A verification code checking method and device

Abstract

This invention provides a verification code verification method and apparatus. The method includes: receiving a verification code generation request; randomly selecting a first interaction rule from any interactive game category; generating a first verification code that can be completed within 10 seconds according to the first interaction rule; sending the first verification code to a client for display; and receiving and verifying the first interaction data generated by the client based on the first verification code to obtain a verification code verification result. This invention uses game-like interaction rules as verification codes and limits completion to within 10 seconds, thus limiting the game difficulty and addressing user aversion to verification codes, thereby improving the user experience. Simultaneously, since each verification code is randomly selected from multiple interactive game categories, it effectively prevents credential stuffing attacks. Even with cheating software, it is difficult to identify the interaction rules, thus effectively improving the security performance of the verification code. Therefore, while improving the security performance of the verification code, it also ensures a good user experience.

Description

Technical Field

[0001] This invention relates to the field of technology, and in particular to a verification code verification method and apparatus. Background Technology

[0002] CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart," a fully automated public program that distinguishes between a computer and a human user. It prevents malicious password cracking, vote rigging, and forum spamming, effectively preventing a hacker from repeatedly attempting to log in to a specific user account using brute-force methods. CAPTCHA generation essentially involves posing a question to the user, which can be generated and judged by a computer, but must be solvable only by a human. Because computers cannot answer CAPTCHA questions, users who answer correctly are considered human.

[0003] With the rapid development of the internet and the increasing number of open application systems on the network where user interests can be transferred, enhancing human-machine authentication during login has become a crucial aspect of system information security. Previously, CAPTCHA generation typically employed the following methods:

[0004] 1. By generating a recognizable graphic image containing information that requires human intervention. However, this method can solve most CAPTCHAs through image processing combined with OCR text recognition.

[0005] 2. Use a simple question-and-answer style mouse click and drag method.

[0006] However, this method can be solved by combining machine vision with mouse simulation;

[0007] 3. Use communication tools to send a specified verification code, such as a mobile phone SMS, email verification code, or a more complex voice message to send a response to the user.

[0008] However, this method has the following drawbacks:

[0009] First, since both are sent in plaintext, there is a risk of email and SMS verification code leakage. For example, SMS verification codes can be solved by using APP plug-ins, SMS recognition + SIM card pool, etc., while email verification codes can be solved by registering a large number of email addresses, using email clients to receive emails, and using text keywords and semantic recognition.

[0010] Secondly, it's impossible to guarantee 100% uninterrupted delivery of information at all times. Factors affecting SMS verification code delivery rates include not only the service provider's quality but also the user's mobile phone itself, the signal strength in the user's area, and the influence of client-side security software. Some users like to install security software, or some phones and PCs come pre-installed with various security programs. When login verification is required, the verification code may have already been blocked by these programs as spam, while the user is still waiting for it. Similarly, email verification codes are also related to the service provider's quality and the user's network conditions.

[0011] Then, due to the restrictions on the validity of email and mobile phone numbers, you will not be able to receive the verification code if you change your mobile phone number or email address.

[0012] Finally, voice-based methods often have low user tolerance, are time-consuming and energy-draining, and have been gradually cracked with the rise of voice recognition and app plug-ins.

[0013] 4. Presenting various questions requiring answers through images, then collecting and matching the terminal responses. This method can solve some CAPTCHAs using image processing, OCR text recognition, and knowledge graphs. Furthermore, it can embed machine-generated web crawlers in internet ticket-grabbing applications to collect questions, then collect the correct answers generated by users' manual image recognition and send them to a third-party server. This allows for large-scale application and rapid generation of a question bank and corresponding correct answers on the third-party server, providing a credential stuffing attack solution. This requires CAPTCHA and app developers to frequently update the question bank and implement various methods to prevent cheating.

[0014] As various internet applications increasingly prioritize security and offer more limited-time or limited-quantity discounts to attract customers, the demands on CAPTCHAs—a crucial element in resisting machine attacks and ensuring security and fairness—are rising. For example, there's a need to reduce CAPTCHA complexity, prevent rapid AI recognition, guard against credential stuffing attacks, avoid using SMS or voice verification methods, and address user aversion to CAPTCHAs. Summary of the Invention

[0015] To address the aforementioned problems in the prior art, this invention provides a verification code verification method and apparatus that improves the security performance of verification codes while ensuring a good user experience.

[0016] To achieve the above objectives, the technical solution adopted by the present invention is as follows:

[0017] In a first aspect, the present invention provides a verification code verification method, comprising:

[0018] Receive a verification code generation request, randomly select the first interaction rule of any interactive game class, generate a first verification code that can be completed within 10 seconds according to the first interaction rule, and send the first verification code to the client for display;

[0019] Receive and verify the first interactive data generated by the client based on the first verification code to obtain the verification code verification result.

[0020] The beneficial effects of this invention are as follows: Using game-like interactive rules as CAPTCHAs, the game-like nature of the rules makes them naturally appealing to most users. Furthermore, limiting the completion time to 10 seconds restricts the game's difficulty, addressing user aversion to CAPTCHAs and improving the user experience. Simultaneously, since there are various interactive game types, each CAPTCHA is randomly selected, effectively preventing credential stuffing attacks. Even with cheating software, it is difficult to identify the interactive rules, thus effectively improving the security of the CAPTCHA. Therefore, while enhancing CAPTCHA security, the user experience is also guaranteed.

[0021] Optionally, receiving and verifying the first interactive data generated by the client based on the first verification code to obtain the verification code verification result includes:

[0022] The client receives first interactive data generated based on the first verification code, the first interactive data including first interactive process data and first interactive result;

[0023] The first interactive process data is evaluated to determine whether the operation data is qualified and to determine whether the first simulation result generated according to the first verification code and the first interactive process data is consistent with the first interactive result. If all the evaluation results are positive, the verification result of the first interactive process data is qualified.

[0024] Determine whether the first interaction result meets the pass rules of the first verification code. If so, the verification result of the first interaction result is qualified.

[0025] The verification code verification result is obtained based on the verification results of the first interaction process data and the first interaction result. If the verification results of the first interaction process data and the first interaction result are both qualified, then the verification code verification result is qualified.

[0026] As described above, by collecting user operation data during the interaction with the first verification code, and since this data reflects the user's interaction process in decrypting the verification code, after verifying the legality of the user operation data, the interaction process data is simulated to obtain the simulated results. Based on the consistency between the simulated results and the actual interaction results, a second verification of the user operation data is performed. This allows it to determine whether the user is genuinely using the client or directly obtaining the result through a cracking method, thus accurately identifying the user's type. Even methods that obtain accurate verification results through cracking can be identified, further improving the security of the verification code.

[0027] Optionally, the determination of whether the data processed in the first interactive process is qualified includes:

[0028] The first interaction process data is evaluated to determine whether it contains operation data, whether the timestamp that generated the operation data exists and is reasonable, whether the format of the operation data is correct, and whether the operation data is parseable.

[0029] As described above, the data transmitted from different sensors on the client side has different formats and requires corresponding parsing methods. In this way, the legality of the operation data is comprehensively judged by combining four factors.

[0030] Optionally, if the first interaction process data further includes a first completion time, then the verification of the first interaction process data further includes:

[0031] Calculate the normal distribution of the completion time for the first verification code by normal users;

[0032] Determine whether the first completion time falls within (μ1-nσ1,μ1+nσ1) of the normal user's completion time. If it does, the determination result of the first completion time is a positive result; otherwise, the verification result of the first interaction process data is unqualified. Here, μ1 is the mathematical expectation of the normal user's completion time, σ1 is the standard deviation of the normal user's completion time, and n takes values ​​in the range [2,4].

[0033] As described above, if the method is cracked, the initial completion time will be extremely short. Therefore, by comparing the completion time of normal users, abnormal completion times can be identified, thereby further improving the security performance of CAPTCHAs.

[0034] Optionally, it also includes:

[0035] Within a real-time time interval, the usage of each interactive rule is statistically analyzed.

[0036] Based on a comparison of the interaction usage within the real-time time interval and the interaction usage within the historical time interval, it is determined whether the difficulty of each interaction rule is too high or too low. If the difficulty of a certain interaction rule is too high or too low, a rule usage warning is issued.

[0037] Optionally, the interaction usage data includes completion time, number of calls, and call success rate. Then, the step of comparing the interaction usage data within the real-time time interval with the interaction usage data within the historical time interval to determine whether the difficulty of each interaction rule is too high or too low includes:

[0038] For each interaction rule, determine whether the average completion time in the real-time time interval is within (μ1-nσ1,μ1+nσ1) of the normal user completion time in the historical time interval, where μ1 is the expected value of the normal user completion time, σ1 is the standard deviation of the normal user completion time, and n takes values ​​in the range [2,4].

[0039] For each interaction rule, determine whether the number of calls within the real-time time interval is within (μ2-mσ2,μ2+mσ2) of the number of calls in the most recent time period, where μ2 is the expected value of the number of calls in the most recent time period, σ2 is the standard deviation of the number of calls in the most recent time period, and the initial value of m is [1,3], and then obtained according to a preset confidence interval, which is [90%,100%).

[0040] For each interaction rule, it is determined whether the call success rate within the real-time time interval is within (μ3-pσ3,μ3+pσ3) of the call success rate in the most recent time period, where μ3 is the expected value of the call success rate in the most recent time period, σ3 is the standard deviation of the call success rate in the most recent time period, and the initial value of p is [1,3], and then obtained according to a preset confidence interval, which is [90%,100%).

[0041] If the average completion time of an interaction rule does not fall within the corresponding interval and the average completion time is less than μ1-nσ1, and the number of calls and the call pass rate both do not fall within the corresponding interval and are both on the right side of the interval, then the difficulty of this interaction rule is too low. If the average completion time of an interaction rule does not fall within the corresponding interval and the average completion time is greater than μ1+nσ1, and the number of calls and the call pass rate both do not fall within the corresponding interval and are both on the left side of the interval, then the difficulty of this interaction rule is too high.

[0042] As described above, by proactively analyzing and preventing interaction rules, we can not only optimize the rules to ensure their security and improve user experience, but also effectively reduce the workload of updating and maintaining CAPTCHAs, and promptly detect and resolve abnormal CAPTCHA usage.

[0043] Optionally, the step of randomly selecting a first interaction rule for any interactive game class, generating a first verification code that can be completed within 10 seconds based on the first interaction rule, and sending the first verification code to the client for display includes:

[0044] Randomly select the first interactive rule of any interactive game class from the interactive rule base, generate and save the first CAPTCHA instance containing the first interactive rule, instructions for use, level passing rules and a unique identification ID;

[0045] The interactive script, which includes the first interactive rule, the instructions for use, and the first verification code with a unique identification ID, will be sent to the client for display.

[0046] Optionally, the generation process of the interactive rule base is as follows:

[0047] Using various interactive game categories as scripts, the interactive rules and elements of each game category are extracted. For each game category, based on its interactive rules, multiple interactive scripts that can be completed within 10 seconds are automatically generated by controlling the generated content, trimming the level size, and limiting the number of interactive elements, thus forming an interactive rule.

[0048] As described above, the CAPTCHA generated based on the interactive rule base is an interactive CAPTCHA created by extracting key interactive rules and various interactive elements from puzzle games and then appropriately tailoring them. It features adjustable difficulty, diverse sensors and interactive types, a wide range of suitable users, and is difficult for AI to manipulate and learn.

[0049] Optionally, it also includes:

[0050] Receive configuration information from the administrator for each interaction rule, and update the interaction rules according to the configuration information.

[0051] In a second aspect, the present invention provides a verification code verification device, including a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the computer program, it implements a verification code verification method provided in the first aspect.

[0052] The technical effects of the verification code verification device provided in the second aspect are described in the relevant description of the verification code verification method provided in the first aspect. Attached Figure Description

[0053] Figure 1 This is a schematic diagram of the main process of a verification code verification method according to an embodiment of the present invention;

[0054] Figure 2 This is a schematic diagram of the system framework corresponding to a verification code verification method according to an embodiment of the present invention;

[0055] Figure 3 This is a schematic diagram of the interaction process of a verification code verification method according to an embodiment of the present invention;

[0056] Figure 4 This is a flowchart illustrating the manual maintenance by the administrator and the proactive prevention by the system in an embodiment of the present invention;

[0057] Figure 5 This is a schematic diagram of the structure of a verification code verification device according to an embodiment of the present invention.

[0058] [Explanation of Labels in the Attached Image]

[0059] 1: A verification code verification device;

[0060] 2: Processor;

[0061] 3: Memory. Detailed Implementation

[0062] To better understand the above technical solutions, exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present invention are shown in the drawings, it should be understood that the present invention can be implemented in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that the present invention can be understood more clearly and thoroughly, and that the scope of the present invention can be fully conveyed to those skilled in the art.

[0063] Example 1

[0064] Please refer to Figure 2 The system involved in this embodiment includes a client and a server, wherein the steps in this embodiment are executed by the server. Therefore, the composition of the server is described as follows:

[0065] 1) Interactive Rule Library: This database table stores various interactive rules used to generate interactive CAPTCHAs. It includes information such as the interactive rule code, name, type, script, required materials for the interactive element, level number, difficulty, instructions, and validity status.

[0066] In this embodiment, the process of generating the interactive rule base is as follows:

[0067] Using various interactive game categories as scripts, the interactive rules and elements of each game category are extracted. For each game category, based on its interactive rules, multiple interactive scripts that can be completed within 10 seconds are automatically generated by controlling the generated content, trimming the level size, and limiting the number of interactive elements, thus forming an interactive rule.

[0068] The use of various interactive game scripts refers to referencing and extracting various JavaScript, HTML5, and other scripts to create mini-games, such as pinball, Mario puzzles, jigsaw puzzles, Sokoban, reflection puzzles, line-matching puzzles, side-scrolling platformers, piano tile puzzles, connect-the-dots, rhythm games, motion-sensing games, and balance games. Then, by optimizing the script, controlling the generated content, trimming the level size, and limiting the number of interactive elements, an interactive CAPTCHA generation script is created that can be completed by ordinary users within 10 seconds. The resulting CAPTCHAs are characterized by adjustable difficulty, diverse sensors and interactive types, a wide target audience, and difficulty in being manipulated and learned by AI.

[0069] 2) Interactive rule instance generator: mainly used to generate the verification code required by the client. The specific implementation is discussed below.

[0070] 3) Interaction rule validator: It is mainly used to receive user interaction information collected by the client and verify whether the verification is qualified. The specific implementation is discussed below.

[0071] 4) Rule Configuration Management System: Configures and modifies the interactive rule base. The specific implementation is discussed below.

[0072] Please refer to Figures 1 to 4 A verification code verification method, comprising the following steps:

[0073] S1. Receive a verification code generation request, randomly select the first interaction rule of any interactive game class, generate a first verification code that can be completed within 10 seconds according to the first interaction rule, and send the first verification code to the client for display;

[0074] Among them, reference Figure 3 It can be seen that step S1 specifically includes:

[0075] S11. Receive verification code generation request;

[0076] Specifically, when a user needs a verification code while operating on the client, the client calls the verification code generation API (Application Programming Interface) to call the server's program over the network, and the server receives the verification code generation request.

[0077] S12. Randomly select the first interactive rule of any interactive game class from the interactive rule base, generate and save the first verification code instance containing the first interactive rule, instructions for use, level passing rules and unique identification ID;

[0078] Specifically, the server-side interactive rule instance generator randomly selects valid rule scripts from the interactive rule library to generate interactive verification code instances, which include scripts, usage instructions, corresponding pass rules, and unique identification IDs.

[0079] Each interactive game category includes interactive rules for different levels, difficulties, and appearance skins. Therefore, the first interactive rule is one of the interactive rules randomly selected from a category.

[0080] Therefore, when the interaction rule base contains more than 10 interaction rules, and each interaction rule has configurable features such as levels, difficulty, and appearance skins, it can effectively prevent credential stuffing attacks. Even if cheats exist, it is difficult to identify the interaction rules and correctly simulate various sensors and interaction behaviors.

[0081] S13. Send the interactive script, including the first interactive rule, the instructions for use, and the first verification code with a unique identification ID to the client for display.

[0082] For the client, upon receiving the interactive verification code instance returned by the server, it performs corresponding script parsing and display, returning an interactive verification code to the user.

[0083] For users, the interaction involves reading the user manual and recognizing verification codes to operate the client. During this process, the client records data from various input devices and sensors, including the interaction time and final result, and then sends this data to the server.

[0084] Meanwhile, interactive verification code instances are stored in the server-side cache, and their unique identifiers, combined with the session, are also stored on the server for verification. Related instances are stored in the interactive instance and database.

[0085] S2. Receive and verify the first interactive data generated by the client based on the first verification code to obtain the verification code verification result.

[0086] Among them, reference Figure 3 It can be seen that step S2 specifically includes:

[0087] S21. Receive first interactive data generated by the client based on the first verification code. The first interactive data includes first interactive process data, first completion time, and first interactive result.

[0088] S22. Determine whether the operation data of the first interaction process is qualified and determine whether the first simulation result generated according to the first verification code and the first interaction process data is consistent with the first interaction result. If all the judgment results are positive, the verification result of the first interaction process data is qualified.

[0089] In this embodiment, the server's interaction rule validator will comprehensively determine the user type based on unique identification ID, session, pass rules, user interaction data, completion time, interaction results, etc. If the user is determined to be a robot, it will return unqualified; if it is determined to be a human, it will return qualified.

[0090] The determination of whether the data processed in the first interactive process is qualified includes:

[0091] S221. Calculate the normal distribution of the completion time of the first verification code by normal users, and determine whether the first completion time falls within (μ1-3σ1,μ1+3σ1) of the normal user completion time. If it falls within this range, the judgment result of the first completion time is a positive result; otherwise, the verification result of the first interaction process data is unqualified. Here, μ1 is the expected value of the normal user completion time, and σ1 is the standard deviation of the normal user completion time.

[0092] In other embodiments, the value of n in whether the first completion time falls within (μ1-nσ1, μ1+nσ1) of the normal user completion time can also be 2 or 4.

[0093] If the data does not fall within the range, the verification result of the first interactive process data is deemed unqualified.

[0094] S222, Determine whether the data in the first interaction process contains operation data, whether the timestamp for generating the operation data exists and is reasonable, whether the format of the operation data is correct, and whether the operation data is parseable.

[0095] Specifically, it includes:

[0096] a. Whether there is operation data and whether the timestamp for generating the operation data exists and is reasonable: User interaction data, that is, the data generated by the client's sensors and input devices after the user operates the client, and whether the timestamp for the data generation exists, are all valid.

[0097] Among them, client-side sensors and input devices include keyboards, mice, and touch screens on PCs, and touch screens, gyroscopes, GPS positioning, gesture, audio and video, gravity, acceleration, and other sensors on mobile phones.

[0098] b. Judgment on whether the format of the operation data is correct and whether the operation data is parsable: The data transmitted by different sensors should match the sensor type and parsing method. For example, if the interactive data is generated by a mouse, it includes the change in the X coordinate, the change in the Y coordinate, the change in the scroll wheel; the middle button, right button, left button events; events such as drag and drop generated by combining the left button and coordinate changes. Another example is that the data generated by the keyboard should include whether the Left Control is pressed, whether the Left Shift is pressed, whether the Left Alt is pressed, whether the Left GUI is pressed, whether the Right Control is pressed, whether the Right Shift is pressed, whether the Right Alt is pressed, whether the Right GUI is pressed, etc.; it also includes ordinary button events keydown\keyup\keypress and numerical values, and the numerical values include 1-6 key values. If the sensor data is parsed by calling the corresponding format parser according to the sensor type and the correct result is obtained without reporting an exception, the format is correct and parsable, and it is judged as qualified.

[0099] Among them, to judge whether the first simulation result generated according to the first verification code and the first interactive process data is consistent with the first interactive result, the parsed user interactive data and the interactive rule instance script are input into the verification module at the same time for the server re-verification operation, and the consistency judgment is made according to the output result and the received result. This is equivalent to simulating the user operation to see if the result sent by the user can be obtained, greatly increasing the cracking cost and reducing the possibility of cracking.

[0100] Among them, the verification module is encapsulated by the browser kernel.

[0101] It should be noted that in this embodiment, the judgment of the verification result of the interactive process data also includes some conventional judgments, such as conventional judgment methods for identifying whether the user submits normally through session, data encrypted transmission and decryption, etc., which will not be elaborated here.

[0102] S23. Judge whether the first interactive result conforms to the passing rule of the first verification code. If so, the verification result of the first interactive result is qualified;

[0103] Among them, the interactive result can be success, failure or a certain score value, etc., and it needs to be judged according to the passing rule matched by the instance corresponding to the unique identification ID; for example, if the condition marked in the rule is greater than a certain score, the final interactive result should be numerical, and it is judged as qualified within the condition described in the rule. For example, it is required to be greater than 90 points, and the interactive result this time is 95 points, then the verification result of this interactive result is qualified; another example is that it is required to eliminate all the same squares, and the interactive result this time is that there are 2 squares with the same identification among the remaining squares, then the verification of this interactive result is unqualified.

[0104] S24. Obtain the verification code verification result based on the verification results of the first interaction process data and the first interaction result. If the verification results of the first interaction process data and the first interaction result are both qualified, then the verification code verification result is qualified.

[0105] In this embodiment, the verification code is considered valid only if all the above judgments are passed.

[0106] S3. Receive the configuration information for each interaction rule from the administrator, and update the interaction rules according to the configuration information.

[0107] Reference Figure 4 It can be seen that the administrator's manual maintenance and management process includes:

[0108] 1) Administrators can check rule usage status through manual maintenance;

[0109] 2) The interactive rule configuration management system calls interactive rule instances and usage data to perform corresponding statistics;

[0110] 3) The interactive rules configuration management system returns usage statistics;

[0111] 4) The administrator determines which rules need to be modified based on the statistical results.

[0112] The process for managing interactive verification rules is as follows:

[0113] 1) Administrators can add, delete, and modify rules through the interactive rule configuration management system. If a rule already exists and needs to be strengthened, the difficulty-related content in the rule can be modified, such as level difficulty, size, number and type of interactive rule elements, etc.; if necessary, a certain rule can also be set to disabled first.

[0114] 2) The administrator saves the rule configuration information, and the interactive rule configuration management system submits interactive rule data to the database to perform operations such as adding, deleting, and modifying.

[0115] 3) The interactive rule base stores and updates relevant operation data and returns the update results.

[0116] 4) The interactive rules configuration management system provides feedback on the relevant operation results for administrators to view.

[0117] Therefore, this embodiment has the following advantages:

[0118] (1) Use game-like interactive rules as verification codes. Game-like rules have a natural affinity and can be liked by most users. The limitation of completing the verification code within 10 seconds limits the difficulty of the game, thus solving the problem of user aversion to verification codes and improving the user experience.

[0119] (2) Since there are many types of interactive games, each time the verification code is obtained, one of them is randomly selected. The verification is based on a comprehensive judgment of the rules for passing the level, user interaction data, completion time, and final interaction result. This can effectively prevent credential stuffing attacks. Even if there are cheats, it is difficult to identify the interaction rules, thereby effectively improving the security performance of the verification code.

[0120] (3) The server carefully evaluates user interaction data, rather than simply comparing it with the final interaction result. Therefore, it offers higher security than image, SMS, and email verification codes, is unaffected by client security software, and is not limited by phone number or email account. Furthermore, the use of JS and HTML5 scripts for display on the client browser facilitates seamless integration with commonly used client browser technologies such as HTTPS certificates and encrypted data transmission. Therefore, the security performance of this embodiment also boasts broad applicability.

[0121] Therefore, this embodiment can simultaneously improve the security performance of CAPTCHAs and ensure the user experience in common application scenarios.

[0122] Example 2

[0123] Please refer to Figure 4 A verification code verification method, based on the above embodiment one, this embodiment also includes a system proactive defense management process, that is, step S3 further includes:

[0124] S31. Within a real-time time interval, statistical analysis is performed on the usage of each interactive rule.

[0125] In this embodiment, the real-time time interval is one day. In other embodiments, the real-time time interval can be 6 hours, 12 hours, 24 hours, etc.

[0126] S32. Based on the comparison between the interaction usage in the real-time time interval and the interaction usage in the historical time interval, determine whether the difficulty of each interaction rule is too high or too low. If the difficulty of a certain interaction rule is too high or too low, issue a rule usage warning.

[0127] The historical time interval can be the past month, or in other embodiments, the historical time interval can be the past week, the past ten days, the past three months, etc.

[0128] In this embodiment, the interaction usage data includes completion time, number of calls, and call success rate. Therefore, based on a comparison of interaction usage data within a real-time time interval with interaction usage data within a historical time interval, determining whether the difficulty of each interaction rule is too high or too low includes:

[0129] S321. For each interaction rule, determine whether the average completion time in the real-time time interval is within (μ1-nσ1,μ1+nσ1) of the normal user completion time in the historical time interval, where μ1 is the expected value of the normal user completion time and σ1 is the standard deviation of the normal user completion time.

[0130] In this embodiment, n is 3. In other embodiments, the value of n can be 2 or 4.

[0131] S322. For each interaction rule, determine whether the number of calls within the real-time time interval is within (μ2-mσ2,μ2+mσ2) of the number of calls in the most recent time period, where μ2 is the expected value of the number of calls in the most recent time period, σ2 is the standard deviation of the number of calls in the most recent time period, and m is initially set to [1,3] and then obtained according to the preset confidence interval (90%,100%).

[0132] S323. For each interaction rule, determine whether the call success rate in the real-time time interval is within (μ3-pσ3,μ3+pσ3) of the call success rate in the most recent time period, where μ3 is the expected value of the call success rate in the most recent time period, σ3 is the standard deviation of the call success rate in the most recent time period, and p initially takes the value of [1,3], and is then obtained according to the preset confidence interval, which is [90%,100%].

[0133] The initial values ​​of m and p are 2, and the default confidence intervals are 95%. The most recent time period is adjusted once a week, but it can also be three days, ten days, etc.

[0134] S324. If the average completion time of an interaction rule does not fall within the corresponding interval, and the average completion time is less than μ1-3σ1, while the number of calls and the call success rate are both outside the corresponding interval and on the right side of the interval, then this interaction rule is too easy and may be recognized by AI. The difficulty can be increased by appropriately increasing the number of interaction elements, or it can be directly marked as invalid. If the average completion time of an interaction rule does not fall within the corresponding interval, and the average completion time is greater than μ1+3σ1, while the number of calls and the call success rate are both outside the corresponding interval and on the left side of the interval, then this interaction rule is too difficult and can be further trimmed to make it more suitable for ordinary users to complete.

[0135] Therefore, when the server detects that the difficulty of a certain interaction rule is too high or too low, it issues a rule usage warning so that the administrator can adjust the difficulty. By proactively analyzing and preventing interaction rules, the server can not only optimize the interaction rules to ensure their security and improve user experience, but also effectively reduce the workload of updating and maintaining CAPTCHAs, and promptly detect and resolve abnormal use of CAPTCHAs.

[0136] Example 3

[0137] Please refer to Figure 5 A verification code verification device 1 includes a memory 3, a processor 2, and a computer program stored in the memory 3 and executable on the processor 2. When the processor 2 executes the computer program, it implements the steps in Embodiment 1 or 2 above.

[0138] Since the apparatus / device described in the above embodiments of the present invention is an apparatus / device used to implement the method of the above embodiments of the present invention, those skilled in the art can understand the specific structure and modifications of the apparatus / device based on the method described in the above embodiments of the present invention, and therefore will not be described again here. All apparatus / devices used in the method of the above embodiments of the present invention fall within the scope of protection of the present invention.

[0139] Those skilled in the art will understand that embodiments of the present invention can be provided as methods, apparatus, or computer program products. Therefore, the present invention can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention can take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

[0140] This invention is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and / or block diagrams, as well as combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions.

[0141] It should be noted that any reference numerals placed between parentheses in the claims should not be construed as limiting the claims. The word "comprising" does not exclude the presence of components or steps not listed in the claims. The word "a" or "an" preceding a component does not exclude the presence of a plurality of such components. The invention can be implemented by means of hardware comprising several different components and by means of a suitably programmed computer. In claims that enumerate several means, several of these means may be embodied by the same hardware. The use of the terms first, second, third, etc., is merely for convenience of expression and does not indicate any order. These terms can be understood as part of the component names.

[0142] Furthermore, it should be noted that in the description of this specification, the terms "one embodiment," "some embodiments," "embodiment," "example," "specific example," or "some examples," etc., refer to specific features, structures, materials, or characteristics described in connection with that embodiment or example, which are included in at least one embodiment or example of the present invention. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Moreover, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples. Furthermore, without contradiction, those skilled in the art can combine and integrate the different embodiments or examples described in this specification, as well as the features of different embodiments or examples.

[0143] Although preferred embodiments of the invention have been described, those skilled in the art, upon learning the basic inventive concept, can make other changes and modifications to these embodiments. Therefore, the claims should be interpreted to include both the preferred embodiments and all changes and modifications falling within the scope of the invention.

[0144] Obviously, those skilled in the art can make various modifications and variations to this invention without departing from its spirit and scope. Therefore, if these modifications and variations fall within the scope of the claims of this invention and their equivalents, then this invention should also include these modifications and variations.

Claims

1. A verification code verification method, characterized in that, include: Receive a verification code generation request, randomly select the first interaction rule of any interactive game class, generate a first verification code that can be completed within 10 seconds according to the first interaction rule, and send the first verification code to the client for display; Receive and verify the first interactive data generated by the client based on the first verification code to obtain the verification code verification result; The process of receiving and verifying the first interactive data generated by the client based on the first verification code to obtain the verification code verification result includes: The client receives first interactive data generated based on the first verification code, the first interactive data including first interactive process data and first interactive result; The first interactive process data is evaluated to determine whether the operation data is qualified and to determine whether the first simulation result generated according to the first verification code and the first interactive process data is consistent with the first interactive result. If all the evaluation results are positive, the verification result of the first interactive process data is qualified. Determine whether the first interaction result meets the pass rules of the first verification code. If so, the verification result of the first interaction result is qualified. The verification code verification result is obtained based on the verification results of the first interaction process data and the first interaction result. If the verification results of the first interaction process data and the first interaction result are both qualified, then the verification code verification result is qualified. If the first interaction process data also includes a first completion time, then the verification of the first interaction process data also includes: Calculate the normal distribution of the completion time for the first verification code by normal users; Determine whether the first completion time falls within (μ1-nσ1,μ1+nσ1) of the normal user's completion time. If it does, the determination result of the first completion time is a positive result; otherwise, the verification result of the first interaction process data is unqualified. Here, μ1 is the mathematical expectation of the normal user's completion time, σ1 is the standard deviation of the normal user's completion time, and n takes values ​​in the range [2,4].

2. The verification code verification method according to claim 1, characterized in that, The determination of whether the data processed in the first interactive process is qualified includes: The first interaction process data is evaluated to determine whether it contains operation data, whether the timestamp that generated the operation data exists and is reasonable, whether the format of the operation data is correct, and whether the operation data is parseable.

3. The verification code verification method according to claim 1, characterized in that, Also includes: Within a real-time time interval, the usage of each interactive rule is statistically analyzed. Based on a comparison of the interaction usage within the real-time time interval and the interaction usage within the historical time interval, it is determined whether the difficulty of each interaction rule is too high or too low. If the difficulty of a certain interaction rule is too high or too low, a rule usage warning is issued.

4. The verification code verification method according to claim 3, characterized in that, The interaction usage data includes completion time, number of calls, and call success rate. The comparison between the interaction usage data within the real-time time interval and the interaction usage data within the historical time interval to determine whether the difficulty of each interaction rule is too high or too low includes: For each interaction rule, determine whether the average completion time in the real-time time interval is within (μ1-nσ1,μ1+nσ1) of the normal user completion time in the historical time interval, where μ1 is the expected value of the normal user completion time, σ1 is the standard deviation of the normal user completion time, and n takes values ​​in the range [2,4]. For each interaction rule, determine whether the number of calls within the real-time time interval is within (μ2-mσ2,μ2+mσ2) of the number of calls in the most recent time period, where μ2 is the expected value of the number of calls in the most recent time period, σ2 is the standard deviation of the number of calls in the most recent time period, and the initial value of m is [1,3], and then obtained according to a preset confidence interval, which is [90%,100%). For each interaction rule, it is determined whether the call success rate within the real-time time interval is within (μ3-pσ3,μ3+pσ3) of the call success rate in the most recent time period, where μ3 is the expected value of the call success rate in the most recent time period, σ3 is the standard deviation of the call success rate in the most recent time period, and the initial value of p is [1,3], and then obtained according to a preset confidence interval, which is [90%,100%). If the average completion time of an interaction rule does not fall within the corresponding interval and the average completion time is less than μ1-nσ1, and the number of calls and the call pass rate both do not fall within the corresponding interval and are both on the right side of the interval, then the difficulty of this interaction rule is too low. If the average completion time of an interaction rule does not fall within the corresponding interval and the average completion time is greater than μ1+nσ1, and the number of calls and the call pass rate both do not fall within the corresponding interval and are both on the left side of the interval, then the difficulty of this interaction rule is too high.

5. A verification code verification method according to any one of claims 1 to 4, characterized in that, The first interaction rule for randomly selecting any interactive game class, generating a first verification code that can be completed within 10 seconds based on the first interaction rule, and sending the first verification code to the client for display includes: Randomly select the first interactive rule of any interactive game class from the interactive rule base, generate and save the first CAPTCHA instance containing the first interactive rule, instructions for use, level passing rules and a unique identification ID; The interactive script, which includes the first interactive rule, the instructions for use, and the first verification code with a unique identification ID, will be sent to the client for display.

6. The verification code verification method according to claim 5, characterized in that, The generation process of the interactive rule base is as follows: Using various interactive game categories as scripts, the interactive rules and elements of each game category are extracted. For each game category, based on its interactive rules, multiple interactive scripts that can be completed within 10 seconds are automatically generated by controlling the generated content, trimming the level size, and limiting the number of interactive elements, thus forming an interactive rule.

7. A verification code verification method according to any one of claims 1 to 5, characterized in that, Also includes: Receive configuration information from the administrator for each interaction rule, and update the interaction rules according to the configuration information.

8. A verification code verification device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, When the processor executes the computer program, it implements a verification code verification method according to any one of claims 1 to 7.

Images