CN107018117A - A kind of method and system for preventing that webpage from maliciously being verified - Google Patents
A kind of method and system for preventing that webpage from maliciously being verified Download PDFInfo
- Publication number
- CN107018117A CN107018117A CN201610057034.3A CN201610057034A CN107018117A CN 107018117 A CN107018117 A CN 107018117A CN 201610057034 A CN201610057034 A CN 201610057034A CN 107018117 A CN107018117 A CN 107018117A
- Authority
- CN
- China
- Prior art keywords
- webpage
- account
- data
- party
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3215—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3218—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention proposes a kind of method and system for preventing that webpage from maliciously being verified; methods described and system are when user's registration or password are reset; not only need to carry out safety verification to third party's accounts such as the mobile phones or mailbox of user; more require that it inputs webpage verification using data-hiding technology information; it can so prevent criminal from passing through software malicious registration or Brute Force user cipher; energy guarding website safety; site resource effectively is utilized, there is fabulous preventive effect in particular for softwares such as " exhale dead you " spread unchecked recently.
Description
Technical field
The present invention relates to webpage verification using data-hiding technology when registration or password replacement, specifically one kind prevents webpage by malice
The method and system of checking.
Background technology
With internet and IT development, the facility on Working Life is not only brought, while there is also more next
More serious information security issue.Particularly website user information, once stolen by people's malice, it is easy to make
Into economic loss.In order to prevent the behavior of these malice, most of websites are reset in user's registration or password
When, it is required for carrying out safety verification to third party's accounts such as the mobile phones or mailbox of user.But at present, have not
Method molecule is verified repeatedly using in many home Web sites to same account, the account is received substantial amounts of test
Information is demonstrate,proved, so that the user to the account causes great puzzlement, its work and life is influenceed.Such a row
To be difficult to trace to its source, difficulty of governance is big, therefore website should improve own infrastructure, prevent by criminal
Utilize.The present invention by before being verified to third party's account such as mobile phone or mailbox, it is necessary to which user is first carried out
Info web is verified, third party's account is carried out largely by the way that the means such as software are automatic so as to reduce criminal
The possibility of safety verification.
The content of the invention
In order to solve above-mentioned problem present in webpage verification using data-hiding technology, the present invention, which provides one kind, prevents that webpage from maliciously being tested
The method and system of card, allows website preferably to protect the resource of oneself, it is to avoid to be utilized by criminal,
Its technical scheme is as follows:
A kind of method for preventing that webpage from maliciously being verified,
Receive the third party's account and webpage verification using data-hiding technology information of user's input;
Judge whether webpage verification using data-hiding technology information is correct;
If incorrect, user is pointed out to re-enter new webpage verification using data-hiding technology information;
If correct, check code is sent to third party's account, user receives and inputted again after check code, complete
Into checking.
Further, the webpage verification using data-hiding technology information at least includes extracting information from picture or word, slides figure
The one kind of piece into predeterminated position, selection designated pictures or simple question and answer.
Further, third party's account at least includes one kind in cell-phone number or mailbox.
Further, the inputting interface of third party's account and the inputting interface of webpage verification using data-hiding technology information are located at same net
The page page.
Further, sent to third party's account before check code, it is necessary to whether verify third party's account
Through registration.
Further, the time interval of third party's account transmission check code at least 1 minute.
Further, the same acceptable check code number of times of third party's account is no more than 20 times daily.
Further, the check code request number of times transmitted by each computer IP same day is no more than 300 times.
On the other hand, disclosed herein as well is a kind of system for preventing that webpage from maliciously being verified,
The system includes display module, read module, check code generation module, authentication module and information
Transfer module;
The display module is by webpage verification using data-hiding technology prompt message and third party's account, webpage verification using data-hiding technology information, verification
The input frame of code is presented to user;
The read module reads the webpage verification using data-hiding technology information and third party's account of user's input;
The webpage verification using data-hiding technology information of authentication module checking user's input, points out user again defeated if incorrect
Enter new webpage verification using data-hiding technology information;If correct, the check code generation module to should third party's account generate
Check code, and the check code of generation is sent to third party's account by described information transfer module, user receives
Input validation code, completes checking afterwards.
Further, the webpage verification using data-hiding technology information at least includes extracting information from picture or word, slides figure
The one kind of piece into predeterminated position, selection designated pictures or simple question and answer.
The present invention can reduce utilization of the criminal to site resource, more preferable maintaining web inherently safe,
Prevent website by malicious attack;Also done simultaneously from oneself, it is therefore prevented that the software such as similar " exhale dead you " it is general
Excessively, to a certain extent, user job and being normally carried out for living have been ensured.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to implementing
The accompanying drawing used required in example or description of the prior art is briefly described, it should be apparent that, describe below
In accompanying drawing be only some embodiments of the present invention, for those of ordinary skill in the art, do not paying
On the premise of going out creative labor, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the method schematic diagram of the preferred embodiment of the present invention;
Fig. 2 is the system schematic of the preferred embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear
Chu, it is fully described by, it is clear that described embodiment is only a part of embodiment of the invention, rather than entirely
The embodiment in portion.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creativeness
The every other embodiment obtained under the premise of work, belongs to the scope of protection of the invention.
As shown in figure 1, being the schematic flow sheet for preventing webpage by malice verification method, in the present embodiment
In, it the described method comprises the following steps:
S01, system reads the third party's account information and webpage verification using data-hiding technology information of user's input.
Specifically, offline in advance build webpage verification using data-hiding technology information, and webpage verification using data-hiding technology prompt message is presented to user,
User is pointed out to input correct webpage verification using data-hiding technology information.User inputs corresponding net according to webpage verification using data-hiding technology prompt message
Page checking information, and input third party's account progress safety verification.
The mode of the webpage verification using data-hiding technology information at least include from picture or word extract information, slide picture to
One kind in predeterminated position, selection designated pictures or simple question and answer;The webpage verification using data-hiding technology prompt message is showing
When can add the different changing factors such as different fonts, deformation, background, 3D/2D, dynamic/static state,
Reduction is by illegal software automatic identification probability.
Third party's account at least includes one kind in cell-phone number or mailbox, in the present embodiment, it is necessary to
Family provides cell-phone number and received with check code.Due to the unicity of third party's account, often by third party's account
Number simultaneously be used as user account name., it is necessary to verify third party's account while third party's account is received
Number whether register, and provided corresponding prompting.If registration checking, then need third party's account
It is unregistered, if password is reset, then need third party's account registered.
In the present embodiment, the inputting interface of third party's account and the inputting interface of webpage verification using data-hiding technology information are located at same
One Webpage, user can complete both input services in same Webpage, it is to avoid repeatedly to service
Device sends request, and caused network congestion reduces server load;In other embodiments, the described 3rd
The inputting interface of square account can not also be located at same Webpage with the inputting interface of webpage verification using data-hiding technology information, only
Need first to verify webpage verification using data-hiding technology information.
S02, judges whether webpage verification using data-hiding technology information is correct.
, it is necessary to test webpage after the third party's account information and webpage verification using data-hiding technology information of user's input is received
Card information is verified, according to the different type of webpage verification using data-hiding technology information, there is different verification modes.
Because the webpage verification using data-hiding technology information is offline in advance built-up, therefore, webpage is inputted in user
After checking information, webpage backstage can directly be verified, without uploading onto the server, and reduce service
The pressure of device.
S03, when the webpage verification using data-hiding technology information is incorrect, points out user to re-enter new webpage verification using data-hiding technology information.
In the present embodiment, when user have input the webpage verification using data-hiding technology information of mistake, webpage backstage can give birth to again
Cheng Xin webpage verification using data-hiding technology information, while webpage verification using data-hiding technology prompt message can also update, then points out user again defeated
Enter, now user then needs, according to new webpage verification using data-hiding technology prompt message, to input new webpage verification using data-hiding technology information.
Backstage can also need not generate new webpage verification using data-hiding technology information in other embodiments, only point out user to re-enter
.
S04, when the webpage verification using data-hiding technology information is correct, server then sends check code to third party's account.
In this step, when the webpage verification using data-hiding technology information is correct, webpage backstage also needs to examination the described 3rd
Whether the time interval that the time that square account sends check code request asked with last time is more than 1 minute, only exists
In the case that last time sent check code requesting interval more than 1 minute, it this time can just continue to send verification
Code request.
Server is received after third party's account and check code request, it is necessary to further check third party's account
Whether the check code number of times that the same day receives is more than 20 times, and the request on the day of the IP of the check code request sent
Whether number of times is more than 300 times.The check code number of times only received on the day of third party's account is no more than 20 times,
And in the case that the request number of times on the day of the IP of the check code request sent is no more than 300 times, server is
Check code can be sent to third party's account.The form of the check code can be word, pattern or voice
Report etc..
S05, user receives and inputted again after check code, completes checking.
Third party's account is received after the check code of server transmission, and user extracts to information, in webpage
The upper correct check code of input, the information typically extracted is the information that word or numeral etc. are easy to record.
Server receives correct check code, and then whole verification process terminates, and otherwise points out user to re-enter verification
Code.If user does not receive check code, it can be spaced after 1 minute and send check code request to server again.
As shown in Fig. 2 the present invention also provides a kind of system for preventing webpage from maliciously being verified, it is specific as follows:
It is described prevent webpage by malice checking system include display module 11, read module 12, authentication module 13,
Check code generation module 14, information transfer module 15.
The display module 11 is by webpage verification using data-hiding technology prompt message and third party's account, webpage verification using data-hiding technology information, school
The input frame for testing code is presented to user;The webpage verification using data-hiding technology prompt message can add difference when showing
The different changing factors such as font, deformation, background, 3D/2D, dynamic/static state, are reduced by illegal software certainly
Dynamic identification probability;The webpage verification using data-hiding technology information at least includes extracting information from picture or word, slides picture
One kind into predeterminated position, selection designated pictures or simple question and answer.
The read module 12 reads the webpage verification using data-hiding technology information and third party's account of user's input;User is from webpage
Required webpage verification using data-hiding technology information is extracted in verification tip information, and is inputted input frame or completes specified want
Ask, read module 12 reads corresponding data.
The authentication module 13 first verifies that whether third party's account has been registered, and provides corresponding prompting.
Then the webpage verification using data-hiding technology information that checking user inputs, prompting user re-enters new webpage and tested if incorrect
Demonstrate,prove information;Then the webpage verification using data-hiding technology information data that authentication module 13 is read according to read module 12, in webpage
Backstage is directly verified, judges whether its input is correct, it is not necessary to upload onto the server, reduce server
Pressure.
If the input of webpage verification using data-hiding technology information is incorrect, user is pointed out to re-enter new webpage verification using data-hiding technology information.
In the present embodiment, when user have input the webpage verification using data-hiding technology information of mistake, webpage backstage can regenerate new
Webpage verification using data-hiding technology information, while webpage verification using data-hiding technology prompt message can also update, then points out user to re-enter, this
When user then need the new web page verification tip information that is shown according to display module 11, input new webpage verification using data-hiding technology
Information.Backstage can also need not generate new webpage verification using data-hiding technology information in other embodiments, only point out user
Re-enter.
If correct, 14 pairs of the check code generation module should third party's account generation check code, and by institute
State information transfer module 15 and the check code of generation is sent to third party's account, input validation code after user receives,
Complete checking.
The check code generation module 14 one check code of generation, and by it and third party's account pair at random
Should, finally stored in authentication module 13.
The check code of generation is sent to third party's account, the check code by described information transfer module 15
Form can be for word, pattern or voice broadcast etc..
Third party's account is received after the check code of server transmission, and user extracts to information, in webpage
The upper correct check code of input, the information typically extracted is the information that word or numeral etc. are easy to record.
Server receives correct check code, and then whole verification process terminates, and otherwise points out user to re-enter verification
Code.If user does not receive check code, it can be spaced after 1 minute and send check code request to server again.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in this hair
Within bright spirit and principle, any modification, equivalent substitution and improvements made etc. should be included in this hair
Within bright protection domain.
Claims (10)
1. a kind of method for preventing that webpage from maliciously being verified, it is characterised in that
Receive the third party's account and webpage verification using data-hiding technology information of user's input;
Judge whether webpage verification using data-hiding technology information is correct;
If incorrect, user is pointed out to re-enter new webpage verification using data-hiding technology information;
If correct, check code is sent to third party's account, user receives and inputted again after check code, complete
Into checking.
2. a kind of method for preventing that webpage from maliciously being verified according to claim 1, it is characterised in that institute
Stating webpage verification using data-hiding technology information at least includes extracting information from picture or word, slides picture to predeterminated position, choosing
Select one kind in designated pictures or simple question and answer.
3. a kind of method for preventing that webpage from maliciously being verified according to claim 1, it is characterised in that institute
Stating third party's account at least includes one kind in cell-phone number or mailbox.
4. a kind of method for preventing that webpage from maliciously being verified according to claim 1, it is characterised in that
The inputting interface of tripartite's account is located at same Webpage with the inputting interface of webpage verification using data-hiding technology information.
5. a kind of method for preventing that webpage from maliciously being verified according to claim 1, it is characterised in that to
Third party's account is sent before check code, it is necessary to verify whether third party's account has been registered.
6. a kind of method for preventing that webpage from maliciously being verified according to claim 1, it is characterised in that institute
State the time interval of third party's account transmission check code at least 1 minute.
7. a kind of method for preventing that webpage from maliciously being verified according to claim 1, it is characterised in that every
Its same acceptable check code number of times of third party's account is no more than 20 times.
8. a kind of method for preventing that webpage from maliciously being verified according to claim 1, it is characterised in that every
Check code request number of times transmitted by the day of individual computer IP is no more than 300 times.
9. a kind of method for preventing webpage from maliciously being verified for described in claim 1 to 8 Arbitrary Term is
System, it is characterised in that:The system includes display module, read module, check code generation module, checking
Module and information transfer module;
The display module is by webpage verification using data-hiding technology prompt message and third party's account, webpage verification using data-hiding technology information, verification
The input frame of code is presented to user;
The read module reads the webpage verification using data-hiding technology information and third party's account of user's input;
The webpage verification using data-hiding technology information of authentication module checking user's input, points out user again defeated if incorrect
Enter new webpage verification using data-hiding technology information;If correct, the check code generation module to should third party's account generate
Check code, and the check code of generation is sent to third party's account by described information transfer module, user receives
Input validation code, completes checking afterwards.
10. system according to claim 9, it is characterised in that:The webpage verification using data-hiding technology information is at least wrapped
Include and information is extracted from picture or word, picture is slided to predeterminated position, selection designated pictures or simple question and answer
In one kind.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610057034.3A CN107018117A (en) | 2016-01-27 | 2016-01-27 | A kind of method and system for preventing that webpage from maliciously being verified |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610057034.3A CN107018117A (en) | 2016-01-27 | 2016-01-27 | A kind of method and system for preventing that webpage from maliciously being verified |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107018117A true CN107018117A (en) | 2017-08-04 |
Family
ID=59438928
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610057034.3A Pending CN107018117A (en) | 2016-01-27 | 2016-01-27 | A kind of method and system for preventing that webpage from maliciously being verified |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107018117A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101355582A (en) * | 2008-08-28 | 2009-01-28 | 中兴通讯股份有限公司 | Method and system for authentication of web page pointing and dialing |
| CN103488934A (en) * | 2013-09-24 | 2014-01-01 | 刘雪英 | Method, device and system for inputting verification codes |
| CN104135365A (en) * | 2013-05-03 | 2014-11-05 | 阿里巴巴集团控股有限公司 | A method, a server, and a client for verifying an access request |
| CN104639505A (en) * | 2013-11-11 | 2015-05-20 | ***通信集团辽宁有限公司 | Short message-based bidirectional safety authentication method and system |
-
2016
- 2016-01-27 CN CN201610057034.3A patent/CN107018117A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101355582A (en) * | 2008-08-28 | 2009-01-28 | 中兴通讯股份有限公司 | Method and system for authentication of web page pointing and dialing |
| CN104135365A (en) * | 2013-05-03 | 2014-11-05 | 阿里巴巴集团控股有限公司 | A method, a server, and a client for verifying an access request |
| CN103488934A (en) * | 2013-09-24 | 2014-01-01 | 刘雪英 | Method, device and system for inputting verification codes |
| CN104639505A (en) * | 2013-11-11 | 2015-05-20 | ***通信集团辽宁有限公司 | Short message-based bidirectional safety authentication method and system |
Non-Patent Citations (1)
| Title |
|---|
| 言寺日记: "支付宝怎么注册?支付宝注册流程", 《百度经验》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101997824B (en) | Identity identifying method based on mobile terminal and device thereof and system | |
| CN104283885B (en) | A kind of implementation method of many SP secure bindings based on intelligent terminal local authentication | |
| CN108989278A (en) | Identification service system and method | |
| CN104618315B (en) | A kind of method, apparatus and system of verification information push and Information Authentication | |
| EP2819050A1 (en) | Electronic signature system for an electronic document using a third-party authentication circuit | |
| JP2011141785A (en) | Member registration system using portable terminal and authentication system | |
| EP3534584A1 (en) | Service implementation method and apparatus | |
| CN107196922A (en) | Identity identifying method, user equipment and server | |
| CN103150837A (en) | System and method for achieving cardless withdrawal on automatic teller machine (ATM) | |
| JP2012530311A (en) | How to log into a mobile radio network | |
| CN106304074A (en) | Auth method and system towards mobile subscriber | |
| CN105184567B (en) | Processing method, processing unit and the mobile terminal of information | |
| CN104820944A (en) | Method and system for bank self-service terminal authentication, and device | |
| CN103037368A (en) | Method, device and system for identity authentication | |
| CN106203021B (en) | A kind of more certification modes are integrated to apply login method and system | |
| CN107733838A (en) | A kind of mobile terminal client terminal identity identifying method, device and system | |
| CN103024706A (en) | Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication | |
| CN107277812A (en) | A kind of wireless network authentication method and system based on Quick Response Code | |
| CN105431843A (en) | Network identity authentication using communication device identification code | |
| CN107846406A (en) | A kind of account logon method and device | |
| CN108174360A (en) | A kind of note transmission method and device, short-message verification method and device | |
| CN107241362B (en) | Method and device for identifying identity of verification code input user | |
| CN107196943A (en) | A kind of security display implementation method of private data in third-party platform | |
| CN107231343B (en) | A kind of U-shield Activiation method, client and system | |
| CN104144146B (en) | A kind of method and system of access website |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170804 |
|
| RJ01 | Rejection of invention patent application after publication |