CN105227518A

CN105227518A - Server, client, interactive system and information method of sending and receiving

Info

Publication number: CN105227518A
Application number: CN201410236078.3A
Authority: CN
Inventors: 王欣
Original assignee: Sumavision Technologies Co Ltd
Current assignee: Sumavision Technologies Co Ltd
Priority date: 2014-05-29
Filing date: 2014-05-29
Publication date: 2016-01-06

Abstract

The invention discloses a kind of server, client, interactive system and information method of sending and receiving.Wherein, this message receiving method comprises: send the first message carrying default picture to client, presets picture and is provided with graphic code; Receive client send the second message carrying contact action record, contact action record represent client show preset picture time record at one or more contact action; Obtain and contact action record graph of a correspondence code information according to default picture.The invention solves in existing information transmission scheme because client has the technical problem of the Information Security deficiency that information waiting for transmission expressly causes.

Description

Server, client, interactive system and information sending and receiving method

Technical Field

The invention relates to the field of communication, in particular to a server, a client, an interactive system and an information sending and receiving method.

Background

In the prior art, a plaintext encryption information transmission mode is usually adopted, specifically, a client generates or acquires a plaintext of information to be sent locally, and then codes and/or encrypts the plaintext of the information and sends the encoded and/or encrypted plaintext of the information to a server, so that the information is uploaded. For information with low protection degree, the transmission mode may be suitable, however, for information with high protection degree, since the plaintext of the information needs to appear locally at the client, when the security protection measures of the client are insufficient, the risk of information leakage is easily generated, thereby causing security risks. For example, in a mobile payment scenario, a keyboard used by a user when inputting a payment password is usually a soft keyboard directly generated by a terminal application and displayed on a terminal device, however, even if a dynamic keyboard input technology is adopted, the terminal application still stores password information plaintext input by the user through the soft keyboard in an internal memory, and in this scenario, if malicious software monitoring the internal memory exists on the terminal, leakage of the payment password of the user is easily caused, thereby causing a security hazard.

In view of the above problems, no effective solution has been proposed.

Disclosure of Invention

The embodiment of the invention provides a server, a client, an interactive system and an information sending and receiving method, which are used for at least solving the technical problem of insufficient information security caused by the fact that information plaintext to be transmitted exists in the client in the existing information transmission scheme.

According to an aspect of the embodiments of the present invention, there is provided an information receiving method, including: sending a first message carrying a preset picture to a client, wherein the preset picture is provided with a graphic code; receiving a second message which is sent by the client and carries a touch screen operation record, wherein the touch screen operation record represents one or more touch screen operations recorded when the client displays the preset picture; and acquiring graphic code information corresponding to the touch screen operation record according to the preset picture.

According to another aspect of the embodiments of the present invention, there is also provided an information sending method, including: receiving a first message which is sent by a server and carries a preset picture, wherein the preset picture is provided with a graphic code; displaying the preset picture to a user and acquiring a touch screen operation record, wherein the touch screen operation record represents one or more touch screen operations recorded when the preset picture is displayed by the client; and sending a second message carrying the touch screen operation record to the server, so that the server acquires the graphic code information corresponding to the touch screen operation record.

According to still another aspect of the embodiments of the present invention, there is also provided a server, including: the system comprises a first sending unit, a second sending unit and a sending unit, wherein the first sending unit is used for sending a first message carrying a preset picture to a client, and the preset picture is provided with a graphic code; a first receiving unit, configured to receive a second message sent by the client and carrying a touch screen operation record, where the touch screen operation record indicates one or more touch screen operations recorded by the client when the client displays the preset picture; and the obtaining unit is used for obtaining the graphic code information corresponding to the touch screen operation record according to the preset picture.

According to another aspect of the embodiments of the present invention, there is also provided a client, including: the first receiving unit is used for receiving a first message which is sent by a server and carries a preset picture, and the preset picture is provided with a graphic code; the recording unit is used for displaying the preset pictures to a user and acquiring touch screen operation records, wherein the touch screen operation records represent one or more touch screen operations recorded when the preset pictures are displayed on a touch screen by a client; and the first sending unit is used for sending a second message carrying the touch screen operation record to the server, so that the server acquires the graphic code information corresponding to the touch screen operation record.

According to another aspect of the embodiments of the present invention, there is also provided an interactive system, including: the server described above; and one or more clients and the server are in data connection.

In the embodiment of the present invention, when the server needs to obtain information uploaded by the client, the server issues a preset picture on which one or more graphic codes are set to the client, and then the client may display the preset picture to a user of the client through a User Interface (UI) (user interface), at this time, the user may "input" the graphic code information represented by the graphic code in the preset picture indicated by the touch operation to the client through touch screen operations such as touch or slide performed on a touch screen based on identification of the graphic code in the preset picture displayed on the UI, as a response to the touch screen operation, the client may temporarily store and send a corresponding touch screen operation record to the server, and then the server may restore the information input by the user according to the received touch screen operation record and the setting mode of the graphic code in the preset picture. Under the above scenario, since only the preset picture and the touch screen operation record will be present locally at the client, and the plaintext of the graphic code information will not be present, the difficulty of reading and deciphering the information input by the user is increased, the risk of leakage of the transmitted information is reduced, and the technical effect of improving the information security is achieved, thereby solving the technical problem of insufficient information security caused by the existence of the plaintext of the information to be transmitted at the client in the existing information transmission scheme.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:

fig. 1 is a schematic diagram of an alternative information receiving method according to an embodiment of the present invention;

FIG. 2 is a diagram illustrating an alternative default picture according to an embodiment of the present invention;

fig. 3 is a schematic diagram of an alternative information sending method according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of an alternative server according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of an alternative client according to an embodiment of the present invention;

FIG. 6 is a schematic diagram of an alternative interactive system according to an embodiment of the present invention;

FIG. 7 is a workflow diagram of an alternative interactive system according to an embodiment of the present invention.

Detailed Description

The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.

Example 1

According to an embodiment of the present invention, there is provided an information receiving method, as shown in fig. 1, the method including:

s102: sending a first message carrying a preset picture to a client, wherein the preset picture is provided with a graphic code;

s104: receiving a second message which is sent by the client and carries a touch screen operation record, wherein the touch screen operation record represents one or more touch screen operations recorded when the client displays a preset picture on a touch screen;

s106: and acquiring graphic code information corresponding to the touch screen operation record according to the preset picture.

It should be clear that one of the problems to be solved by embodiments of the present invention is to provide a method for facilitating the transfer of information from a client to a server. In some scenarios, the client may be a client that is used for receiving the information interaction service shown in the embodiment of the present invention, and may also be used as a client or a server for other services at the same time, and similarly, the server may generally represent a background device to which one or more of the clients are connected, so as to provide the information interaction service, which is not limited in this disclosure.

In order to solve the problem, in the existing scheme, a plaintext encryption information transmission mode is usually adopted, specifically, a client generates or acquires a plaintext of information to be sent locally, and then codes and/or encrypts the plaintext of the information and sends the information to a server, so that the information is uploaded. For information with low protection degree, the transmission mode may be suitable, however, for information with high protection degree, since the plaintext of the information needs to appear locally at the client, when the security protection measures of the client are insufficient, the risk of information leakage is easily generated, thereby causing security risks. For example, in a mobile payment scenario, a keyboard used by a user when inputting a payment password is usually a soft keyboard directly generated by a terminal application and displayed on a terminal device, however, even if a dynamic keyboard input technology is adopted, the terminal application still stores password information plaintext input by the user through the soft keyboard in an internal memory, and in this scenario, if malicious software monitoring the internal memory exists on the terminal, leakage of the payment password of the user is easily caused, thereby causing a security hazard.

In order to solve the above problem, in the embodiment of the present invention, when the server needs to acquire the information uploaded by the client, the server firstly issues a preset picture with one or more graphic codes to the client, the client may then present the preset picture to the user of the client through the UI, at which point, the user may identify the graphic code in the preset picture presented on the UI, through touch screen operation such as touch or slide on the touch screen, the graphic code information represented by the graphic code in the preset picture indicated by the touch operation is 'input' to the client, and as a response to the touch screen operation, the client can temporarily store and send a corresponding touch screen operation record to the server, and the server can restore the information input by the user according to the received touch screen operation record and the setting mode of the graphic code in the preset picture. Under the above scenario, since only the preset picture and the touch screen operation record generally appear in the local memory of the client, and the plaintext of the graphic code information does not appear, the difficulty of reading and deciphering the information input by the user is increased, the risk of leakage of the transmitted information is reduced, the technical effect of improving the information security is achieved, and the technical problem of insufficient information security caused by the fact that the plaintext of the information to be transmitted exists in the client in the existing information transmission scheme is solved.

The technical solution and the working principle of the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.

According to the information receiving method provided by the embodiment of the present invention, in step S102, when the server needs to obtain the user input information of the client side, the server may first send a first message carrying a preset picture to the client, where the preset picture is provided with one or more graphic codes.

In the embodiment of the present invention, the first message may be generally embodied as a hyper text transfer protocol (http) (hypertext transfer protocol) message, but the present invention is not limited to this, for example, in some embodiments of the present invention, the first message may also be embodied as a file transfer protocol (ftp) (file transfer protocol) message, or other feasible messages or messages conforming to a text transfer format, so as to allow the server to correctly identify the first message and the content of the information carried by the first message. In addition, the present invention does not limit the specific form in which information such as a preset picture is loaded in the first message, for example, the preset picture loaded in the first message may adopt a bitmap (bitmap) coding format, a compressed coding format such as joint photographic expert group (jpeg), or other feasible data format that can be correctly recognized by the server, and the present invention does not limit this. Accordingly, the second message … … and the like described in the embodiments of the present invention are applicable to similar explanations, and the present invention will not be described in a repeated manner. It should be noted that the terms "first", "second", … …, etc. in the embodiments of the present invention are merely used for descriptive distinction to facilitate understanding of the present invention, and should not be construed as limiting the relationship attributes such as the order, position, importance, etc. of the plurality of elements.

In the embodiment of the present invention, the graphic code set in the preset picture may generally represent a graphic carrying some information that can be recognized by a user, and is not limited to a specific form of encoding, where the expression of the graphic code may be understood as that the graphic itself represents some information, so that the graphic may be regarded as an encoding of information. For example, in particular, in some embodiments of the present invention, the graphical code may be used to represent information of at least one of: the specific pattern forming the graphic code may be a character form itself such as arabic numerals 0,1, 2 … … 9 or english letters a, b, c … … z, or an english word formed by combining these characters, for example, it may be an english word such as Tom, Mary, etc. as a name or a nickname, and of course, the graphic code may be a chinese character or other characters, which is not limited in the present invention.

In particular, in some embodiments of the present invention, the graphic code may also be a geometric figure such as a circle, a rectangle or a triangle, and in this scenario, the user may still generally distinguish between a plurality of graphic codes with different sizes, shapes or colors, and may be able to perform a corresponding touch screen operation according to the information identified from the graphic codes. For example, in one embodiment, if the payment password set by the user is "Δ, ■," o, "and ″, then when the password information needs to be uploaded to the server, the server may issue a preset picture with a plurality of graphic codes including the 4 graphic codes to the client, and when the client displays the preset picture to the user, the user may input the password information by sequentially touching or clicking an area corresponding to the 4 graphic codes on the preset picture on the touch screen. Under the above scenario, since the graphic code itself and the information represented by the graphic code are both displayed by the preset picture and identified by the user, the graphic code itself and the information represented by the graphic code do not need to appear in the form of plaintext in the local memory of the client, which causes the password information itself not to be easily leaked, thereby improving the security of the information.

Therefore, in the embodiment of the present invention, there may be a plurality of specific forms of the graphic codes, wherein if a plurality of graphic codes are provided in the preset picture, the plurality of graphic codes may all have the same size and/or color, and enable a user to identify different information represented by the graphic codes through the shape of the graphic itself, and any two of the plurality of graphic codes may also have different sizes and/or colors, and enable the user to identify the graphic codes in combination with the different sizes and/or colors of the graphic codes.

The foregoing description is, of course, merely exemplary and is not intended to limit the invention. For example, in the embodiment of the present invention, the touch screen operation performed by the user based on the recognition of the graphic code is not limited to a touch operation, for example, the graphic code may also be one or more sliding tracks with different shapes, and the user may also confirm the information to be input by recognizing the sliding tracks, and input the information to be transmitted by the sliding operation on the different sliding tracks. In addition, in the embodiment of the present invention, the graphic code information specifically represented by the graphic code is not limited to the graphic itself of the graphic code, for example, in some examples, the graphic code may be a segment of text similar to "please mark out a number to be input on the touch screen", and the represented information should not be understood as the segment of text alone, but is an indicative information recognizable by the user, so the graphic code information corresponding to the segment of text should be understood as a number to be represented by a sliding operation performed by the user under this instruction, however, the server still needs to parse the touch screen operation record uploaded by the client, including the sliding operation, based on the segment of text, that is, if the server does not know the meaning expressed by the segment of text, or if the server does not obtain parsing logic corresponding to the generation logic for generating the preset picture, the server still cannot correctly resolve the digital information really input by the user through the client.

More specifically, the present invention will provide a preferred preset picture and a setting manner of a graphic code thereon with reference to fig. 2 and an example. As shown in fig. 2, the preset picture corresponds to a numeric keypad, on which graphic codes 0 to 9 are arranged, and the 10 graphic codes are randomly arranged on the numeric keypad, or in the case of generating the preset picture, the respective positions of the 10 graphic codes are randomly generated. In the above scenario, when the user wants to input a digital password, for example, when performing mobile phone payment and needing to input a 6-digit payment password of a bank card bound to a payment application, the payment application or a third party application may request the server to issue a preset picture as shown in fig. 2, and click a corresponding digit on a touch screen on the client side, the client may capture and record a touch operation performed by the user when displaying the preset picture, and further upload a corresponding touch operation record to the server, so that in step S106, the server may analyze which 6 digits the user wants to input and a front-back input sequence of the digits according to the touch operation record.

As can be seen from this, in the embodiment of the present invention, for the parsing process executed on the server side, step S106 may include:

s2: judging a region corresponding to each touch coordinate in a touch coordinate queue in a plurality of regions contained in a preset picture, wherein the touch operation record comprises the touch coordinate queue;

s4: and inquiring the graphic code information represented by the graphic code corresponding to the judged area to acquire a graphic code information queue corresponding to the touch coordinate queue.

For example, for the preset picture shown in fig. 2, the picture size is assumed to be 720 pixels by 720 pixels, and the touch coordinate queue obtained by the client and uploaded to the server is: {710,250}, {120,680}, {30,40}, {400,320}, {320,510}, {424,200}, {373,486}, {654,333}, and {600,100}, if the lower left corner of the picture is taken as the coordinate origin, the x coordinate axis is arranged in the horizontal direction, and the y coordinate axis is arranged in the vertical direction, it can be determined that the corresponding areas respectively correspond to the areas of the graphic codes "7, 2, backspace, 6, 4, 7", and the determination "respectively exists, and thus it can be obtained that the digital password to be input by the user is" 764647 ".

Of course, the above examples are given by way of illustration only and do not constitute any unnecessary limitations to the invention. For example, in some other embodiments of the present invention, the graphic codes 0 to 9 may not be arranged on the numeric keypad according to a random rule, and other feasible preset rules may also be adopted to limit the arrangement thereof, which is not limited by the present invention.

Correspondingly, in the embodiment of the present invention, before the server side generates the preset picture in advance, the client may send, to the server, the screen resolution or the screen size of the touch screen used by the client to display the preset picture, or send, to the server, the window size information of the window in the touch screen used by the client to display the preset picture, so that the server generates the preset picture matched with the UI of the client according to the size information, for example, the preset picture of 720 pixels × 720 pixels, which may also avoid the incorrect display of the preset picture on the client due to the mismatch between the preset picture and the UI of the client, thereby avoiding the occurrence of the problem that the server acquires the incorrect graphic code information or information queue due to the fact that the touch screen operation record of the user cannot be correctly analyzed by the server due to the incorrect display.

Correspondingly, in this embodiment of the present invention, before step S102, the receiving method may further include:

s6: randomly arranging a plurality of graphic codes in a plurality of areas on a picture frame to form a preset picture, wherein the plurality of the arranged graphic codes correspond to the plurality of the areas one to one;

s8: storing the corresponding relation between the plurality of graphic codes and the plurality of areas and the graphic code information represented by each of the plurality of graphic codes.

In the embodiment of the invention, the server may generate a preset picture with one or more graphic codes in advance, so as to provide the client and the user thereof with an identification reference of the input information, wherein, since the picture is generated at the server side, and the corresponding relation between a plurality of areas in the picture and a plurality of graphic codes can be saved at the server side, therefore, on one hand, the server can conveniently analyze the received touch screen operation record to restore the input information of the user, on the other hand, the potential safety hazard caused by the generation of the picture at the client can be avoided, wherein, the preset picture can be generated by the server, or generated by the server correspondingly in response to the information transmission request provided by the client, therefore, the preset picture as the identification basis has stronger dynamic property, and the safety of information transmission is further improved.

The technical solution and the working principle of the present invention are explained through the above embodiments, however, it should be understood that the above embodiments are only used for understanding the present invention, and should not be construed as limiting the present invention, for example, in some embodiments of the present invention, the preset pictures may not be generated in advance by the server, and may also be extracted from a plurality of pre-stored pictures in real time, and the present invention is not limited in any way. It is noted that similar equivalents of the embodiments of the invention or obvious modifications thereof are deemed to fall within the scope of the invention.

It should be noted that, in the embodiment of the present invention, the information transmission process may be generally combined in a more complete interaction process, for example, the interaction process may be a complete payment process, and a numeric password input by the user needs to be uploaded from the client to the server in the payment process as one step in the interaction process, or the interaction process may also be a login process for the protected website, and an access password input by the user needs to be uploaded from the client to the web server in the login process as one step in the login process, and the like. In summary, the present invention does not limit the specific application scenario of the receiving method provided in the embodiment, and in fact, in the embodiment of the present invention, based on the interactive interfaces provided in step S102 and step S106, it is very convenient to design the front and back execution logic adapted to the receiving method in the above-mentioned complete interactive process to utilize the data transmission process with higher security completed by the method, and it should be understood that similar implementation manners based on the embodiment of the present invention should be considered as being within the protection scope of the present invention.

For example, as an optional manner, in the embodiment of the present invention, before sending the first message carrying the preset picture to the client, the receiving method may further include:

s10: and receiving a third message which is sent by the client and used for requesting to send down the preset picture.

Correspondingly, in this embodiment of the present invention, after step S106, the receiving method may further include:

s12: verifying the acquired graphic code information;

s14: and returning a verification result to the client.

For example, for the aforementioned example that the user input information is restored to "764647", the server may verify the numeric password after acquiring the password, and may further return the verification result to the client. Under the above scenario, the risk of password leakage is reduced, so that the security and reliability of the whole verification system are improved. Similarly, the receiving method may also be applied in other scenarios, and the present invention is not repeated herein.

Example 2

According to an embodiment of the present invention, there is also provided an information sending method, as shown in fig. 3, the method including:

s302: receiving a first message which is sent by a server and carries a preset picture, wherein the preset picture is provided with a graphic code;

s304: displaying a preset picture to a user and acquiring a touch screen operation record, wherein the touch screen operation record represents one or more touch screen operations recorded when the preset picture is displayed on a touch screen by a client;

s306: and sending a second message carrying the touch screen operation record to the server, so that the server acquires the graphic code information corresponding to the touch screen operation record.

According to the information sending method provided by the embodiment of the invention, when the client needs to send the information input by the user at the client side to the server, the server can send the first message carrying the preset picture to the client at first, and the preset picture is provided with one or more graphic codes, so that in the step S302, the client can receive the first message sent by the server.

In some embodiments of the present invention, the first message may be generally embodied as an http message, but the present invention is not limited to this, for example, in some embodiments of the present invention, the first message may also be embodied as an ftp message, or other feasible messages or messages conforming to a text transmission format, so as to allow the server to correctly identify the first message and the information content carried by the first message. In addition, the present invention does not limit any specific form in which information such as a preset picture is loaded in the first message, for example, the preset picture loaded in the first message may adopt a bmp coding format, a compression coding format such as Jpeg, or other feasible data format that can be correctly recognized by the server, and the present invention does not limit this. Accordingly, the second message … … and the like described in the embodiments of the present invention are applicable to similar explanations, and the present invention will not be described in a repeated manner. It should be noted that the terms "first", "second", … …, etc. in the embodiments of the present invention are merely used for descriptive distinction to facilitate understanding of the present invention, and should not be construed as limiting the relationship attributes such as the order, position, importance, etc. of the plurality of elements.

More specifically, the present invention will provide a preferred preset picture and a setting manner of a graphic code thereon with reference to fig. 2 and an example. As shown in fig. 2, the preset picture corresponds to a numeric keypad, on which graphic codes 0 to 9 are arranged, and the 10 graphic codes are randomly arranged on the numeric keypad, or in the case of generating the preset picture, the respective positions of the 10 graphic codes are randomly generated. In the above scenario, when the user wants to input a digital password, for example, when a mobile phone payment is performed and a 6-digit payment password of a bank card bound to a payment application needs to be input, the payment application or a third party application may request the server to issue a preset picture as shown in fig. 2, and click a corresponding number on a touch screen on the client side, the client may capture and record a touch operation performed by the user when the preset picture is displayed in step S304, and further upload the corresponding touch screen operation record to the server in step S306, so that the server may analyze which 6 digits the user needs to input and a front-back input sequence of the digits according to the touch screen operation record.

As can be seen, in the embodiment of the present invention, for the operation performed by the client side to obtain the touch screen operation record, the step S304 may specifically include:

s16: and acquiring a touch coordinate queue as a touch screen operation record, wherein the touch coordinate queue comprises touch coordinates which are acquired by the client when a preset picture is displayed and are indicated by each touch operation in the touch screen operation.

Correspondingly, the parsing process performed at the server side may then include:

s18: judging a region corresponding to each touch coordinate in a touch coordinate queue in a plurality of regions contained in a preset picture, wherein the touch operation record comprises the touch coordinate queue;

s20: and inquiring the graphic code information represented by the graphic code corresponding to the judged area to acquire a graphic code information queue corresponding to the touch coordinate queue.

Further, in the embodiment of the present invention, before the server side generates the preset picture in advance, the client may send, to the server, the screen resolution or the screen size of the touch screen used by the client to display the preset picture, or send, to the server, the window size information of the window in the touch screen used by the client to display the preset picture, so that the server generates the preset picture matched with the UI of the client according to the size information, for example, the preset picture of 720 pixels × 720 pixels, on the other hand, the error display of the preset picture on the client due to the mismatch between the preset picture and the UI of the client may also be avoided, and further, the problem that the server obtains the wrong graphic code information or the information queue due to the fact that the touch screen operation record of the user cannot be correctly analyzed by the server due to the error display is avoided. That is, in the embodiment of the present invention, before step S302, the sending method may further include:

s22: and sending the screen resolution of the client or window size information for displaying the preset picture to a server, so that the server generates the preset picture according to the screen resolution or window size information, wherein the plurality of graphic codes are randomly distributed on the preset picture.

Correspondingly, in the embodiment of the present invention, the operation of picture pre-generation performed on the server side may include:

s24: randomly arranging a plurality of graphic codes in a plurality of areas on a picture frame to form a preset picture, wherein the plurality of the arranged graphic codes correspond to the plurality of the areas one to one;

s26: storing the corresponding relation between the plurality of graphic codes and the plurality of areas and the graphic code information represented by each of the plurality of graphic codes.

It should be noted that, in the embodiment of the present invention, the information transmission process may be generally combined in a more complete interaction process, for example, the interaction process may be a complete payment process, and a numeric password input by the user needs to be uploaded from the client to the server in the payment process as one step in the interaction process, or the interaction process may also be a login process for the protected website, and an access password input by the user needs to be uploaded from the client to the web server in the login process as one step in the login process, and the like. In fact, in the embodiment of the present invention, based on the interactive interfaces respectively provided in step S302 and step S306, it may be very convenient to design a front-back execution logic adapted to the transmission method in the above-mentioned complete interactive process to utilize the higher-security data transmission process completed by the method, and it should be understood that similar implementation manners based on the embodiment of the present invention should be considered to be within the protection scope of the present invention.

For example, as an optional manner, in the embodiment of the present invention, before step S302, the sending method may further include:

s28: and sending a third message for requesting to issue the preset picture to the server.

Correspondingly, in this embodiment of the present invention, after step S306, the sending method may further include:

s30: and receiving a result of verifying the acquired graphic code information returned by the server.

For example, for the aforementioned example that the user input information is restored to "764647", the server may verify the numeric password after acquiring the password, and may further return the verification result to the client. Under the above scenario, the risk of password leakage is reduced, so that the security and reliability of the whole verification system are improved. Similarly, the above-described transmission method may also be applied in other scenarios, and the present invention is not repeated herein.

Example 3

According to an embodiment of the present invention, there is also provided a server for implementing the information receiving method according to embodiment 1, as shown in fig. 4, the server including:

1) a first sending unit 402, configured to send a first message carrying a preset picture to a client, where the preset picture is provided with a graphic code;

2) a first receiving unit 404, configured to receive a second message sent by the client and carrying a touch screen operation record, where the touch screen operation record indicates one or more touch screen operations recorded when the client displays a preset picture;

3) the obtaining unit 406 is configured to obtain, according to a preset picture, graphic code information corresponding to a touch screen operation record.

It should be clear that one of the problems to be solved by embodiments of the present invention is to provide a server to facilitate the transfer of information from a client to the server. In some scenarios, the client may be a client that is used for receiving the information interaction service shown in the embodiment of the present invention, and may also be used as a client or a server for other services at the same time, and similarly, the server may generally represent a background device to which one or more of the clients are connected, so as to provide the information interaction service, which is not limited in this disclosure.

According to the server provided by the embodiment of the present invention, when the user input information at the client side needs to be acquired, a first message carrying a preset picture may be sent to the client through the first sending unit 402, and the preset picture is provided with one or more graphic codes.

More specifically, the present invention will provide a preferred preset picture and a setting manner of a graphic code thereon with reference to fig. 2 and an example. As shown in fig. 2, the preset picture corresponds to a numeric keypad, on which graphic codes 0 to 9 are arranged, and the 10 graphic codes are randomly arranged on the numeric keypad, or in the case of generating the preset picture, the respective positions of the 10 graphic codes are randomly generated. In the above scenario, when the user wants to input a digital password, for example, when performing mobile phone payment and needing to input a 6-digit payment password of a bank card bound to a payment application, the payment application or a third party application may request the server to issue a preset picture as shown in fig. 2, and click a corresponding digit on a touch screen on the client side, the client may capture and record a touch operation performed by the user when displaying the preset picture, and further upload a corresponding touch operation record to the server, so that the server may analyze, by the obtaining unit 406, which 6 digits the user wants to input and a front-back input sequence of the digits according to the touch operation record.

As can be seen from this, in the embodiment of the present invention, for the parsing process executed on the server side, the obtaining unit 406 may include:

1) the judging module is used for judging a region corresponding to each touch coordinate in the touch coordinate queue in a plurality of regions contained in a preset picture, wherein the touch operation record comprises the touch coordinate queue;

2) and the query module is used for querying the graphic code information represented by the graphic code corresponding to the judged area so as to obtain a graphic code information queue corresponding to the touch coordinate queue.

Correspondingly, in this embodiment of the present invention, the server may further include:

1) the generating unit is used for randomly setting a plurality of graphic codes in a plurality of areas on the picture frame to form a preset picture, and the plurality of set graphic codes correspond to the plurality of areas one by one;

2) and the storage unit is used for storing the corresponding relation between the plurality of graphic codes and the plurality of areas and the graphic code information represented by each of the plurality of graphic codes.

It should be noted that, in the embodiment of the present invention, the information transmission process may be generally combined in a more complete interaction process, for example, the interaction process may be a complete payment process, and a numeric password input by the user needs to be uploaded from the client to the server in the payment process as one step in the interaction process, or the interaction process may also be a login process for the protected website, and an access password input by the user needs to be uploaded from the client to the web server in the login process as one step in the login process, and the like. In fact, in the embodiment of the present invention, based on the interactive interfaces respectively provided by the first sending unit 402 and the obtaining unit 406, it may be convenient to design a front-back execution logic adapted to the server and the function module thereof in the above-mentioned complete interactive process so as to utilize the higher-security data transmission process completed by the server and the function module thereof, and it should be understood that similar implementation manners based on the embodiment of the present invention should be considered to be within the protection scope of the present invention.

For example, as an optional manner, in an embodiment of the present invention, the server may further include:

1) the second receiving unit is used for receiving a third message which is sent by the client and used for requesting to send down a preset picture; and/or the presence of a gas in the gas,

2) the verification unit is used for verifying the acquired graphic code information; and the second sending unit is used for returning the verification result to the client.

For example, for the aforementioned example that the user input information is restored to "764647", the server may verify the numeric password after acquiring the password, and may further return the verification result to the client. Under the above scenario, the risk of password leakage is reduced, so that the security and reliability of the whole verification system are improved. Similarly, the server may be applied to other scenarios, and the present invention is not described herein again.

Example 4

According to an embodiment of the present invention, there is further provided a client for implementing the information sending method according to embodiment 2, where as shown in fig. 5, the client includes:

1) a first receiving unit 502, configured to receive a first message that is sent by a server and carries a preset picture, where the preset picture is provided with a graphic code;

2) a recording unit 504, configured to display a preset picture to a user and obtain a touch screen operation record, where the touch screen operation record indicates one or more touch screen operations recorded when a client displays the preset picture on a touch screen;

3) a first sending unit 506, configured to send a second message carrying the touch screen operation record to the server, so that the server obtains the graphic code information corresponding to the touch screen operation record.

It should be clear that one of the problems to be solved by embodiments of the present invention is to provide a client to facilitate the transfer of information from the client to the server. In some scenarios, the client may be a client that is used for receiving the information interaction service shown in the embodiment of the present invention, and may also be used as a client or a server for other services at the same time, and similarly, the server may generally represent a background device to which one or more of the clients are connected, so as to provide the information interaction service, which is not limited in this disclosure.

According to the client provided by the embodiment of the present invention, when information input by a user at the client side needs to be sent to the server, a first message carrying a preset picture may be sent to the client by the server, and the preset picture is provided with one or more graphic codes, so that the client may receive the first message sent by the server through the first receiving unit 502.

More specifically, the present invention will provide a preferred preset picture and a setting manner of a graphic code thereon with reference to fig. 2 and an example. As shown in fig. 2, the preset picture corresponds to a numeric keypad, on which graphic codes 0 to 9 are arranged, and the 10 graphic codes are randomly arranged on the numeric keypad, or in the case of generating the preset picture, the respective positions of the 10 graphic codes are randomly generated. In the above scenario, when a user wants to input a digital password, for example, when a mobile phone payment is performed and a 6-digit payment password of a bank card bound to a payment application needs to be input, the payment application or a third party application may request the server to issue a preset picture as shown in fig. 2, and click a corresponding number on a touch screen of a client, the client may capture and record a touch operation performed by the user when the preset picture is displayed through the recording unit 504, and further upload a corresponding touch screen operation record to the server through the first sending unit 506, so that the server may analyze which 6 digits the user needs to input and a front-back input sequence of the digits according to the touch screen operation record.

As can be seen in this embodiment of the present invention, for the operation performed by the client side to obtain the touch screen operation record, the recording unit 504 may specifically include:

1) the recording module is used for acquiring a touch coordinate queue as a touch screen operation record, wherein the touch coordinate queue comprises touch coordinates which are acquired by a client when a preset picture is displayed and are indicated by each touch operation in the touch screen operation.

Correspondingly, for the parsing process performed on the server side, the server may then include:

Further, in the embodiment of the present invention, before the server side generates the preset picture in advance, the client may send, to the server, the screen resolution or the screen size of the touch screen used by the client to display the preset picture, or send, to the server, the window size information of the window in the touch screen used by the client to display the preset picture, so that the server generates the preset picture matched with the UI of the client according to the size information, for example, the preset picture of 720 pixels × 720 pixels, on the other hand, the error display of the preset picture on the client due to the mismatch between the preset picture and the UI of the client may also be avoided, and further, the problem that the server obtains the wrong graphic code information or the information queue due to the fact that the touch screen operation record of the user cannot be correctly analyzed by the server due to the error display is avoided. That is, in the embodiment of the present invention, the client may further include:

1) and the second sending unit is used for sending the screen resolution of the client or window size information used for displaying the preset picture to the server, and enabling the server to generate the preset picture according to the screen resolution or window size information, wherein the plurality of graphic codes are randomly distributed on the preset picture.

Correspondingly, in the embodiment of the present invention, for the picture pre-generation operation performed on the server side, the server may include:

It should be noted that, in the embodiment of the present invention, the information transmission process may be generally combined in a more complete interaction process, for example, the interaction process may be a complete payment process, and a numeric password input by the user needs to be uploaded from the client to the server in the payment process as one step in the interaction process, or the interaction process may also be a login process for the protected website, and an access password input by the user needs to be uploaded from the client to the web server in the login process as one step in the login process, and the like. In fact, in the embodiment of the present invention, based on the interactive interfaces respectively provided by the first receiving unit 502 and the first sending unit 506, it may be very convenient to design a front-back execution logic adapted to the client and the functional module thereof in the above-mentioned complete interactive process so as to utilize the higher-security data transmission process completed by the client and the functional module thereof, and it should be understood that similar implementation manners based on the embodiment of the present invention should be considered to be within the protection scope of the present invention.

For example, as an optional manner, in the embodiment of the present invention, the client may further include:

1) the third sending unit is used for sending a third message for requesting to issue the preset picture to the server; and/or the presence of a gas in the gas,

2) and the second receiving unit is used for receiving a result of verifying the acquired graphic code information returned by the server.

For example, for the aforementioned example that the user input information is restored to "764647", the server may verify the numeric password after acquiring the password, and may further return the verification result to the client. Under the above scenario, the risk of password leakage is reduced, so that the security and reliability of the whole verification system are improved. Similarly, the client may also be applied in other scenarios, and the present invention is not repeated herein.

Example 5

According to an embodiment of the present invention, there is also provided an interactive system, as shown in fig. 6, the interactive system including:

1) the server 602 as described in embodiment 2;

2) one or more clients 604, 606, 608 … …, as described in embodiment 3, have a data connection with the server 602.

In this embodiment of the present invention, when one or more of the clients 604, 606, and 608 needs to transmit information to the server, a message for requesting to issue respective preset pictures may be sent to the server 602, and then the server 602 may send a first message carrying a first preset picture to the client 604, send a first message carrying a second preset picture to the client 606, and send a first message carrying a third preset picture to the client 608, where the first to third preset pictures may be the same or different from each other. Further, the clients 604, 606, and 608 may respectively obtain touch screen operation records of respective users, and upload the touch screen operation records to the server 602, and the server 602 may analyze user input information that the clients 604, 606, and 608 respectively need to transmit according to the uploaded touch screen operation records.

Further, to facilitate the management and processing efficiency of the server 602 responding to the first message from multiple clients, the authentication requests from multiple clients and the previous and subsequent authentication requests from the same client may be distinguished by the session identification code, wherein each of the different authentication requests is assigned with a unique session identification code so as to avoid an error response.

Further optionally, in some embodiments of the present invention, the server 602 may further perform verification on the analyzed user input information, and return a verification result to the corresponding client, so that the client may continue to perform corresponding subsequent operations after receiving the result that the verification is successful, for example, may continue to perform an access operation on the target data. In addition, in the embodiment of the present invention, the system may further include a server 610, and the server 610 may be a data server for managing target data to distinguish from the server 602 for providing the authentication service, however, this is not meant to be a limitation of the present invention, for example, in some embodiments, the server 602 and the server 610 may also be integrated, or the corresponding service may also be provided by the same server. It should be noted that the present invention is not limited in any way to the specific form of the servers 602 and 610 and the clients 604, 606 and 608, and should be understood as any device with the above functions.

It can be seen that, in the embodiment of the present invention, when the server needs to obtain the information uploaded by the client, the server firstly issues a preset picture with one or more graphic codes to the client, the client may then present the predetermined image to the user of the client via a user interface UI (user interface), at which point the user may identify the graphic code in the predetermined image presented on the UI, through touch screen operation such as touch or slide on the touch screen, the graphic code information represented by the graphic code in the preset picture indicated by the touch operation is 'input' to the client, and as a response to the touch screen operation, the client can temporarily store and send a corresponding touch screen operation record to the server, and the server can restore the information input by the user according to the received touch screen operation record and the setting mode of the graphic code in the preset picture. Under the above scenario, since only the preset picture and the touch screen operation record will be present locally at the client, and the plaintext of the graphic code information will not be present, the difficulty of reading and deciphering the information input by the user is increased, the risk of leakage of the transmitted information is reduced, and the technical effect of improving the information security is achieved, thereby solving the technical problem of insufficient information security caused by the existence of the plaintext of the information to be transmitted at the client in the existing information transmission scheme.

The authentication system and the server, the client and the interaction process thereof in the system will be described in detail below with reference to fig. 7 and a more specific embodiment.

As shown in fig. 7, in this embodiment, a mobile banking application may run in an operating system of a smart phone used by a user, and the mobile banking application may interact with a mobile banking background, so that the user may complete user identity verification through the mobile banking application and successfully access payment related data to complete mobile payment. The mobile banking application can run on a smart phone serving as a client, and the mobile banking background can be maintained on a background server provided by a bank.

In the above scenario, when a user wants to complete payment through a smart phone, a specific interaction process between each device and each application running on the device may be implemented through the following procedures:

s602: the mobile phone bank application sends a message for requesting to issue a digital keyboard picture to the mobile phone bank background, and sends a user ID and the screen resolution of the smart phone to the mobile phone bank background;

s604: the mobile banking background generates a random numeric keyboard picture similar to that shown in fig. 2, and records numbers corresponding to different coordinate areas on the picture;

s606: the mobile phone bank background sends the generated digital keyboard picture to the mobile phone bank application;

s608: the mobile phone bank application displays a digital keyboard picture to a user on a screen of the smart phone, captures multiple touch operations performed by the user on a touch screen of the smart phone back and forth, and records the touch operations as a touch coordinate queue;

s610: the mobile phone bank application sends the touch coordinate queue to a mobile phone bank background;

s612: the mobile phone bank background judges which coordinate area each touch coordinate in the touch coordinate queue belongs to, and inquires out corresponding numbers, so that the touch coordinate queue is restored to a digital password input by a user;

s614: the mobile banking background finds out a pre-stored password corresponding to the user ID, judges whether the digital password input by the user is matched with the pre-stored password or not, and jumps to step S616 if the digital password is matched with the pre-stored password, or jumps to step S618 if the digital password is not matched with the pre-stored password;

s616: the mobile banking background returns a result of successful matching verification and/or payment confirmation information to the mobile banking application;

s618: and the mobile banking background returns a result of the matching verification failure and/or information of refusing payment to the mobile banking application.

The present invention is further explained by providing some preferred embodiments, but it should be noted that the preferred embodiments are only for better describing the present invention and are not to be construed as unduly limiting the present invention.

The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims

1. An information receiving method, comprising:

sending a first message carrying a preset picture to a client, wherein the preset picture is provided with a graphic code;

receiving a second message which is sent by the client and carries a touch screen operation record, wherein the touch screen operation record represents one or more touch screen operations recorded when the client displays the preset picture on a touch screen;

and acquiring graphic code information corresponding to the touch screen operation record according to the preset picture.

2. The method according to claim 1, wherein before the sending the first message carrying the preset picture to the client, the method further comprises:

randomly arranging a plurality of graphic codes in a plurality of areas on a picture frame to form the preset picture, wherein the plurality of the arranged graphic codes correspond to the plurality of the areas one by one;

storing the corresponding relation between the plurality of graphic codes and the plurality of areas and the graphic code information represented by each of the plurality of graphic codes.

3. The method according to claim 1, wherein the obtaining of the graphic code information corresponding to the touch screen operation record according to the preset picture comprises:

judging a region corresponding to each touch coordinate in a touch coordinate queue in a plurality of regions contained in the preset picture, wherein the touch operation record comprises the touch coordinate queue;

and inquiring the graphic code information represented by the graphic code corresponding to the judged area to acquire a graphic code information queue corresponding to the touch coordinate queue.

4. The method according to any one of claims 1 to 3,

before the sending the first message carrying the preset picture to the client, the method further includes: receiving a third message which is sent by the client and used for requesting to issue the preset picture; and/or the presence of a gas in the gas,

after the graphic code information corresponding to the touch screen operation record is acquired according to the preset picture, the method further comprises the following steps: verifying the acquired graphic code information; and returning a verification result to the client.

5. The method according to any one of claims 1 to 3,

the graphic code includes at least one of: the graphic codes are in the shapes of characters, characters and geometric shapes, any two of the graphic codes have the same or different sizes and/or colors, and/or the graphic codes are distributed in the preset picture in an array mode; or,

the preset picture is a numeric keyboard, the graphic code at least comprises numbers 0 to 9, and the numbers 0 to 9 are arranged on the numeric keyboard according to a preset rule.

6. An information transmission method, comprising:

receiving a first message which is sent by a server and carries a preset picture, wherein the preset picture is provided with a graphic code;

displaying the preset picture to a user and acquiring a touch screen operation record, wherein the touch screen operation record represents one or more touch screen operations recorded when the preset picture is displayed on a touch screen by a client;

and sending a second message carrying the touch screen operation record to the server, so that the server acquires the graphic code information corresponding to the touch screen operation record.

7. The method according to claim 6, wherein before receiving the first message carrying the preset picture sent by the server, the method further comprises:

and sending the screen resolution of the client or window size information for displaying the preset picture to the server, so that the server generates the preset picture according to the screen resolution or the window size information, wherein a plurality of the graphic codes are randomly distributed on the preset picture.

8. The method of claim 6, wherein the displaying the preset picture to the user and obtaining a touch screen operation record comprises:

and acquiring a touch coordinate queue as the touch screen operation record, wherein the touch coordinate queue comprises touch coordinates which are acquired by the client when the preset picture is displayed and are indicated by each touch operation in the touch screen operation.

9. The method according to any one of claims 6 to 8,

before the receiving the first message carrying the preset picture sent by the server, the method further includes: sending a third message for requesting to issue the preset picture to the server; and/or the presence of a gas in the gas,

after the sending of the second message carrying the touch screen operation record to the server, the method further includes: and receiving a result of verifying the acquired graphic code information returned by the server.

10. The method according to any one of claims 6 to 8,

11. A server, comprising:

the system comprises a first sending unit, a second sending unit and a sending unit, wherein the first sending unit is used for sending a first message carrying a preset picture to a client, and the preset picture is provided with a graphic code;

the first receiving unit is used for receiving a second message which is sent by the client and carries a touch screen operation record, wherein the touch screen operation record represents one or more touch screen operations recorded when the client displays the preset picture;

and the obtaining unit is used for obtaining the graphic code information corresponding to the touch screen operation record according to the preset picture.

12. The server according to claim 11, further comprising:

the generating unit is used for randomly setting a plurality of graphic codes in a plurality of areas on a picture frame to form the preset picture, and the set graphic codes correspond to the areas one by one;

and the storage unit is used for storing the corresponding relation between the plurality of graphic codes and the plurality of areas and the graphic code information represented by each of the plurality of graphic codes.

13. The server according to claim 11, wherein the obtaining unit includes:

the judging module is used for judging a region corresponding to each touch coordinate in a touch coordinate queue in a plurality of regions contained in the preset picture, wherein the touch operation record comprises the touch coordinate queue;

and the query module is used for querying the graphic code information represented by the graphic code corresponding to the judged area so as to obtain a graphic code information queue corresponding to the touch coordinate queue.

14. The server according to any one of claims 11 to 13, further comprising:

the second receiving unit is used for receiving a third message which is sent by the client and used for requesting to send the preset picture; and/or the presence of a gas in the gas,

the verification unit is used for verifying the acquired graphic code information; and the second sending unit is used for returning a verification result to the client.

15. The server according to any one of claims 11 to 13,

16. A client, comprising:

the first receiving unit is used for receiving a first message which is sent by a server and carries a preset picture, and the preset picture is provided with a graphic code;

the recording unit is used for displaying the preset picture to a user and acquiring a touch screen operation record, wherein the touch screen operation record represents one or more touch screen operations recorded when the preset picture is displayed on a touch screen by a client;

and the first sending unit is used for sending a second message carrying the touch screen operation record to the server, so that the server acquires the graphic code information corresponding to the touch screen operation record.

17. The client of claim 16, further comprising:

and a second sending unit, configured to send, to the server, the screen resolution of the client or the form size information used for displaying the preset picture, and to enable the server to generate the preset picture according to the screen resolution or the form size information, where the plurality of graphic codes are randomly distributed on the preset picture.

18. The client according to claim 16, wherein the recording unit comprises:

and the recording module is used for acquiring a touch coordinate queue as the touch screen operation record, wherein the touch coordinate queue comprises touch coordinates which are acquired by the client when the preset picture is displayed and are indicated by each touch operation in the touch screen operation.

19. The client according to any one of claims 16 to 18, further comprising:

a third sending unit, configured to send a third message for requesting to issue the preset picture to the server; and/or the presence of a gas in the gas,

and the second receiving unit is used for receiving a result of verifying the acquired graphic code information returned by the server.

20. The client according to any of the claims 16 to 18,

21. An interactive system, comprising:

the server of any one of embodiments 11 to 15;

one or more clients as in any one of embodiments 16-20 having a data connection with the server.