The technology related to verification control is a control scheme for verifying information. The verification control scheme is used in many applications. For example, in scanning payment, a server needs to verify information provided by a display terminal to determine whether payment is valid. At present, a device can perform scanning payment by scanning a barcode. This manner is referred to as barcode payment.
The barcode payment is a quick and convenient payment manner developed recently, and it makes payment convenient. This solution not only makes online payment convenient, but also facilitates offline payment. A process of barcode payment is generally as follows:
A user browses a web page of an online shop by using a browser on a display terminal such as a mobile phone or a personal computer (PC). When the user has a buying demand, the user performs operations on the web page and submits an interaction (e.g., by clicking on a “submit” button on the web page to submit an order and account information) to a server. The server verifies an identity (ID) of the interaction, and if the authentication succeeds, the server returns an authentication success message to the display terminal. The display terminal sends a barcode request to the server. After receiving the barcode request, the server generates a payment barcode corresponding to the interaction and sends a payment barcode to the display terminal. After receiving the payment barcode, the display terminal displays the payment barcode. The user can see the payment barcode displayed on the display terminal. The user may use a scanning device having a barcode scanning function to scan the payment barcode. After successfully scanning the payment barcode, the scanning device obtains information of the barcode by means of parsing, determines that the barcode is a payment barcode, and invokes a payment platform. After the payment platform is invoked, the subsequent process is as follows: the scanning device directly enters a payment interface; the user enters an account password of the payment platform; and after the account password is authenticated, the payment platform performs a payment operation for the interaction.
The foregoing process is applicable to an offline transaction scenario as well. For example, in a shopping mall where a lot of people wait in a checkout lane, the user can complete payment by scanning a payment barcode, and does not need to queue up at the checkout counter. The transaction is efficient. Therefore, the scanning payment is a promising payment manner.
In the foregoing solution, after the server sends the barcode to the display terminal, the payment barcode is static. If a screenshot of the payment barcode is copied and spread, it causes security risks.
The security risks can be caused by unwanted scanning. For example, a merchant wants to sell a limited number of goods at a discount campaign. The merchant publicizes a barcode, which, when scanned, automatically triggers a discount sale. Once the barcode is publicly known, it is hard to control its scope of dissemination and use. There may be much more buyers scanning the barcode than expected. Failing to honor the unwanted transactions may incur confusion and consumer dissatisfaction. Also, a hacker may use a number of scan devices to scan the codes repeatedly in a very short time in order to paralyze the server of the merchant (e.g., a DOS attack).
Therefore, it is desirable to have a method that can effectively control the negative effect of dissemination and use of barcodes.