Abstract: Through analyzing problems and security status of the traditional CAPTCHA, the secure CAPTCHA generation and verification scheme based on behavior are proposed. In this scheme, determining the correctness of the verification code by detecting whether the connection trajectory between multiple elements entered by the user in the verification code picture matches the correspondence between the elements. The CAPTCHA is verified correct only when the relationships of all the elements in the CAPTCHA picture are set up correctly. This scheme can effectively solve the lower input efficiency problem of the traditional CAPTCHA and the easily mistake input problem when the user enters CAPTCHA through the keyboard, and improve the input efficiency of CAPTCHA. At the same time, the scheme which can also solve the problem that the traditional CAPTCHA can not analyze whether the CAPTCHA input action is finished by humans or robot, effectively increase the difficulty and efficiency of the automatic identification and verification of CAPTCHA, reduce the passing rate of malicious access. This scheme is applicable to all possible attacks by robot. The scheme has the characteristics of good user experience, high security, many application scenarios, wide profitable channels and so on, which has good market prospect.

Key words: secure CAPTCHA, behavior CAPTCHA, CAPTCHA generation, CAPTCHA identification, CAPTCHA verification, malicious access

摘要： 通过分析传统验证码存在的主要问题及安全现状，提出一种基于行为的安全验证码生成及验证方案.通过检测用户在验证码图片中输入的多个元素间的连线轨迹是否符合元素间的对应关系,来判断验证码的正确性，只有当用户输入的所有连线轨迹都被验证正确时才能通过验证码验证.方案能够有效解决现有技术中验证码需要用户通过键盘输入时的输入效率低、容易误操作等问题，提高验证码的输入效率；同时，能够解决现有技术中不能准确判断验证码是由人输入还是由机器人自动化操作进行输入的问题，有效增加程序自动识别验证码的难度和效率，降低恶意访问的通过率，适用于所有可能通过机器人自动化操作进行攻击的场景.方案具有用户体验好、安全性高、应用场景多、盈利渠道广等特点，市场发展前景良好.

关键词: 安全验证码, 行为验证码, 验证码生成, 验证码识别, 验证码验证, 恶意访问