CAPTCHA 2.0 is a next-generation CAPTCHA service that is developed by Alibaba Cloud. It is widely used in interactive scenarios such as account registration, SMS delivery, ticket booking, information query, free download, forum posting, and online voting. CAPTCHA 2.0 provides verification services that distinguish bots from human users by using simple, secure, and diverse interaction logic to minimize and even prevent network resource abuse by computer programs that simulate human users. This ensures an authentic user experience while enhancing the defense of website resources against access from malicious programs.
Benefits
Compared with CAPTCHA 1.0, CAPTCHA 2.0 offers the following benefits:
All-in-one: CAPTCHA 2.0 can be integrated without the need to update code and supports automatic iteration of protection capabilities and CAPTCHA types.
Multiple CAPTCHA types based on behavior and semantics: CAPTCHA 2.0 delivers all-sided protection from multiple dimensions such as reasoning logic, device data, and interactive behavior models.
Personalized configurations: CAPTCHA 2.0 can be called on web, HTML5, iOS, and Android clients and in WeChat mini programs.
Comprehensive disaster recovery solutions: CAPTCHA 2.0 delivers high availability of up to 99.99%.
Supported CAPTCHA types
CAPTCHA 2.0 provides multiple CAPTCHA types such as visual reasoning CAPTCHA, slider CAPTCHA, puzzle CAPTCHA, invisible CAPTCHA, and image restoration CAPTCHA to identify whether the operator is a human or a machine based on biological characteristics. This makes CAPTCHA 2.0 replace traditional verification methods.
Verification processes
Visual reasoning CAPTCHA, slider CAPTCHA, puzzle CAPTCHA, and image restoration CAPTCHA
Invisible CAPTCHA
Verification sequence diagrams
Visual reasoning CAPTCHA, slider CAPTCHA, puzzle CAPTCHA, and image restoration CAPTCHA
The following list describes the sequence diagram:
A user triggers a CAPTCHA challenge on the specified business page of a business client, and the business client sends a request to the CAPTCHA 2.0 server for CAPTCHA resources such as images and questions.
If the request fails, the user can use the error information returned to the business client to troubleshoot the failure.
The user completes a CAPTCHA challenge such as a slider, puzzle, visual reasoning, or image restoration CAPTCHA challenge and business interactions such as logon or registration on the business page.
After the interaction is complete, the business client sends the CAPTCHA information and business information to the business server.
The business server calls the VerifyIntelligentCaptcha operation to initiate a verification request to the CAPTCHA 2.0 server for risk verification.
The CAPTCHA 2.0 server performs risk verification and returns the verification result to the business server.
The business server performs business processing based on business logic. After that, the business server returns the verification result and business processing result to the business client.
A notification message is displayed on the business page, and the business client starts business processing.
If the verification fails, a CAPTCHA challenge is retriggered on the business page and the verification process starts over from Step 1.
Invisible CAPTCHA
The following list describes the sequence diagram:
A user triggers a CAPTCHA challenge on the specified business page of a business client, and the business client sends a request to the CAPTCHA 2.0 server for CAPTCHA resources such as images and questions.
If the request fails, the user can use the error information returned to the business client to troubleshoot the failure.
The user completes business interactions such as logon or registration on the specified business page of a business client.
After the interaction is complete, the business client sends the invisible CAPTCHA information and business information to the business server.
The business server calls the VerifyIntelligentCaptcha operation to initiate a verification request to the CAPTCHA 2.0 server for risk verification.
The CAPTCHA 2.0 server performs risk verification and returns the verification result to the business server.
The business server performs business processing based on business logic.
If the user has no risk, the verification process ends.
If the user is risky, an additional CAPTCHA challenge is triggered.
The user completes a CAPTCHA challenge such as a slider, puzzle, visual reasoning, or image restoration CAPTCHA challenge and business interaction such as logon or registration on the business page.
After the interaction is complete, the business client sends the CAPTCHA information and business information to the business server.
The business server calls the VerifyIntelligentCaptcha operation to initiate a verification request to the CAPTCHA 2.0 server for risk verification.
The CAPTCHA 2.0 server performs risk verification and returns the verification result to the business server.
The business server performs business processing based on business logic. After that, the business server returns the verification result and business processing result to the business client.
A notification message is displayed on the business page, and the business client starts business processing.
If the verification fails, a CAPTCHA challenge is retriggered on the business page and the verification process starts over from Step i.
References
CAPTCHA 2.0 supports the pay-as-you-go billing method. You can purchase resource plans to offset all pay-as-you-go fees for calling CAPTCHA 2.0. This helps reduce costs. For more information, see Billing.
For more information about how to activate CAPTCHA 2.0, see Activate CAPTCHA 2.0.
After you activate CAPTCHA 2.0, you must integrate CAPTCHA 2.0 into your business client and business server before you use CAPTCHA 2.0. For more information, see Integration guide.
After you create a verification scenario in the CAPTCHA 2.0 console, you must integrate the initialization code of CAPTCHA 2.0 into a business page of a web or HTML5 client on which you want to call CAPTCHA 2.0. For more information, see Integrate CAPTCHA 2.0 into a business client.
After you integrate CAPTCHA 2.0 into a business client, you must integrate CAPTCHA 2.0 into a business server, and then call the VerifyIntelligentCaptcha operation on the business server to initiate a verification request. For more information, see Integrate CAPTCHA 2.0 into a business server.
After CAPTCHA 2.0 is integrated, you can query the verification statistics within the specified period of time on the Overview page of the CAPTCHA 2.0 console. This allows you to check the protection statistics of CAPTCHA 2.0 in real time. For more information, see View verification statistics.