut area forms the void area.
步骤S302,服务器将切割出的子图片进行随机角度的旋转,根据所旋转的角度计算与所述子图片对应的所述预定的旋转角度。In step S302, the server rotates the cut sub-picture by a random angle, and calculates the predetermined rotation angle corresponding to the sub-picture according to the rotated angle.
步骤S303,服务器保存所述验证码背景图片以及旋转后的子图片,生成对应关系表,所述对应关系表包括:所述子图片的编号、预定的旋转角度以及目标空缺区域的序号之间的对应关系,其中,目标空缺区域所在的位置为所述预定的位置。Step S303, the server saves the verification code background picture and the rotated sub-picture, and generates a correspondence table, which includes: the number of the sub-picture, the predetermined rotation angle, and the sequence number of the target vacant area. The corresponding relationship, wherein, the position where the target vacant area is located is the predetermined position.
步骤S304,用户终端向服务器发送验证码拉取请求。Step S304, the user terminal sends a verification code pull request to the server.
步骤S305,服务器根据所述验证码拉取请求,随机抽取一个验证码背景图片以及与所抽取的验证码背景图片对应的子图片,所述验证码背景图片中包括与所述子图片对应的空缺区域。Step S305, the server randomly extracts a verification code background picture and a sub-picture corresponding to the extracted verification code background picture according to the verification code pull request, and the verification code background picture includes a vacancy corresponding to the sub-picture area.
步骤S306,服务器将所抽取的验证码背景图片以及子图片下发给所述用户终端,以使所述用户终端将所述验证码背景图片以及子图片展示给用户。Step S306, the server sends the extracted verification code background picture and sub-picture to the user terminal, so that the user terminal displays the verification code background picture and sub-picture to the user.
步骤S307,用户终端接收并展示所述服务器下发的验证码背景图片以及子图片,并提示用户将子图片通过移动和旋转拼接在所述验证码背景图片的空缺区域。Step S307, the user terminal receives and displays the verification code background picture and sub-picture issued by the server, and prompts the user to splice the sub-picture into the vacant area of the verification code background picture by moving and rotating.
步骤S308,用户终端根据所述用户的指令将所述子图片与所述验证码背景图片进行拼接,所述用户的指令中包括所述子图片旋转的角度、以及移动的路径或移动的目标位置。Step S308, the user terminal splices the sub-picture with the verification code background picture according to the user's instruction, the user's instruction includes the rotation angle of the sub-picture, and the moving path or moving target position .
步骤S309,用户终端将验证码背景图片与子图片的拼接图片、所述子图片的编号、所述子图片实际被拼接在所述验证码背景图片中的空缺区域的序号以及在拼接时所述子图片被旋转的角度发送给所述服务器进行验证。Step S309, the user terminal stitches the verification code background picture and the sub-picture, the number of the sub-picture, the serial number of the vacant area where the sub-picture is actually spliced in the verification code background picture, and the The rotated angle of the sub-picture is sent to the server for verification.
步骤S310,服务器根据所述子图片的编号,查找所述对应关系表,根据所述对应关系表判断所述子图片是否按照预定的位置以及预定的旋转角度拼接在所述空缺区域,如果是,则验证结果为通过,如果不是,则验证结果为不通过。Step S310, the server searches the correspondence table according to the number of the sub-picture, and judges according to the correspondence table whether the sub-picture is spliced in the vacant area according to a predetermined position and a predetermined rotation angle, if yes, Then the verification result is pass, if not, the verification result is fail.
步骤S311,服务器将验证结果返回用户终端展示给用户。In step S311, the server returns the verification result to the user terminal and presents it to the user.
本发明实施例中,验证码背景图片的具体内容不需要具有很强的类别辨识度,可以由服务器直接从互联网上获取,资源非常丰富,不需要人工进行分类,可以降低成本,另外也可以增加人工收集图片作为破解题库的难度;充分利用了人类对图片内容理解的先天优势,用户根据对验证码背景图片以及子图片中内容的关联关系的认识对子图片进行正确的摆放,由于机器在对图片内容的理解以及子图片被旋转后与背景图片之间的关联关系的认识这两方面都存在很大的困难,因此大大增加了机器破解验证码的难度,安全性高;相对于点选验证码来说,不需要用户根据问题对图片进行类别辨识,提供了空缺区域供用户选择,降低了用户的使用门槛。也就是说本发明在不影响用户体验的前提下可以大大提高验证码的抗破解力,有效的提高了用户验证的安全性。In the embodiment of the present invention, the specific content of the verification code background picture does not need to have a strong category recognition, and can be obtained directly from the Internet by the server. The resources are very rich, no manual classification is required, the cost can be reduced, and the cost can also be increased. The difficulty of manually collecting pictures as a solution to the question bank; making full use of the inherent advantages of human beings in understanding the content of pictures, the user can correctly place the sub-pictures based on the knowledge of the background picture of the verification code and the relationship between the contents of the sub-pictures. There are great difficulties in understanding the content of the picture and the relationship between the rotated sub-picture and the background picture, which greatly increases the difficulty of cracking the verification code by the machine and has high security; For verification codes, users are not required to identify the category of pictures according to the question, and a blank area is provided for users to choose, which lowers the threshold for users to use. That is to say, the present invention can greatly improve the cracking resistance of the verification code without affecting the user experience, and effectively improve the security of user verification.
图9为本发明实施例提供的一种身份验证装置的结构示意图。请参照图9,本实施例提出的装置可运行于服务器,用于上述实施例提出的身份验证方法,本实施例中的装置40可以包括:Fig. 9 is a schematic structural diagram of an identity verification device provided by an embodiment of the present invention. Please refer to FIG. 9, the device proposed in this embodiment can run on a server, and is used for the identity verification method proposed in the above embodiment. The device 40 in this embodiment may include:
请求接收模块41,用于接收用户终端发送的验证码拉取请求;The request receiving module 41 is used to receive the verification code pull request sent by the user terminal;
图片抽取模块42,用于根据所述验证码拉取请求,随机抽取一个验证码背景图片以及与所抽取的验证码背景图片对应的子图片,所述验证码背景图片中包括与所述子图片对应的空缺区域;The picture extraction module 42 is used to randomly extract a verification code background picture and a sub-picture corresponding to the extracted verification code background picture according to the verification code pull request, and the verification code background picture includes the sub-picture the corresponding vacant area;
图片下发模块43,用于将所抽取的验证码背景图片以及子图片下发给所述用户终端,以使所述用户终端将所述验证码背景图片以及子图片展示给用户;以及The image sending module 43 is configured to send the extracted verification code background image and sub-image to the user terminal, so that the user terminal displays the verification code background image and sub-image to the user; and
身份验证模块44,用于接收所述用户终端返回的、根据所述用户的指令进行拼接的验证码背景图片与子图片的拼接图片,当所述子图片按照预定的位置以及预定的旋转角度拼接在所述验证码背景图片的空缺区域时,验证结果为通过。The identity verification module 44 is configured to receive the spliced picture of the verification code background picture and the sub-picture returned by the user terminal and spliced according to the user's instruction, when the sub-picture is spliced according to a predetermined position and a predetermined rotation angle When it is in the vacant area of the verification code background image, the verification result is passed.
进一步的,所述图片下发模块43还可以用于下发验证提示信息给所述用户终端,用以提示用户将子图片通过移动和旋转拼接在所述验证码背景图片的空缺区域。Further, the picture sending module 43 can also be used to send verification prompt information to the user terminal, so as to prompt the user to splice sub-pictures into the vacant area of the verification code background picture by moving and rotating.
所述图片下发模块43还用于将所抽取的验证码背景图片以及子图片下发给所述用户终端时还将所述子图片的编号或者所述子图片在所述验证码背景图片中的预定位置下发给所述用户终端。The picture sending module 43 is also used to include the number of the sub-picture or the sub-picture in the background picture of the verification code when sending the extracted verification code background picture and sub-picture to the user terminal The predetermined location of is issued to the user terminal.
进一步的,请参照图10,所述身份验证模块44可以包括:Further, referring to FIG. 10, the identity verification module 44 may include:
接收单元441,用于接收所述用户终端返回的验证码背景图片与子图片的拼接图片、所述子图片的编号、所述子图片实际被拼接在所述验证码背景图片中的空缺区域的序号以及在拼接时所述子图片被旋转的角度,或者所述用户终端返回的验证码背景图片与子图片的拼接图片、所述子图片在所述验证码背景图片中的预定位置、所述子图片实际被拼接在所述验证码背景图片中的位置以及在拼接时所述子图片被旋转的角度;The receiving unit 441 is configured to receive the mosaic picture of the background picture of the verification code and the sub-picture returned by the user terminal, the number of the sub-picture, and the number of the vacant area where the sub-picture is actually spliced in the background picture of the verification code. The serial number and the angle at which the sub-picture is rotated during splicing, or the spliced picture of the verification code background picture and the sub-picture returned by the user terminal, the predetermined position of the sub-picture in the verification code background picture, the The position where the sub-picture is actually spliced in the verification code background picture and the angle at which the sub-picture is rotated during splicing;
验证单元442,用于根据所述子图片的编号,查找所述对应关系表,根据所述对应关系表判断所述子图片是否按照预定的位置以及预定的旋转角度拼接在所述空缺区域,如果是,则验证结果为通过,如果不是,则验证结果为不通过。The verification unit 442 is configured to search the correspondence table according to the number of the sub-picture, and judge whether the sub-picture is spliced in the vacant area according to the predetermined position and predetermined rotation angle according to the correspondence table, if If yes, the verification result is pass; if not, the verification result is fail.
进一步的,所述装置还可以包括验证码生成模块45,请参照图11,验证码生成模块45可以包括:Further, the device may also include a verification code generation module 45, please refer to FIG. 11, the verification code generation module 45 may include:
生成单元451,用于选取背景图片库中的图片,由所述图片切割至少一张子图片,所述图片被切割子图片后剩余的部分形成所述验证码背景图片,所述验证码背景图片中被切割的区域形成所述空缺区域;The generation unit 451 is used to select a picture in the background picture library, cut at least one sub-picture from the picture, and the remaining part of the picture after the sub-picture is cut forms the background picture of the verification code, and the background picture of the verification code The cut region forms the vacant region;
计算单元452,用于将切割出的子图片进行随机角度的旋转,根据所旋转的角度计算与所述子图片对应的所述预定的旋转角度;A calculation unit 452, configured to rotate the cut sub-picture by a random angle, and calculate the predetermined rotation angle corresponding to the sub-picture according to the rotated angle;
保存单元453,用于保存所述验证码背景图片以及旋转后的子图片,生成对应关系表,所述对应关系表包括:所述子图片的编号、预定的旋转角度以及目标空缺区域的序号之间的对应关系,其中,目标空缺区域所在的位置为所述预定的位置;或者包括:所述子图片在所述验证码背景图片中的预定位置、预定的旋转角度以及目标空缺区域的序号之间的对应关系。The saving unit 453 is configured to save the verification code background picture and the rotated sub-picture, and generate a correspondence table, the correspondence table including: one of the number of the sub-picture, the predetermined rotation angle, and the sequence number of the target vacant area. The corresponding relationship between, wherein, the position of the target vacant area is the predetermined position; or includes: the predetermined position of the sub-picture in the background picture of the verification code, the predetermined rotation angle, and the sequence number of the target vacant area Correspondence between.
所述生成单元451可以由所述图片切割多张子图片,所述多张子图片具有相同大小和形状。The generation unit 451 may divide the picture into multiple sub-pictures, and the multiple sub-pictures have the same size and shape.
以上各模块可以是由软件代码实现,此时,上述的各模块可存储于服务器的存储器内。以上各模块同样可以由硬件例如集成电路芯片实现。Each of the above modules may be realized by software codes, and at this time, each of the above modules may be stored in the memory of the server. Each of the above modules can also be realized by hardware such as an integrated circuit chip.
需要说明的是,本发明实施例的服务器的各功能模块的功能可根据上述方法实施例中的方法具体实现,其具体实现过程可以参照上述方法实施例的相关描述,在此不赘述。It should be noted that the functions of each functional module of the server in the embodiment of the present invention can be specifically implemented according to the method in the above method embodiment, and the specific implementation process can refer to the relevant description of the above method embodiment, and details are not repeated here.
需要说明的是,上述实施例中的模块可以运行于一个总的服务器也可以运行于多个服务器,例如,可以由原图存储服务器来存储图库,由验证码生成服务器来生成验证码背景图片以及子图片、由验证服务器来下发验证背景图片以及对应子图片并对用户身份进行验证,等等。服务器的数量以及缓冲区的设置还根据具体的实施场景以及实施条件进行变化,这样的变化并不影响本发明的保护范围。It should be noted that the modules in the above embodiments can run on one general server or multiple servers. For example, the original image storage server can store the gallery, and the verification code generation server can generate the verification code background image and sub-picture, the verification server sends the verification background picture and the corresponding sub-picture to verify the user's identity, and so on. The number of servers and the setting of the buffer zone also change according to specific implementation scenarios and implementation conditions, and such changes do not affect the scope of protection of the present invention.
本发明实施例中,验证码背景图片的具体内容不需要具有很强的类别辨识度,可以由服务器直接从互联网上获取,资源非常丰富,不需要人工进行分类,可以降低成本,另外也可以增加人工收集图片作为破解题库的难度;充分利用了人类对图片内容理解的先天优势,用户根据对验证码背景图片以及子图片中内容的关联关系的认识对子图片进行正确的摆放,由于机器在对图片内容的理解以及子图片被旋转后与背景图片之间的关联关系的认识这两方面都存在很大的困难,因此大大增加了机器破解验证码的难度,安全性高;相对于点选验证码来说,不需要用户根据问题对图片进行类别辨识,提供了空缺区域供用户选择,降低了用户的使用门槛。也就是说本发明在不影响用户体验的前提下可以大大提高验证码的抗破解力,有效的提高了用户验证的安全性。In the embodiment of the present invention, the specific content of the verification code background picture does not need to have a strong category recognition, and can be obtained directly from the Internet by the server. The resources are very rich, no manual classification is required, the cost can be reduced, and the cost can also be increased. The difficulty of manually collecting pictures as a solution to the question bank; making full use of the inherent advantages of human beings in understanding the content of pictures, the user can correctly place the sub-pictures based on the knowledge of the background picture of the verification code and the relationship between the contents of the sub-pictures. There are great difficulties in understanding the content of the picture and the relationship between the rotated sub-picture and the background picture, which greatly increases the difficulty of cracking the verification code by the machine and has high security; For verification codes, users are not required to identify the category of pictures according to the question, and a blank area is provided for users to choose, which lowers the threshold for users to use. That is to say, the present invention can greatly improve the cracking resistance of the verification code without affecting the user experience, and effectively improve the security of user verification.
图12为本发明实施例提供的一种身份验证装置的结构示意图。请参照图12,本实施例提出的装置可运行于用户终端,可以用于实现上述实施例提出的身份验证方法,包括:所述装置50包括:Fig. 12 is a schematic structural diagram of an identity verification device provided by an embodiment of the present invention. Please refer to Figure 12, the device proposed in this embodiment can run on a user terminal, and can be used to implement the identity verification method proposed in the above embodiment, including: the device 50 includes:
请求发送模块51,用于向服务器发送验证码拉取请求;A request sending module 51, configured to send a verification code pull request to the server;
展示模块52,用于接收并展示所述服务器下发的验证码背景图片以及子图片,所述验证码背景图片包括与所述子图片对应的空缺区域;The display module 52 is configured to receive and display the verification code background picture and sub-picture issued by the server, the verification code background picture includes a vacant area corresponding to the sub-picture;
拼接模块53,用于根据所述用户的指令将所述子图片与所述验证码背景图片进行拼接,所述用户的指令中包括所述子图片旋转的角度、以及移动的路径或移动的目标位置;以及Stitching module 53, configured to splice the sub-picture with the verification code background picture according to the user's instruction, the user's command includes the rotation angle of the sub-picture, and the moving path or moving target location; and
验证信息发送模块54,用于将验证码背景图片与子图片的拼接图片发送给所述服务器进行验证,当所述子图片按照预定的位置以及预定的旋转角度拼接在所述空缺区域时,验证结果为通过。The verification information sending module 54 is configured to send the spliced picture of the verification code background picture and the sub-picture to the server for verification. When the sub-picture is spliced in the vacant area according to a predetermined position and a predetermined rotation angle, verification The result is pass.
进一步的,所述展示模块52还可以用于接收并展示所述服务器下发的验证提示信息,用以提示用户将子图片通过移动和旋转拼接在所述验证码背景图片的空缺区域。Further, the display module 52 can also be used to receive and display the verification prompt information issued by the server, so as to prompt the user to splice sub-pictures in the vacant area of the verification code background picture by moving and rotating.
所述用户的指令可以包括所述用户通过手势输入、语音输入、或字符串输入方式输入给所述用户终端的指令。The user's instruction may include an instruction input by the user to the user terminal through gesture input, voice input, or character string input.
在一种具体实施方式中,所述拼接模块53响应于所述用户对所述子图片的拖动操作、或者响应于所述用户对所述子图片的拖动以及旋转操作,将所述子图片拼接在所述验证码背景图片中。In a specific implementation manner, the splicing module 53 responds to the user's dragging operation on the sub-picture, or in response to the user's dragging and rotating operations on the sub-picture, the sub-picture The picture is spliced into the verification code background picture.
以上各模块可以是由软件代码实现,此时,上述的各模块可存储于服务器的存储器内。以上各模块同样可以由硬件例如集成电路芯片实现。Each of the above modules may be realized by software codes, and at this time, each of the above modules may be stored in the memory of the server. Each of the above modules can also be realized by hardware such as an integrated circuit chip.
需要说明的是,本发明实施例的服务器的各功能模块的功能可根据上述方法实施例中的方法具体实现,其具体实现过程可以参照上述方法实施例的相关描述,在此不赘述。It should be noted that the functions of each functional module of the server in the embodiment of the present invention can be specifically implemented according to the method in the above method embodiment, and the specific implementation process can refer to the relevant description of the above method embodiment, and details are not repeated here.
本发明实施例中,验证码背景图片的具体内容不需要具有很强的类别辨识度,可以由服务器直接从互联网上获取,资源非常丰富,不需要人工进行分类,可以降低成本,另外也可以增加人工收集图片作为破解题库的难度;充分利用了人类对图片内容理解的先天优势,用户根据对验证码背景图片以及子图片中内容的关联关系的认识对子图片进行正确的摆放,由于机器在对图片内容的理解以及子图片被旋转后与背景图片之间的关联关系的认识这两方面都存在很大的困难,因此大大增加了机器破解验证码的难度,安全性高;相对于点选验证码来说,不需要用户根据问题对图片进行类别辨识,提供了空缺区域供用户选择,降低了用户的使用门槛。也就是说本发明在不影响用户体验的前提下可以大大提高验证码的抗破解力,有效的提高了用户验证的安全性。In the embodiment of the present invention, the specific content of the verification code background picture does not need to have a strong category recognition, and can be obtained directly from the Internet by the server. The resources are very rich, no manual classification is required, the cost can be reduced, and the cost can also be increased. The difficulty of manually collecting pictures as a solution to the question bank; making full use of the inherent advantages of human beings in understanding the content of pictures, the user can correctly place the sub-pictures based on the knowledge of the background picture of the verification code and the relationship between the contents of the sub-pictures. There are great difficulties in understanding the content of the picture and the relationship between the rotated sub-picture and the background picture, which greatly increases the difficulty of cracking the verification code by the machine and has high security; For verification codes, users are not required to identify the category of pictures according to the question, and a blank area is provided for users to choose, which lowers the threshold for users to use. That is to say, the present invention can greatly improve the cracking resistance of the verification code without affecting the user experience, and effectively improve the security of user verification.
图13为本发明实施例中的身份验证系统的结构框图。请参照图13,本实施例提出的身份验证系统60可以用于实现上述实施例提出的身份验证方法,本实施例中的身份验证系统60可以包括:用户终端61以及服务器62。Fig. 13 is a structural block diagram of the identity verification system in the embodiment of the present invention. Referring to FIG. 13 , the identity verification system 60 proposed in this embodiment can be used to implement the identity verification method proposed in the above embodiments. The identity verification system 60 in this embodiment can include: a user terminal 61 and a server 62 .
用户终端61可以用于向服务器62发送验证码拉取请求;接收并展示所述服务器62下发的验证码背景图片以及子图片,所述验证码背景图片包括与所述子图片对应的空缺区域;根据所述用户的指令将所述子图片与所述验证码背景图片进行拼接,所述用户的指令中包括所述子图片旋转的角度、以及移动的路径或移动的目标位置;以及将验证码背景图片与子图片的拼接图片发送给所述服务器进行验证,当所述子图片按照预定的位置以及预定的旋转角度拼接在所述空缺区域时,验证结果为通过。The user terminal 61 can be used to send a verification code pull request to the server 62; receive and display the verification code background picture and sub-picture issued by the server 62, and the verification code background picture includes a vacant area corresponding to the sub-picture ; Splicing the sub-picture with the background picture of the verification code according to the user's instruction, the user's instruction includes the angle of rotation of the sub-picture, and the path of movement or the target position of movement; and verifying The spliced picture of the code background picture and the sub-picture is sent to the server for verification. When the sub-picture is spliced in the vacant area according to the predetermined position and the predetermined rotation angle, the verification result is passed.
服务器62可以用于接收用户终端61发送的验证码拉取请求;根据所述验证码拉取请求,随机抽取一个验证码背景图片以及与所抽取的验证码背景图片对应的子图片,所述验证码背景图片中包括与所述子图片对应的空缺区域;将所抽取的验证码背景图片以及子图片下发给所述用户终端61,以使所述用户终端61将所述验证码背景图片以及子图片展示给用户;以及接收所述用户终端返回的、根据所述用户的指令进行拼接的验证码背景图片与子图片的拼接图片,当所述子图片按照预定的位置以及预定的旋转角度拼接在所述验证码背景图片的空缺区域时,验证结果为通过。The server 62 can be used to receive the verification code pull request sent by the user terminal 61; according to the verification code pull request, randomly extract a verification code background picture and a sub-picture corresponding to the extracted verification code background picture, the verification code The code background picture includes a vacant area corresponding to the sub-picture; the extracted background picture of the verification code and the sub-picture are sent to the user terminal 61, so that the user terminal 61 uses the background picture of the verification code and the sub-picture displaying the sub-picture to the user; and receiving the spliced picture of the verification code background picture and the sub-picture returned by the user terminal and spliced according to the user's instruction, when the sub-picture is spliced according to a predetermined position and a predetermined rotation angle When it is in the vacant area of the verification code background image, the verification result is passed.
本发明实施例中,验证码背景图片的具体内容不需要具有很强的类别辨识度,可以由服务器直接从互联网上获取,资源非常丰富,不需要人工进行分类,可以降低成本,另外也可以增加人工收集图片作为破解题库的难度;充分利用了人类对图片内容理解的先天优势,用户根据对验证码背景图片以及子图片中内容的关联关系的认识对子图片进行正确的摆放,由于机器在对图片内容的理解以及子图片被旋转后与背景图片之间的关联关系的认识这两方面都存在很大的困难,因此大大增加了机器破解验证码的难度,安全性高;相对于点选验证码来说,不需要用户根据问题对图片进行类别辨识,提供了空缺区域供用户选择,降低了用户的使用门槛。也就是说本发明在不影响用户体验的前提下可以大大提高验证码的抗破解力,有效的提高了用户验证的安全性。In the embodiment of the present invention, the specific content of the verification code background picture does not need to have a strong category recognition, and can be obtained directly from the Internet by the server. The resources are very rich and do not need manual classification, which can reduce costs and increase the cost. The difficulty of manually collecting pictures as a solution to the question bank; making full use of the inherent advantages of human beings in understanding the content of pictures, the user can correctly place the sub-pictures based on the knowledge of the background picture of the verification code and the relationship between the contents of the sub-pictures. There are great difficulties in understanding the content of the picture and the relationship between the rotated sub-picture and the background picture, which greatly increases the difficulty of cracking the verification code by the machine and has high security; compared with clicking For verification codes, users are not required to identify the category of pictures according to the question, and a blank area is provided for users to choose, which lowers the threshold for users to use. That is to say, the present invention can greatly improve the cracking resistance of the verification code without affecting the user experience, and effectively improve the security of user verification.
需要说明的是,本说明书中的各个实施例均采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似的部分互相参见即可。对于装置类实施例而言,由于其与方法实施例基本相似,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。It should be noted that each embodiment in this specification is described in a progressive manner, and each embodiment focuses on the differences from other embodiments. For the same and similar parts in each embodiment, refer to each other, that is, Can. As for the device-type embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and for related parts, please refer to part of the description of the method embodiments.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It should be noted that, in this document, the term "comprising", "comprising" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article or apparatus comprising a set of elements includes not only those elements, It also includes other elements not expressly listed, or elements inherent in the process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not preclude the presence of additional identical elements in the process, method, article, or apparatus comprising that element.
本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,该的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps for realizing the above-mentioned embodiments can be completed by hardware, and can also be completed by instructing related hardware through a program. The program can be stored in a computer-readable storage medium. The above-mentioned The storage medium can be a read-only memory, a magnetic disk or an optical disk, etc.
以上所述,仅是本发明的较佳实施例而已,并非对本发明作任何形式上的限制,虽然本发明已以较佳实施例揭露如上,然而并非用以限定本发明,任何熟悉本专业的技术人员,在不脱离本发明技术方案范围内,当可利用上述揭示的技术内容做出些许更动或修饰为等同变化的等效实施例,但凡是未脱离本发明技术方案内容,依据本发明的技术实质对以上实施例所作的任何简单修改、等同变化与修饰,均仍属于本发明技术方案的范围内。The above description is only a preferred embodiment of the present invention, and does not limit the present invention in any form. Although the present invention has been disclosed as above with preferred embodiments, it is not intended to limit the present invention. Anyone familiar with this field Those skilled in the art, without departing from the scope of the technical solution of the present invention, may use the technical content disclosed above to make some changes or modify equivalent embodiments with equivalent changes, but as long as they do not depart from the technical solution of the present invention, according to the technical content of the present invention Any simple modifications, equivalent changes and modifications made to the above embodiments by the technical essence still belong to the scope of the technical solution of the present invention.
Claims (20)
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310647983.3A CN104702406B (en) | 2013-12-04 | 2013-12-04 | Identity verification method and device |
| CN201910532989.3A CN110266497A (en) | 2013-12-04 | 2013-12-04 | Auth method, device, server, user terminal and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310647983.3A CN104702406B (en) | 2013-12-04 | 2013-12-04 | Identity verification method and device |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910532989.3A Division CN110266497A (en) | 2013-12-04 | 2013-12-04 | Auth method, device, server, user terminal and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104702406A CN104702406A (en) | 2015-06-10 |
| CN104702406B true CN104702406B (en) | 2019-08-06 |
Family
ID=53349200
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910532989.3A Pending CN110266497A (en) | 2013-12-04 | 2013-12-04 | Auth method, device, server, user terminal and storage medium |
| CN201310647983.3A Active CN104702406B (en) | 2013-12-04 | 2013-12-04 | Identity verification method and device |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910532989.3A Pending CN110266497A (en) | 2013-12-04 | 2013-12-04 | Auth method, device, server, user terminal and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN110266497A (en) |
Families Citing this family (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104965589A (en) * | 2015-06-13 | 2015-10-07 | 东莞市微模式软件有限公司 | Human living body detection method and device based on human brain intelligence and man-machine interaction |
| CN105100079A (en) * | 2015-07-01 | 2015-11-25 | 广东欧珀移动通信有限公司 | Image-based verification interaction method, related device, and communication system |
| CN105335645B (en) * | 2015-09-23 | 2019-02-22 | 北京奇虎科技有限公司 | Image verification code verification method and device |
| CN105306603B (en) * | 2015-12-04 | 2019-08-02 | 中国联合网络通信集团有限公司 | Network verifying system and method, client, server |
| CN108234389A (en) * | 2016-12-14 | 2018-06-29 | 盛趣信息技术(上海)有限公司 | A kind of client validation method and system |
| CN108734004A (en) * | 2017-04-20 | 2018-11-02 | 知而行(上海)营销咨询有限公司 | Man-machine verification method for e-marketing system |
| CN107066189A (en) * | 2017-05-15 | 2017-08-18 | 惠州Tcl移动通信有限公司 | A kind of jigsaw unlocking method and system based on mobile terminal |
| CN107169341B (en) * | 2017-05-17 | 2020-02-14 | 苏州锦佰安信息技术有限公司 | Picture password generation method and picture password generation device |
| CN107491686A (en) * | 2017-07-06 | 2017-12-19 | 微梦创科网络科技(中国)有限公司 | A kind of encryption and decryption method and device of sliding trace background picture |
| CN108154019A (en) * | 2017-11-30 | 2018-06-12 | 天脉聚源(北京)科技有限公司 | A kind of method and device of image authentication |
| CN108828599B (en) * | 2018-04-06 | 2021-11-16 | 东莞市华睿电子科技有限公司 | Disaster-stricken person searching method based on rescue unmanned aerial vehicle |
| CN108494795A (en) * | 2018-04-11 | 2018-09-04 | 苏州锦佰安信息技术有限公司 | A kind of auth method and device |
| CN108804713B (en) * | 2018-06-29 | 2022-03-04 | 上海掌门科技有限公司 | Image output method, electronic device, and computer-readable medium |
| CN110730152B (en) * | 2018-07-16 | 2021-11-26 | 杭州海康威视数字技术股份有限公司 | Login verification method and device and electronic equipment |
| CN108920932A (en) * | 2018-07-16 | 2018-11-30 | 佛山市影腾科技有限公司 | A kind of verification code generation method, device and server |
| CN111310156B (en) * | 2019-11-28 | 2022-08-19 | 苏宁金融科技(南京)有限公司 | Automatic identification method and system for slider verification code |
| CN111563941B (en) * | 2020-05-08 | 2023-12-22 | 拉扎斯网络科技(上海)有限公司 | Picture verification code generation method, verification method, device and related equipment |
| CN113422687B (en) * | 2021-06-24 | 2023-02-28 | 中国农业银行股份有限公司 | Verification method, verification server and verification system |
| CN115705134A (en) * | 2021-08-06 | 2023-02-17 | 北京字跳网络技术有限公司 | Image processing method, device and equipment |
| CN113852619B (en) * | 2021-09-22 | 2024-03-01 | 北京顶象技术有限公司 | Interactive verification method and device and electronic equipment |
| CN113918922A (en) * | 2021-09-30 | 2022-01-11 | 重庆富民银行股份有限公司 | An intelligent verification system and method |
| CN114329413A (en) * | 2021-12-24 | 2022-04-12 | 中国电信股份有限公司 | Data processing method, apparatus, electronic device, and computer-readable storage medium |
| CN114626047A (en) * | 2022-03-04 | 2022-06-14 | 北京百度网讯科技有限公司 | Verification method, device and equipment based on man-machine interaction |
| CN114626049A (en) * | 2022-03-21 | 2022-06-14 | 广州品唯软件有限公司 | Method, device, equipment and readable storage medium for assisting blind person to verify |
| CN114840838B (en) * | 2022-05-10 | 2025-02-28 | 咪咕互动娱乐有限公司 | Mobile terminal verification method, device, storage medium and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102006163A (en) * | 2009-09-01 | 2011-04-06 | 阿里巴巴集团控股有限公司 | User authentication method, device and server |
| CN102890761A (en) * | 2011-08-24 | 2013-01-23 | 北京文海思创科技有限公司 | Method for verifying through graphical verification code |
| CN103179092A (en) * | 2011-12-22 | 2013-06-26 | 阿里巴巴集团控股有限公司 | Method, system and device for providing verification code information |
| CN103312512A (en) * | 2013-06-07 | 2013-09-18 | 深圳第七大道网络技术有限公司 | Image verification code generating method, image verification code generating device, identity verification method and identity verification device |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020133429A1 (en) * | 2001-03-14 | 2002-09-19 | Hsiang-Chun Lu | Multi-website shopping cart system and the method for the same |
| US7624277B1 (en) * | 2003-02-25 | 2009-11-24 | Microsoft Corporation | Content alteration for prevention of unauthorized scripts |
| US20080049969A1 (en) * | 2006-08-25 | 2008-02-28 | Jason David Koziol | Methods And Systems For Generating A Symbol Identification Challenge For An Automated Agent |
| US8136167B1 (en) * | 2008-10-20 | 2012-03-13 | Google Inc. | Systems and methods for providing image feedback |
| US8483518B2 (en) * | 2010-02-19 | 2013-07-09 | Microsoft Corporation | Image-based CAPTCHA exploiting context in object recognition |
| US8935767B2 (en) * | 2010-05-14 | 2015-01-13 | Microsoft Corporation | Overlay human interactive proof system and techniques |
| US8990959B2 (en) * | 2010-05-28 | 2015-03-24 | Microsoft Corporation | Manipulable human interactive proofs |
| US20130007875A1 (en) * | 2011-06-30 | 2013-01-03 | Ebay, Inc. | Interactive CAPTCHA |
| SG194267A1 (en) * | 2012-05-03 | 2013-11-29 | C3S Pte Ltd | Method and system for protecting a password during an authentication process |
| CN103139204A (en) * | 2012-12-19 | 2013-06-05 | 姚爱军 | Network identifying code method and system |
| CN103310139A (en) * | 2013-05-10 | 2013-09-18 | 百度在线网络技术(北京)有限公司 | Input validation method and input validation device |
-
2013
- 2013-12-04 CN CN201910532989.3A patent/CN110266497A/en active Pending
- 2013-12-04 CN CN201310647983.3A patent/CN104702406B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102006163A (en) * | 2009-09-01 | 2011-04-06 | 阿里巴巴集团控股有限公司 | User authentication method, device and server |
| CN102890761A (en) * | 2011-08-24 | 2013-01-23 | 北京文海思创科技有限公司 | Method for verifying through graphical verification code |
| CN103179092A (en) * | 2011-12-22 | 2013-06-26 | 阿里巴巴集团控股有限公司 | Method, system and device for providing verification code information |
| CN103312512A (en) * | 2013-06-07 | 2013-09-18 | 深圳第七大道网络技术有限公司 | Image verification code generating method, image verification code generating device, identity verification method and identity verification device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104702406A (en) | 2015-06-10 |
| CN110266497A (en) | 2019-09-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104702406B (en) | Identity verification method and device | |
| CN105306208B (en) | Identity verification method and device | |
| CN105323066B (en) | Identity verification method and device | |
| US10873576B2 (en) | Authenticating a user device via a monitoring device | |
| US10305889B2 (en) | Identity authentication method and device and storage medium | |
| US9537809B2 (en) | Method and system for graphic code processing | |
| WO2015169188A1 (en) | Method, apparatus, and system for loading webpage application program | |
| US20150319173A1 (en) | Co-verification method, two dimensional code generation method, and device and system therefor | |
| CN105187206B (en) | Auth method and device | |
| WO2015135382A1 (en) | Method and apparatus for connecting peripheral devices | |
| CN106375465B (en) | A data migration method and server | |
| CN107623690A (en) | Login method, device and storage medium | |
| CN105323218A (en) | Identity verifying method and device | |
| US12003497B2 (en) | Website verification service | |
| TW201203140A (en) | Online service providing system, method, server and mobile device thereof, and computer program product | |
| CN107294999A (en) | Information verification processing method, device, system, client and server | |
| CN106131133B (en) | Browsing history record information viewing method, device and system | |
| US9805181B1 (en) | Messaging channel for web pages and web applications | |
| US20180349580A1 (en) | Information processing method and device, and electronic equipment | |
| WO2014139361A1 (en) | Method, apparatus, and system for running an application | |
| CN104811304B (en) | Identity verification method and device | |
| CN105100005B (en) | Identity verification method and device | |
| CN104980807A (en) | Method and terminal for multimedia interaction | |
| US20160150071A1 (en) | Mobile terminal and control method thereof | |
| CN105630894B (en) | A kind of processing method and system of network linking |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190805 Address after: 518000 Nanshan District science and technology zone, Guangdong, Zhejiang Province, science and technology in the Tencent Building on the 1st floor of the 35 layer Co-patentee after: Tencent cloud computing (Beijing) limited liability company Patentee after: Tencent Technology (Shenzhen) Co., Ltd. Address before: Shenzhen Futian District City, Guangdong province 518044 Zhenxing Road, SEG Science Park 2 East Room 403 Patentee before: Tencent Technology (Shenzhen) Co., Ltd. |