CN107204959A

CN107204959A - Verification method, the apparatus and system of identifying code

Info

Publication number: CN107204959A
Application number: CN201610151493.8A
Authority: CN
Inventors: 蒋海滔
Original assignee: Alibaba Group Holding Ltd
Current assignee: Alibaba Group Holding Ltd
Priority date: 2016-03-16
Filing date: 2016-03-16
Publication date: 2017-09-26
Anticipated expiration: 2036-03-16
Also published as: CN107204959B

Abstract

This application discloses a kind of verification method of identifying code, apparatus and system.Wherein, this method includes：The first request that first server receiving terminal is sent, wherein, first asks to be used for acquisition request identifying code；First server generates response message in response to the first request, wherein, code carrier and corresponding first verification code information of code carrier are at least included in response message；First verification code information of code carrier and encryption is at least back to terminal by first server, wherein, code carrier is used for instruction terminal and inputs the second verification code information, and the second checking information that the first verification code information of encryption is used in the second request that second server is sent to terminal is verified.Present application addresses the trans-regional technical problem verified and there is time delay.

Description

Verification method, the apparatus and system of identifying code

Technical field

The application is related to internet arena, in particular to a kind of verification method of identifying code, apparatus and system.

Background technology

In the prior art, in large-scale website, may in multiple location arrangements identifying code servers, such as Beijing, on Multiple identifying code servers are disposed on the ground such as sea, Hangzhou, Guangzhou.User terminal on these servers requests verification code And when verifying, it is understood that there may be a kind of situation be：User has taken identifying code picture from the server for be deployed in Shanghai, But user is after input validation code, when being verified to identifying code, it is assigned to and is deployed in Pekinese's server and enters Row checking.Being tested due to conventional method handle allows code to be stored in KV servers (key assignments storage server), in authentication During code, it can judge whether identifying code is correct by contrasting the value in KV servers, and KV servers are in cross-region On different server, carrying out the synchronization of verification code information has time delay, if synchronization delayed time is beyond the effective of identifying code Phase, user's checking may be caused to fail, it is poor to experience.

As shown in figure 1, in the prior art, user can be achieved by the steps of to server requests authentication code：

Step S101：User is to the application requests page.

Step S102：Application program returns to the checking page to user, wherein, it can ask to be used in the checking page defeated The URL addresses for the identifying code server for pointing to checking resource are carried in access customer name and password, and the checking page (i.e. code fetch server).

Step S103：User accesses code fetch server using the URL addresses.

Step S104：Code fetch server requests verification code picture and image results from KV storages.The image results are For the image results carried in identifying code picture.

Step S105：Identifying code picture is issued user by code fetch server.

Step S106：Code fetch server stores image results and session information write-in KV.

Wherein, the session information is carried in the access request that user accesses code fetch server using the URL addresses.

As shown in Fig. 2 in the prior art, can be by as follows when sending identifying code requests verification with user orientation server Step is realized：

Step S201：User submits identifying code to ask to application program.

Step S202：Identifying code request is sent to corresponding authentication server by application program.

Step S203：Authentication server obtains image results, and is verified.

Alternatively, authentication server obtains the corresponding image results of session information from KV storages, still, if the checking Server is not same server with the code fetch server in Fig. 1, and the authentication server also needs to obtain to code fetch server Image results are taken, the image results is then based on and is verified, it is as described above, if two server dispositions are not , then there is time delay in same region, user's checking can be caused to fail.

Step S204：Authentication server deletes the session information and image results stored in KV storages.

Step S205：Authentication server returns to the result.

The problem of there is checking time delay during for above-mentioned trans-regional checking, not yet proposes effective solution at present.

The content of the invention

The embodiment of the present application provides a kind of verification method of identifying code, apparatus and system, at least to solve trans-regional test In the presence of the technical problem of checking time delay during card.

According to the one side of the embodiment of the present application there is provided a kind of verification method of identifying code, this method includes：The The first request that one server receiving terminal is sent, wherein, first asks to be used for acquisition request identifying code；First service Device generates response message in response to the first request, wherein, code carrier and identifying code are at least included in response message Corresponding first verification code information of carrier；First server is at least by code carrier and the first verification code information of encryption Terminal is back to, wherein, code carrier is used for instruction terminal and inputs the second verification code information, the first checking of encryption The second checking information that code information is used in the second request that second server is sent to terminal is verified.

According to the one side of the embodiment of the present application there is provided a kind of verification method of identifying code, this method includes：The The second request that two server receiving terminals are sent, wherein, the first verification code information of encryption is carried in the second request Asked with the second verification code information, second for asking the first verification code information using encryption to the second verification code information Verified, the first verification code information of encryption is sent to terminal for first server, and the second verification code information is eventually The information that end group is inputted in the code carrier that first server is sent, code carrier and the first verification code information phase Correspondence；Second server is entered in response to the second request using the first verification code information of encryption to the second verification code information Row checking.

According to the one side of the embodiment of the present application there is provided a kind of verification method of identifying code, this method includes：Eventually Hold to first server and send the first request, wherein, first asks to be used for acquisition request identifying code；Terminal receives first The response message that server is returned in response to the first request, wherein, code carrier is at least included in response message and is added The first close verification code information；Terminal is based on code carrier and obtains the second verification code information；Terminal generation second is asked, At least include the first verification code information of the second verification code information and encryption in second request；Terminal sends the second request To second server, wherein, second is asked for being entered using the first verification code information of encryption to the second verification code information Row checking.

According to the one side of the embodiment of the present application there is provided a kind of checking system of identifying code, the system includes：The One server, the first request sent for receiving terminal, wherein, first asks to be used for acquisition request identifying code, and In response to the first request, response message is generated, wherein, at least include code carrier in response message and identifying code is carried Corresponding first verification code information of body；First server is additionally operable to code carrier and the first identifying code of encryption at least Information is back to terminal；Second server, the second request sent for receiving terminal, wherein, taken in the second request The first verification code information and the second verification code information with encryption, second asks for asking to test using the first of encryption Card code information verifies that the second verification code information is what terminal was sent based on first server to the second verification code information Code carrier and the information inputted；Second server is additionally operable in response to the second request, utilizes the first checking of encryption Code information is verified to the second verification code information.

According to the another aspect of the embodiment of the present application, additionally provide a kind of checking device of identifying code, the identifying code is tested Card device is arranged in first server, including：First receiving unit, the first request sent for receiving terminal, Wherein, first ask to be used for acquisition request identifying code；First response unit, in response to the first request, generation to ring Information is answered, wherein, code carrier and corresponding first verification code information of code carrier are at least included in response message； First returning unit, at least end is back to for first server by the first verification code information of code carrier and encryption End, wherein, code carrier is used for instruction terminal and inputs the second verification code information, and the first verification code information of encryption is used The second checking information in the second request that second server is sent to terminal is verified.

According to the another aspect of the embodiment of the present application, a kind of checking device of identifying code is additionally provided, the second clothes are arranged on It is engaged on device, the checking device of the identifying code includes：Second receiving unit, the second request sent for receiving terminal, Wherein, the first verification code information and the second verification code information of encryption are carried in the second request, second asks to be used to ask Ask and the second verification code information is verified using the first verification code information of encryption, the first verification code information of encryption is First server is sent to terminal, and the second verification code information is the code carrier that terminal is sent based on first server And the information inputted, code carrier is corresponding with the first verification code information；Second response unit, for second service Device is verified in response to the second request using the first verification code information of encryption to the second verification code information.

According to the another aspect of the embodiment of the present application, a kind of checking device of identifying code is additionally provided, is arranged in terminal, Including：First transmitting element, is asked for sending first to first server, wherein, first asks to obtain for request Take identifying code；3rd receiving unit, for receiving the response message that first server is returned in response to the first request, its In, the first verification code information of code carrier and encryption is at least included in response message；Acquiring unit, for based on Code carrier obtains the second verification code information；Generation unit, is asked for generating second, is at least wrapped in the second request Include the first verification code information of the second verification code information and encryption；Second transmitting element, for the second request to be sent extremely Second server, wherein, second asks to carry out the second verification code information for the first verification code information using encryption Checking.

In the embodiment of the present application, using the embodiment of the present application, first server is sent to terminal by code carrier When, while the first verification code information of encryption is sent to terminal, terminal is in second identifying code of the request to input When information is verified, the first verification code information of encryption is sent to second server in the lump, server can be based on First verification code information of the encryption is verified to the second verification code information.In the above-described embodiments, even first In the case that server and second server are not same server, second server from first server without obtaining the One verification code information, second server can directly using terminal send the first verification code information the second identifying code is believed Breath is verified, without the information exchange between two servers, so that transregional in first server and second server When domain is verified, also in the absence of time delay, the checking to identifying code can be quickly realized, prior art mid span area is solved The problem of there is checking time delay during checking.

Brief description of the drawings

Accompanying drawing described herein is used for providing further understanding of the present application, constitutes the part of the application, this Shen Schematic description and description please is used to explain the application, does not constitute the improper restriction to the application.In accompanying drawing In：

Fig. 1 is a kind of interaction diagrams of acquisition identifying code according to prior art；

Fig. 2 is a kind of interaction diagrams verified to identifying code according to prior art；

Fig. 3 is a kind of hardware block diagram of the terminal of the verification method of identifying code of the embodiment of the present application

Fig. 4 is the flow chart one of the verification method of the identifying code according to the embodiment of the present application；

Fig. 5 is the interaction figure one of the verification method of the identifying code according to the embodiment of the present application；

Fig. 6 is the flowchart 2 of the verification method of the identifying code according to the embodiment of the present application；

Fig. 7 is the interaction figure two of the verification method of the identifying code according to the embodiment of the present application；

Fig. 8 is the flow chart 3 of the verification method of the identifying code according to the embodiment of the present application；

Fig. 9 is the schematic diagram of the checking system according to the identifying code of the embodiment of the present application；

Figure 10 is the schematic diagram one of the checking device according to the identifying code of the embodiment of the present application；

Figure 11 is the schematic diagram two of the checking device according to the identifying code of the embodiment of the present application；

Figure 12 is the schematic diagram three of the checking device according to the identifying code of the embodiment of the present application；And

Figure 13 is the flow chart of the verification method of the identifying code according to the embodiment of the present application.

Embodiment

In order that those skilled in the art more fully understand application scheme, below in conjunction with the embodiment of the present application Accompanying drawing, the technical scheme in the embodiment of the present application is clearly and completely described, it is clear that described embodiment The only embodiment of the application part, rather than whole embodiments.Based on the embodiment in the application, ability The every other embodiment that domain those of ordinary skill is obtained under the premise of creative work is not made, should all belong to The scope of the application protection.

It should be noted that term " first " in the description and claims of this application and above-mentioned accompanying drawing, " Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that this The data that sample is used can be exchanged in the appropriate case, so as to embodiments herein described herein can with except Here the order beyond those for illustrating or describing is implemented.In addition, term " comprising " and " having " and they Any deformation, it is intended that covering is non-exclusive to be included, for example, containing process, the side of series of steps or unit Method, system, product or equipment are not necessarily limited to those steps clearly listed or unit, but may include unclear It is that ground is listed or for the intrinsic other steps of these processes, method, product or equipment or unit.

First, the term that the application is related to is explained as follows：

Data encryption：Processing is changed by data key, third party can not obtain raw information, and can not be pseudo- Make, distort the information, only possess key and data can be decrypted just now and obtain raw information.

Reset：Attacker sends the bag of a destination host received mistake, and particularly in certification, (such as the application's tests Demonstrate,prove code checking) during, the bag received for certification user identity, to reach the purpose of fraud system, mainly For authentication procedures, the security of certification is destroyed.

Anti-replay：Whether it is processed by the request of KV stored records, refusal is handled if treated.

Embodiment 1

According to the embodiment of the present application, a kind of embodiment of the verification method of identifying code is additionally provided, it is necessary to illustrate, It can be performed the step of the flow of accompanying drawing is illustrated in the computer system of such as one group computer executable instructions, And, although logical order is shown in flow charts, but in some cases, can be with suitable different from herein Sequence performs shown or described step.

The embodiment of the method that the embodiment of the present application one is provided can be in mobile terminal, terminal or similar fortune Calculate in device and perform.Exemplified by running on computer terminals, Fig. 3 is a kind of testing for identifying code of the embodiment of the present application The hardware block diagram of the terminal of card method.As shown in figure 3, terminal 10 can include one or many (processor 302 can include but is not limited to Micro-processor MCV or can individual (one is only shown in figure) processor 302 Programmed logic device FPGA etc. processing unit), the memory 304 for data storage and for communication function Transmitting device 306.It will appreciated by the skilled person that the structure shown in Fig. 3 is only signal, it is not Structure to above-mentioned electronic installation causes to limit.For example, terminal 10 may also include it is more more than shown in Fig. 3 or The less component of person, or with the configuration different from shown in Fig. 3.

The checking that memory 304 can be used in the software program and module of storage application software, such as the embodiment of the present application Corresponding programmed instruction/the module of verification method of code, processor 302 is stored in the software in memory 304 by operation Program and module, so as to perform various function application and data processing, that is, realize the authentication of above-mentioned identifying code Method.Memory 304 may include high speed random access memory, may also include nonvolatile memory, such as one or more Magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, memory 304 can Further comprise the memory remotely located relative to processor 302, these remote memories can pass through network connection To terminal 10.The example of above-mentioned network includes but is not limited to internet, intranet, LAN, movement Communication network and combinations thereof.

Transmitting device 306 is used to data are received or sent via a network.Above-mentioned network instantiation may include The wireless network that the communication providerses of terminal 10 are provided.In an example, transmitting device 306 includes one Network adapter (Network Interface Controller, NIC), it can pass through base station and other network equipments It is connected to be communicated with internet.In an example, transmitting device 306 can be radio frequency (Radio Frequency, RF) module, it is used to wirelessly be communicated with internet.

Under above-mentioned running environment, this application provides the verification method of identifying code as shown in Figure 4.Fig. 4 is basis The flow chart one of the verification method of the identifying code of the embodiment of the present application.As shown in figure 4, the program can be by walking as follows It is rapid to realize：

Step S402：The first request that first server receiving terminal is sent, wherein, first asks to be used for acquisition request Identifying code；

Step S404：First server generates response message in response to the first request, wherein, in response message at least Including corresponding first verification code information of code carrier and code carrier；

Step S406：First verification code information of code carrier and encryption is at least back to terminal by first server, Wherein, code carrier is used for instruction terminal and inputs the second verification code information, and the first verification code information of encryption is used for the The second checking information in the second request that two servers are sent to terminal is verified.

Using the embodiment of the present application, first server is when code carrier is sent to terminal, while will encryption The first verification code information send to terminal, terminal is when request is verified to the second verification code information of input, one And send the first verification code information of encryption to second server, server can the first identifying code based on the encryption Information is verified to the second verification code information.In the above-described embodiments, even first server and second server In the case of not being same server, second server from first server without obtaining the first verification code information, second Server can directly using terminal send the first verification code information the second verification code information is verified, without two Information exchange between individual server, so as in first server and the trans-regional checking of second server, also be not present Time delay, can quickly realize the checking to identifying code, there is checking time delay when solving the checking of prior art mid span area The problem of.

Code carrier in above-described embodiment can be identifying code picture, that is, carry the picture of verification code information, e.g., First server can first generate the character of the first verification code information, and the character of first verification code information is turned round at random Turn, the character after torsion write on painting canvas, generate picture, the picture is the above-mentioned picture for carrying identifying code, Also it is code carrier.

The first verification code information in above-described embodiment can be the character information carried on the code carrier, such as one The information carried on identifying code picture is " 1234 ", then first verification code information is " 1234 ".

Specifically, in the above-described embodiments, terminal (such as logging request, places an order in request access target application server Request or registration request) after, receive the URL addresses (verifying resource address) for accessing first server, base Asked in URL generations first, first server is received after the first request of terminal transmission, and first server is rung The response of code carrier and corresponding first verification code information of code carrier should at least be included in the first request, generation Information, after the response message is generated, the response message is sent to terminal, the terminal receives first server Response message after, by the code carrier in the response message include on the screen of terminal, user can pass through The input frame on terminal screen is operated to input the second verification code information.Terminal is obtained after second verification code information, will Encryption the first verification code information and input the second verification code information, and application account and password send in the lump to should With program, the application program uses application account and password to carry out authentication to terminal, and the application program is also by second Verification code information and the first verification code information of encryption are sent to second server, and second server first is verified using this Code information is verified to the second verification code information.

Wherein, the second server is based on application account determination, and such as destination application server judges that this belongs to using account Account in Shanghai, then send the checking request (the i.e. second request) to the second server for being deployed in Shanghai.

In above-described embodiment, it is desirable to the first verification code information be cryptographically stored in user terminal (i.e. above-described embodiment In terminal), and when terminal request is verified, while by the first verification code information of encryption and the second identifying code of input Information is submitted to server end in the lump, has both reached data confidentiality effect, cross-region KV server datas is solved again same The risk that step time delay is brought, realizes the verification code system of cross-region deployment.

In above-described embodiment of the application, first server generation response message can include：First server is from right Code carrier and the first verification code information are read in the key assignments data storage storehouse answered；The session carried in asking first Information and the first verification code information are encrypted, the first verification code information of the session information encrypted and encryption；Base Session information, the first verification code information of encryption and code carrier in encryption, generate response message.

In the above-described embodiments, first server can be read from KV data storages storehouse (i.e. key assignments data storage storehouse) Code carrier and the first verification code information, session information in the first request then sent to terminal and get the One verification code information is encrypted, the first verification code information of the session information encrypted and encryption, based on the encryption Session information, encryption the first verification code information and code carrier generation response message.

Specifically, the first verification code information of code carrier and encryption is at least back to terminal in first server Meanwhile, first server sends the session information of encryption to terminal, wherein, the of the session information of encryption and encryption One verification code information judges whether the second request is playback request for second server.

By above-described embodiment, the session information (such as session number or session id) of encryption is carried in response message, In the case where ensureing session information and the first verification code information safety, it can also be ensured that the clothes verified to identifying code Business device may determine that whether the terminal has initiated Replay Attack, further ensure the safety of the checking system of identifying code.

According to above-described embodiment, the first verification code information of the encryption of acquisition request can be stored in cookie.But Be due to that multiple pages under a domain name share a cookie, if user in terminal simultaneously in multiple page requests The first verification code information of the encryption finally obtained can only be write in identifying code, cookie, in order to ensure multiple pages all The first verification code information of encryption can be got, terminal, can be with after the first verification code information of encryption is received Save it in hidden domains (i.e. the Hidden field of the page).

In addition, cookie size is restricted, if the cookie under a domain name is excessive, it may cause cookie's Lose, after terminal gets the first verification code information of encryption, the first verification code information of encryption is stored in hidden The problem of information is lost can also be avoided by hiding in domain.

As shown in figure 5, so that code carrier is identifying code picture as an example, the above embodiments of the present application are described in detail：

Step S501:Terminal initiates access request to destination application server.

Alternatively, the access request such as logging request, can place an order request (such as that need to carry out the request of authentication The destination application server is the server of resource transfers website, then the request can be resource transfers request) and note Volume request etc..

Step S502：Destination application server returns to request response message.

The request response message is used for instruction terminal input and applies account and password, and input validation code.

Further, checking resource address is carried in the request response message, the checking resource address points to first and taken Business device.

Step S503：The first server that terminal is pointed to the checking resource address sends first and asked, and the request is used for Acquisition request identifying code.

Step S504：First server responds first request and identifying code picture and figure is obtained from KV data storages storehouse Piece result, wherein, the image results are the first above-mentioned verification code information.

Step S505：First server writes the session information in first request and the first verification code information got The session information of encryption, the first verification code information encrypted and encryption.

Step S506：First server generates response message.

The step is consistent with the implementation in above-described embodiment, will not be repeated here.

Step S507：Response message is back to terminal by first server.

After terminal obtains the response message, it can obtain this according to the processing mode in above-described embodiment and second test Demonstrate,prove code information after, by the first verification code information of encryption and input the second verification code information, and application account and Password is sent to application program in the lump, and the application program uses application account and password to carry out authentication to terminal, should Application program also sends the first verification code information of the second verification code information and encryption to second server, second service Device is verified using first verification code information to the second verification code information.

Pass through above-described embodiment, it is possible to achieve the trans-regional deployment of authentication server, and user is in checking, accurate, Safety can ensure that checking request can not be played without time delay.

It should be noted that for foregoing each method embodiment, in order to be briefly described, therefore it is all expressed as to one it is The combination of actions of row, but those skilled in the art should know, the application is not limited by described sequence of movement System, because according to the application, some steps can be carried out sequentially or simultaneously using other.Secondly, art technology Personnel should also know that embodiment described in this description belongs to preferred embodiment, involved action and module Not necessarily necessary to the application.

Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can add the mode of required general hardware platform to realize by software, naturally it is also possible to by hardware, but The former is more preferably embodiment in many cases.Based on it is such understand, the technical scheme of the application substantially or Say that the part contributed to prior art can be embodied in the form of software product, the computer software product is deposited Storage is in a storage medium (such as ROM/RAM, magnetic disc, CD), including some instructions are to cause a station terminal Described in each embodiment of equipment (can be mobile phone, computer, server, or network equipment etc.) execution the application Method.

Embodiment 2

According to the embodiment of the present application, a kind of verification method of identifying code is additionally provided, this method is applied in second server On, as shown in fig. 6, this method can include：

Step S601：The second request that second server receiving terminal is sent, wherein, carry encryption in the second request The first verification code information and the second verification code information, second ask for ask using encryption the first verification code information Second verification code information is verified, the first verification code information of encryption is sent to terminal for first server, the The information that two verification code informations are inputted for terminal based on the code carrier that first server is sent, code carrier with First verification code information is corresponding；

Step S603：Second server is verified in response to the second request using the first verification code information of encryption to second Code information is verified.

Specifically, carrying out checking to the second verification code information using the first verification code information of encryption can include：Second First verification code information of encryption is decrypted server, obtains the first verification code information；If the first verification code information Consistent with the second verification code information, then to verify the second verification code information correct for second server；If the first identifying code is believed Breath is inconsistent with the second verification code information, then to verify the second verification code information incorrect for second server.

Second server using the first verification code information of encryption to the second verification code information when being verified, the second clothes First verification code information of the device first to encryption of being engaged in is decrypted, and obtains the first verification code information；Compare decryption is obtained the Whether one verification code information is consistent with the second verification code information, if the first verification code information is consistent with the second verification code information, Then to verify the second verification code information correct for second server；If the first verification code information differs with the second verification code information Cause, then to verify the second verification code information incorrect for second server.

Wherein, the first verification code information is consistent with the second verification code information, refers to that the character in verification code information is consistent, Character boundary writes difference and falls within consistent category, e.g., and the first verification code information is " ABCd ", the second verification code information For " ABCD ", also judge that the first verification code information is consistent with the second verification code information.

According to above-described embodiment of the application, the encryption that first server is sent to terminal is also carried in the second request Session information, wherein, after being verified using the first verification code information of encryption to the second verification code information, the Session information and the first verification code information are saved into corresponding key assignments data storage storehouse by two servers.

In this embodiment, please by the second of the terminal after each checking completes the second verification code information of terminal The first verification code information of the encryption of middle carrying and the session information of encryption are asked as key-value pair, storage such as second server Corresponding KV data storages storehouse, the second request (during such as checking request) is received in next time, in being asked using second Session information searches whether second request is playback request (i.e. playback request), if it is, second server does not ring Should second request, if it is not, then second server responds the request.

Specifically, before being verified using the first verification code information of encryption to the second verification code information, the second clothes Device be engaged in corresponding key assignments data storage storehouse, searches whether that record has and corresponding with session information has deposited verification code information； Find it is corresponding with session information deposited verification code information in the case of, second server determines that the second request is attached most importance to Put request；Do not find it is corresponding with session information deposited verification code information in the case of, second server determines Two requests are not playback request.

Specifically, carrying out checking to the second verification code information using the first verification code information of encryption includes：Please second Ask in the case of not being playback request, the second verification code information is verified using the first verification code information of encryption；

In the case where the second request is playback request, then second server is not responding to second request, namely does not utilize First verification code information of encryption is verified to the second verification code information.

In the above-described embodiments, when receiving the second request every time, the detection of Replay Attack is carried out to it, is protected The safety of the checking system of whole identifying code is demonstrate,proved.

Above-described embodiment of the application is described in detail with reference to Fig. 7, as shown in fig. 7, above-described embodiment can To comprise the following steps：

Step S701：Terminal sends the second request to destination application server.

It can be carried using account, password, the session encrypted in the second request as checking request, the checking request The second verification code information that information, the first verification code information of encryption and terminal are received.

Step S702：Destination application server connects the session information of encryption, the first verification code information of encryption and terminal The second verification code information received is sent to second server.

Destination application server uses application account and password to carry out authentication to user, while by the session of the encryption The second verification code information that information, the first verification code information of encryption and terminal are received is sent to second server.

The corresponding table using account and region being pre-set, determining that this applies the corresponding region of account, as determined Region is Beijing-tianjin-tangshan Area, then receives the session information of the encryption, the first verification code information of encryption and terminal Second verification code information sends the server (i.e. second server) disposed to the Beijing-tianjin-tangshan Area.

Step S703：Second server is received after the second request, decrypts the session information of encryption and encrypt first Verification code information, obtains session information and the first verification code information.

First server and second server can make an appointment encryption and decryption key.

Step S704：Whether second server is attached most importance to using the session information and the request of the first verification code information checking second Put request.

The implementation of the step is consistent with the implementation of correspondence step in above-described embodiment, will not be repeated here.

Step S705：In the case where the second request is not playback request, second server verifies the first verification code information With the uniformity of the second verification code information, result is verified.

The implementation of the step is consistent with the implementation of correspondence scheme in above-described embodiment, will not be repeated here.

Step S706：The result is back to terminal by second server.

The result can be the result being verified, or the result that checking does not pass through.

Step S707：Session information and the first verification code information are used as key-value pair to be stored in corresponding KV by second server Data storage storehouse.

The session information and the first verification code information in deposit KV data storages storehouse are used to verify the checking request received Whether it is playback request.

The application is not limited the sequencing for performing above-mentioned steps S706 and step S707.

Embodiment 3

According to the embodiment of the present application, a kind of verification method of identifying code is additionally provided, this method is applied in second server On, as shown in figure 8, this method may include steps of：

Step S801：Terminal sends first to first server and asked, wherein, first asks to be used for acquisition request checking Code；

Step S802：Terminal receives the response message that first server is returned in response to the first request, wherein, response letter At least include the first verification code information of code carrier and encryption in breath；

Step S803：Terminal is based on code carrier and obtains the second verification code information；

Step S804：Terminal generation second is asked, and at least includes the of the second verification code information and encryption in the second request One verification code information；

Step S805：Terminal sends the second request to second server, wherein, second asks for utilizing encryption First verification code information is verified to the second verification code information.

Specifically, before terminal sends the first request to first server, method also includes：Terminal is to intended application Server sends access request；Terminal receives the checking resource address that destination application server is returned, wherein, checking money Source address points to first server.

Alternatively, the request of terminal generation second includes：Terminal based on the second verification code information inputted by terminal, plus Close the first verification code information, application account and the password generation second for access target application server are asked.

According to above-described embodiment of the application, terminal, which sends the second request to second server, to be included：Terminal is by second Request is sent to destination application server, wherein, application account and password in the second request are used for the conjunction for verifying terminal Method, second request in the first verification code information and the second verification code information be used for by destination application server send to Second server.

Embodiment 4

According to the embodiment of the present application, a kind of testing for identifying code for being used to implement the verification method of above-mentioned identifying code is additionally provided Card system, as shown in figure 9, the checking system of the identifying code includes：

First server 91, the first request sent for receiving terminal, wherein, first asks to test for acquisition request Demonstrate,prove code, and in response to first request, generate response message, wherein, in response message at least include code carrier and Corresponding first verification code information of code carrier；First server is additionally operable at least by code carrier and encryption One verification code information is back to terminal；

Second server 93, the second request sent for receiving terminal, wherein, carry encryption in the second request First verification code information and the second verification code information, second asks for asking the first verification code information pair using encryption Second verification code information is verified that the second verification code information is the code carrier that terminal is sent based on first server And the information inputted；Second server is additionally operable in response to the second request, using the first verification code information of encryption to the Two verification code informations are verified.

Specifically, the first server in the program, is additionally operable in first server at least by code carrier and encryption The first verification code information while be back to terminal, the session information of encryption is sent to terminal；Second server, It is additionally operable to after the second request of terminal is received, the session information of the encryption in being asked using second and the of encryption One verification code information judges whether the second request is playback request.

Embodiment 5

According to the embodiment of the present application, a kind of testing for identifying code for being used to implement the verification method of above-mentioned identifying code is additionally provided Card device, as shown in Figure 10, is arranged in first server, and the device includes：

First receiving unit 101, the first request sent for receiving terminal, wherein, first asks to obtain for request Take identifying code；

First response unit 103, in response to the first request, generating response message, wherein, in response message extremely Include code carrier and corresponding first verification code information of code carrier less；

First returning unit 105, for first server at least by code carrier and the first verification code information of encryption Terminal is back to, wherein, code carrier is used for instruction terminal and inputs the second verification code information, the first checking of encryption The second checking information that code information is used in the second request that second server is sent to terminal is verified.

Present invention also provides a kind of checking device of identifying code, it is arranged on second server, the device can include As shown in figure 11：Second receiving unit 111, the second request sent for receiving terminal, wherein, the second request In carry the first verification code information and the second verification code information of encryption, second asks for asking the using encryption One verification code information verifies that the first verification code information of encryption sends for first server to the second verification code information To terminal, the information that the second verification code information is inputted for terminal based on the code carrier that first server is sent, Code carrier is corresponding with the first verification code information；Second response unit 113, for second server in response to Two requests, are verified using the first verification code information of encryption to the second verification code information.

Present invention also provides a kind of checking device for the identifying code being arranged in terminal, the device includes as shown in figure 12 's：First transmitting element 121, is asked for sending first to first server, wherein, first asks to be used to ask Obtain identifying code；3rd receiving unit 123, for receiving first server in response to the first request, the response of return Information, wherein, the first verification code information that code carrier and code carrier are carried at least is included in response message； Acquiring unit 125, for obtaining the second verification code information based on code carrier；Generation unit 127, for generating the Two requests, at least include the first verification code information of the second verification code information and encryption in the second request；Second sends single Member 129, for the second request to be sent to second server, wherein, second is asked for being tested using the first of encryption Card code information is verified to the second verification code information.

It should be noted that example and applied field that said units or module are realized with the step in corresponding embodiment Scape is identical, but is not limited to above-described embodiment disclosure of that.It should be noted that said units are used as the one of device Part may operate in the terminal of embodiment offer, can be realized by software, can also be real by hardware It is existing.

Embodiment 6

Embodiments herein can provide a kind of terminal, the terminal can be terminal group in Any one computer terminal (terminal described above, first server or second server).Alternatively, exist In the present embodiment, above computer terminal can also replace with the terminal devices such as mobile terminal.

Alternatively, in the present embodiment, above computer terminal can be located in multiple network equipments of computer network At least one network equipment.

Alternatively, Figure 13 is a kind of structured flowchart of terminal according to the embodiment of the present application.As shown in figure 13, Terminal A can include：One or more (one is only shown in figure) processors 1301, memory 1303, And transmitting device 1305.

Wherein, memory 1303 can be used for storage software program and module, such as the identifying code in the embodiment of the present application Verification method and the corresponding programmed instruction/module of device, processor 1301 are stored in memory 1303 by operation Software program and module, so as to perform various function application and data processing, that is, realize testing for above-mentioned identifying code Card method.Memory 1303 may include high speed random access memory, can also include nonvolatile memory, such as one or The multiple magnetic storage devices of person, flash memory or other non-volatile solid state memories.In some instances, memory 1303 can further comprise the memory remotely located relative to processor 1301, and these remote memories can pass through Network connection is to terminal A.The example of above-mentioned network includes but is not limited to internet, intranet, LAN, shifting Dynamic communication network and combinations thereof.

Above-mentioned transmitting device 1305 is used to data are received or sent via a network.Above-mentioned network instantiation It may include cable network and wireless network.In an example, transmitting device 1305 includes a network adapter (Network Interface Controller, NIC), it can pass through netting twine and other network equipments and router phase Connect to be communicated with internet or LAN.In an example, transmitting device 1305 is radio frequency (Radio Frequency, RF) module, it is used to wirelessly be communicated with internet.

Wherein, specifically, memory 1303 be used for the information for storing deliberate action condition and default access user and Application program.

In the present embodiment, above computer terminal can perform following steps in the verification method of identifying code：

Step S1：The first request that first server receiving terminal is sent, wherein, first asks to test for acquisition request Demonstrate,prove code；

Step S2：First server generates response message in response to the first request, wherein, at least wrapped in response message Include code carrier and corresponding first verification code information of code carrier；

Step S3：First verification code information of code carrier and encryption is at least back to terminal by first server, its In, code carrier is used for instruction terminal and inputs the second verification code information, and the first verification code information of encryption is used for second The second checking information in the second request that server is sent to terminal is verified.

Above computer terminal can also carry out following steps in the verification method of identifying code：

Step S4：The second request that second server receiving terminal is sent, wherein, carry encryption in the second request First verification code information and the second verification code information, second asks for asking the first verification code information pair using encryption Second verification code information is verified that the first verification code information of encryption is sent to terminal, second for first server The information that verification code information is inputted for terminal based on the code carrier that first server is sent, code carrier and One verification code information is corresponding；

Step S5：Second server is in response to the second request, using the first verification code information of encryption to the second identifying code Information is verified.

Above-mentioned processor can also carry out following steps in the verification method of identifying code：

Step S6：Terminal sends first to first server and asked, wherein, first asks to be used for acquisition request identifying code；

Step S7：Terminal receives the response message that first server is returned in response to the first request, wherein, response message In at least include code carrier and encryption the first verification code information, first verification code information be code carrier in The information of carrying；

Step S8：Terminal is based on code carrier and obtains the second verification code information；

Step S9：Terminal generation second is asked, and at least includes the first of the second verification code information and encryption in the second request Verification code information；

Step S10：Terminal sends the second request to second server, wherein, second asks for utilizing encryption First verification code information is verified to the second verification code information.

It will appreciated by the skilled person that the structure shown in Figure 13 is only signal, terminal can also be Smart mobile phone (such as Android phone, iOS mobile phones), tablet personal computer, applause computer and mobile internet device The terminal device such as (Mobile Internet Devices, MID), PAD.Figure 13 its not to above-mentioned electronic installation Structure cause limit.For example, terminal may also include the component more or less than shown in Figure 13 (such as Network interface, display device etc.), or with the configuration different from shown in Figure 13.

One of ordinary skill in the art will appreciate that all or part of step in the various methods of above-described embodiment is can be with Completed by program come the device-dependent hardware of command terminal, the program can be stored in a computer-readable storage medium In matter, storage medium can include：Flash disk, read-only storage (Read-Only Memory, ROM), deposit at random Take device (Random Access Memory, RAM), disk or CD etc..

Embodiment 7

Embodiments herein additionally provides a kind of storage medium.Alternatively, in the present embodiment, above-mentioned storage medium It can be used for preserving the program code performed by the verification method for the identifying code that above-described embodiment one is provided.

Alternatively, in the present embodiment, above-mentioned storage medium can be located in computer network Computer terminal group In any one terminal, or in any one mobile terminal in mobile terminal group.

Alternatively, in the present embodiment, storage medium is arranged to the program code that storage is used to perform following steps：

Step S7：Terminal receives the response message that first server is returned in response to the first request, wherein, response message In at least include code carrier and encryption the first verification code information；

Above-mentioned the embodiment of the present application sequence number is for illustration only, and the quality of embodiment is not represented.

In above-described embodiment of the application, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment The part of detailed description, may refer to the associated description of other embodiment.

In several embodiments provided herein, it should be understood that disclosed client, others can be passed through Mode is realized.Wherein, device embodiment described above is only schematical, such as division of described unit, It is only a kind of division of logic function, there can be other dividing mode when actually realizing, such as multiple units or component Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, institute Display or the coupling each other discussed or direct-coupling or communication connection can be by some interfaces, unit or mould The INDIRECT COUPLING of block or communication connection, can be electrical or other forms.

The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to On multiple NEs.Some or all of unit therein can be selected to realize the present embodiment according to the actual needs The purpose of scheme.

In addition, each functional unit in the application each embodiment can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.It is above-mentioned integrated Unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.

If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used When, it can be stored in a computer read/write memory medium.Understood based on such, the technical scheme of the application The part substantially contributed in other words to prior art or all or part of the technical scheme can be produced with software The form of product is embodied, and the computer software product is stored in a storage medium, including some instructions are to make Obtain a computer equipment (can be personal computer, server or network equipment etc.) and perform each implementation of the application The all or part of step of example methods described.And foregoing storage medium includes：USB flash disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic Dish or CD etc. are various can be with the medium of store program codes.

Described above is only the preferred embodiment of the application, it is noted that for the ordinary skill people of the art For member, on the premise of the application principle is not departed from, some improvements and modifications can also be made, these improve and moistened Decorations also should be regarded as the protection domain of the application.

Claims

1. a kind of verification method of identifying code, it is characterised in that including：

The first request that first server receiving terminal is sent, wherein, described first asks to test for acquisition request Demonstrate,prove code；

The first server generates response message in response to the described first request, wherein, the response message In at least include code carrier and corresponding first verification code information of the code carrier；

First verification code information of the code carrier and encryption is at least back to described by the first server Terminal, wherein, the code carrier is used to indicate that the terminal inputs the second verification code information, the encryption The first verification code information be used for second server the terminal is sent second request in it is described second verify Information is verified.

2. according to the method described in claim 1, it is characterised in that generation response message includes：

The first server reads the code carrier and described first from corresponding key assignments data storage storehouse Verification code information；

The session information and first verification code information carried in asking described first is encrypted, and is added Close session information and the first verification code information of the encryption；

Session information based on the encryption, the first verification code information of the encryption and the code carrier, Generate the response message.

3. method according to claim 2, it is characterised in that in the first server at least by the identifying code While carrier and the first verification code information of encryption are back to the terminal, methods described also includes：

The first server sends the session information of the encryption to the terminal, wherein, the encryption Session information and the first verification code information of the encryption judge that second request is for the second server No is playback request.

4. method according to claim 2, it is characterised in that the session information carried in first request includes： Session number or session id.

5. method as claimed in any of claims 1 to 4, it is characterised in that the code carrier includes： Identifying code picture.

6. a kind of verification method of identifying code, it is characterised in that including：

The second request that second server receiving terminal is sent, wherein, carry encryption in second request First verification code information and the second verification code information, described second asks for asking first using the encryption Verification code information verifies that the first verification code information of the encryption is first to second verification code information Server is sent to the terminal, and second verification code information is that the terminal is based on the first server The code carrier of transmission and the information inputted, the code carrier are corresponding with first verification code information；

The second server is in response to the described second request, using the first verification code information of the encryption to institute The second verification code information is stated to be verified.

7. method according to claim 6, it is characterised in that using the first verification code information of the encryption to institute Stating the progress checking of the second verification code information includes：

First verification code information of the encryption is decrypted the second server, obtains first checking Code information；

If first verification code information is consistent with second verification code information, the second server checking Go out second verification code information correct；

If first verification code information and second verification code information are inconsistent, the second server is tested Demonstrate,prove out second verification code information incorrect.

8. method according to claim 6, it is characterised in that first clothes are also carried in second request Business device is sent to the session information of the encryption of the terminal, wherein, believe using the first identifying code of the encryption After breath is verified to second verification code information, methods described also includes：

The session information and first verification code information are saved into corresponding key assignments and deposited by the second server Store up database.

9. the method according to any one in claim 6 to 8, it is characterised in that also taken in second request The session information of the encryption of the terminal is sent to the first server, wherein,

Before being verified using the first verification code information of the encryption to second verification code information, institute Stating method also includes：In corresponding key assignments data storage storehouse, search whether that record has and the session information pair That answers has deposited verification code information；Find it is corresponding with the session information deposited verification code information in the case of, The second server determines that second request is playback request；It is corresponding with the session information not finding Deposited verification code information in the case of, the second server determine it is described second request for the playback please Ask；

Carrying out checking to second verification code information using the first verification code information of the encryption includes：Institute State the second request not be the playback request in the case of, using the first verification code information of the encryption to described Second verification code information is verified.

10. a kind of verification method of identifying code, it is characterised in that including：

Terminal sends first to first server and asked, wherein, described first asks to be used for acquisition request identifying code；

The terminal receives the response message that the first server is returned in response to the described first request, wherein, At least include the first verification code information of code carrier and encryption in the response message；

The terminal is based on the code carrier and obtains the second verification code information；

The terminal generation second is asked, and at least includes second verification code information and institute in second request State the first verification code information of encryption；

The terminal sends the described second request to second server, wherein, described second asks to be used to utilize First verification code information of the encryption is verified to second verification code information.

11. method according to claim 10, it is characterised in that send the first request to first server in terminal Before, methods described also includes：

The terminal sends access request to destination application server；

The terminal receives the checking resource address that the destination application server is returned, wherein, the checking money Source address points to the first server.

12. method according to claim 10, it is characterised in that the request of terminal generation second includes：

The terminal is tested based on second verification code information inputted by the terminal, the first of the encryption Demonstrate,prove code information, application account and password generation second request for access target application server.

13. method according to claim 12, it is characterised in that the terminal sends the described second request to second Server includes：

The terminal sends the described second request to the destination application server, wherein, second request In the application account and the password be used to verify the legitimacy of the terminal, the institute in second request Stating the first verification code information and second verification code information is used to be sent to described by the destination application server Second server.

14. method according to claim 12, it is characterised in that the terminal receive the first server in response to After the response message that first request is returned, methods described also includes：The terminal is by the of the encryption One verification code information is stored in the Hidden field of the page.

15. a kind of checking system of identifying code, it is characterised in that including：

First server, the first request sent for receiving terminal, wherein, described first asks to be used to ask Identifying code is obtained, and in response to the described first request, generates response message, wherein, in the response message extremely Include code carrier and corresponding first verification code information of the code carrier less；The first server is also For the first verification code information of the code carrier and encryption at least to be back into the terminal；

Second server, for receiving the second request that the terminal is sent, wherein, taken in second request The first verification code information and the second verification code information with the encryption, described second asks to be used to ask to utilize First verification code information of the encryption verifies that second identifying code is believed to second verification code information Cease the information inputted for the terminal based on the code carrier that the first server is sent；Second clothes Business device is additionally operable to, in response to the described second request, test described second using the first verification code information of the encryption Card code information is verified.

16. system according to claim 15, it is characterised in that

The first server, is additionally operable in the first server at least by the code carrier and encryption While first verification code information is back to the terminal, the session information of encryption is sent to the terminal；

The second server, is additionally operable to after the second request of the terminal is received, utilizes described second The session information of the encryption in request and the first verification code information of the encryption judge that second request is No is playback request.

17. the checking device of a kind of identifying code, it is characterised in that be arranged in first server, including：

First receiving unit, the first request sent for receiving terminal, wherein, described first asks to be used to ask Seek acquisition identifying code；

First response unit, in response to the described first request, generating response message, wherein, the response At least include code carrier and corresponding first verification code information of the code carrier in information；

First returning unit, is at least tested for the first server by the first of the code carrier and encryption Card code information is back to the terminal, wherein, the code carrier is used to indicate that the terminal input second is tested Code information is demonstrate,proved, the first verification code information of the encryption is asked for second server is sent to the terminal second Second checking information in asking is verified.

18. the checking device of a kind of identifying code, it is characterised in that be arranged on second server, including：

Second receiving unit, the second request sent for receiving terminal, wherein, carried in second request There are the first verification code information and the second verification code information of encryption, described second asks to be used to ask to add using described The first close verification code information verifies that the first identifying code of the encryption is believed to second verification code information Cease and be sent to the terminal for first server, second verification code information is that the terminal is based on described the Code carrier that one server is sent and the information that inputs, the code carrier are believed with first identifying code Manner of breathing correspondence；

Second response unit, for the second server in response to the described second request, utilizes the encryption First verification code information is verified to second verification code information.

19. the checking device of a kind of identifying code, it is characterised in that be arranged in terminal, including：

First transmitting element, is asked for sending first to first server, wherein, described first asks to be used for Acquisition request identifying code；

3rd receiving unit, believes for receiving the response that the first server is returned in response to the described first request Breath, wherein, the first verification code information of code carrier and encryption is at least included in the response message；

Acquiring unit, for obtaining the second verification code information based on the code carrier；

Generation unit, is asked for generating second, and at least including second identifying code in second request believes Breath and the first verification code information of the encryption；

Second transmitting element, for the described second request to be sent to second server, wherein, described second please Ask and second verification code information is verified for the first verification code information using the encryption.