CONSTRUCTING IMAGE CAPTCHAS UTILIZING PRIVATE INFORMATION OF THE IMAGES

Information

  • Patent Application
  • 20100228804
  • Publication Number
    20100228804
  • Date Filed
    March 04, 2009
    15 years ago
  • Date Published
    September 09, 2010
    14 years ago
Abstract
An image CAPTCHA having one or more images, a challenge, and a correct answer to the challenge is constructed by selecting the one or more images from a plurality of candidate images based at least in part on each image's public information and private information. The private information of each of the images is accessible only to an entity responsible for constructing the CAPTCHA. Optionally, the one or more images are selected further based on the specific type of the CAPTCHA to be constructed.
Description
TECHNICAL FIELD

The present disclosure generally relates to constructing image CAPTCHAs and more specifically relates to constructing image CAPTCHAs utilizing private information of the candidate images that is only known to the entity responsible for constructing the CAPTCHAs.


BACKGROUND

A CAPTCHA, or Captcha, is a type of challenge-response test used to determine whether the response is generated by a machine, e.g., a computer. The test is based on the assumption that a human's ability in pattern recognition is much superior to that of a machine's, at least for the present. In a typical scenario, a CAPTCHA test involves presenting one or more images to a testee, i.e., the person being tested, together with a challenge, i.e., a question. The challenge is related to the one or more images presented to the testee and generally requires the testee to recognize some form of pattern in the image(s). The testee needs to provide a correct response to the challenge in order to pass the test.



FIGS. 1A and 1B illustrate two sample CAPTCHA tests 110 and 120. In FIG. 1A, the CAPTCHA test 110 includes an image 111 of a distorted text string. Note that texts may be considered a special form of image. The challenge 112 asks the testee to recognize the distorted text string and enter it in the response field 113. In order to pass the test, the testee must enter the correct text string shown in the image 111. In FIG. 1B, the CAPTCHA test 120 includes an image 121 of an animal. The challenge 122 asks the testee to recognize the animal and describe it in the response field 123. In order to pass the test, the testee must correctly identify the animal shown in the image 121.


CAPTCHAs are often used to prevent automated computer software from performing actions that degrade the quality of service of a given system. When constructing CAPTCHA tests, several points often need to be considered. First, the challenges should be constructed such that current computer software is unable to determine the responses accurately while most humans can. Second, there need to be enough instances of CAPTCHA tests such that human CAPTCHA solvers employed by spammers are unable to enumerate them all. In addition, due to the great amount of information publicly available and easily accessible, e.g., via the Internet, it is possible that some of the publicly available information may be used by computer software to help solve CAPTCHA challenges.


SUMMARY

The present disclosure generally relates to constructing image CAPTCHAs and more specifically relates to constructing image CAPTCHAs utilizing private information of the candidate images that is only known to the entity responsible for constructing the CAPTCHAs.


According to various embodiments, a set of candidate images is obtained. Each candidate image has public information and private information. The candidate images may be obtained from various sources, including but not limited to images publicly available on the Internet.


One or more images are selected from the set of candidate images based on each image's public information and private information for the construction of an image CAPTCHA. The private information of an image is only accessible by an entity responsible for constructing the CAPTCHA, i.e., the entity that causes the CAPTCHA to be constructed. The image CAPTCHA includes the one or more selected images, a challenge, and a correct response, such that it is difficult, even nearly impossible, for a computer to automatically determine the correct response of the CAPTCHA using only the public information of each of the selected image(s). In addition, the selection of the image(s) may be further optimized based on the specific type of the CAPTCHA to be constructed.


These and other features, aspects, and advantages of the disclosure are described in more detail below in the detailed description and in conjunction with the following figures.





BRIEF DESCRIPTION OF THE DRAWINGS

The present disclosure is illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which like reference numerals refer to similar elements and in which:



FIGS. 1A and 1B illustrate two sample CAPTCHA tests.



FIG. 2 illustrates a method of constructing an image CAPTCHA according to particular embodiments of the present disclose.



FIG. 3 illustrates an image-description type CAPTCHA.



FIG. 4 illustrates an image-similarity type CAPTCHA.



FIG. 5 illustrates a general computer system suitable for implementing embodiments of the present disclosure.





DETAILED DESCRIPTION

The present disclosure is now described in detail with reference to a few preferred embodiments thereof as illustrated in the accompanying drawings. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure. It is apparent, however, to one skilled in the art, that the present disclosure may be practiced without some or all of these specific details. In other instances, well known process steps and/or structures have not been described in detail in order to not unnecessarily obscure the present disclosure. In addition, while the disclosure is described in conjunction with the particular embodiments, it should be understood that this description is not intended to limit the disclosure to the described embodiments. To the contrary, the description is intended to cover alternatives, modifications, and equivalents as may be included within the spirit and scope of the disclosure as defined by the appended claims.


According to various embodiments of the present disclosure, an image CAPTCHA having one or more images, a challenge, and a correct response is constructed by selecting the one or more images from a set of candidate images based on each image's public information and private information. An image's private information is accessible only to an entity responsible for constructing the CAPTCHA. The candidate images may be obtained from a variety of sources, including but not limited to publicly accessible images on the Internet.


Although texts may be considered a special form of image, image recognition, i.e., analyzing and recognizing patterns in true images, presents a still more difficult challenge than character recognition to computer systems. Thus, true image-based CAPTCHAs are more difficult for spammers utilizing automated computed programs to defeat. Since the candidate images from which the images used for constructing the CAPTCHAs are selected may include any publicly accessible image on the Internet, the base for selecting the CAPTCHA images is extremely large, in fact, too large for automated computer systems to enumerate responses. On the other hand, many images on the Internet enjoy copyright protections. When these images are used, it is often necessary to provide information, e.g., the origins, of the images. The automated computer systems may use such information to help guess the correct responses to the CAPTCHAs constructed using these images. However, by utilizing private information of the candidate images that is accessible only to the entity responsible for constructing the CAPTCHAs when selecting the CAPTCHA images, the CAPTCHA challenges may be crafted such that it is very difficult, even nearly impossible, for automated computer systems to guess the correct CAPTCHA responses using only the public information of each of the CAPTCHA images.


Constructing Image CAPTCHAs


FIG. 2 illustrates a method of constructing an image CAPTCHA according to particular embodiments of the present disclose. A set of candidate images is obtained (step 210). Each of the candidate images has public information and private information. Each candidate image's public information may be accessible by any entity, e.g., any person, any computer software, etc. On the other hand, each candidate image's private information is accessible only to a specific entity responsible for causing the CAPTCHA to be constructed. Consequently, each candidate image's private information is accessible by computer software, e.g., the computer software that constructs the image CAPTCHA, associated with the entity responsible for causing the CAPTCHA to be constructed.


The candidate images may be obtained from a variety of sources, including but not limited to images publicly available on the Internet, images from private collections, and any image that is accessible by the entity responsible for causing the CAPTCHA to be constructed.


According to particular embodiments, the entity responsible for causing the CAPTCHA to be constructed is associated with an Internet search engine. When Internet users communicate search queries to the search engine, the content of the search queries are only known to the search engine and consequently to the entity associated with the search engine. These search queries may be collected and processed to obtain private information of candidate images obtained from the Internet.


For example, suppose a person wishes to locate images of white orchid on the Internet. The person communicates the search query “white orchid” to the search engine associated with the entity responsible for causing the CAPTCHA to be constructed. The search engine conducts a search on the Internet and returns a set of result images. It may be assumed that each of the result images is an image of white orchid. Thus, each of the result images may have private information indicating that the image is related to white orchid. However, the assumption may not be completely accurate for all of the result images.


To further refine the accuracy of the images' private information, suppose the person selects a particular one of the result images for further viewing by clicking on a link associated with the specific result image. Since it is known that the person is searching for images of white orchid, the fact that the person has selected a particular one of the result images may further indicate that at least this particular image selected by the person is most likely an image of white orchid. Thus, the particular image selected by the person may have private information indicating that the image is related to white orchid.


According to particular embodiments, the entity responsible for causing the CAPTCHA to be constructed is associated with a server, such as a web application server. Internet activities conducted on the server are only known to the server and consequently to the entity associated with the server. These activities may be monitored and information of the activities may be collected and stored, such as in a database or in one or more log files. The information may be processed to obtain private information of candidate images obtained from the Internet.


For example, suppose a person wishes to locate information about the Golden Gate Bridge in San Francisco Bay on the Internet. The person may search for and view web pages relating to the Golden Gate Bridge. If a web page viewed by the person contains an image, it is likely that the image is an image of the Golden Gate Bridge or at least relates to the Golden Gate Bridge. Thus, the image contained in the web page may have private information indicating that the image is related to the Golden Gate Bridge.


Internet search and activity logs accessible only to the entity associated with the search engine or server are one source for obtaining private information of the candidate images obtained on the Internet. Private information of the candidate images may be obtained from any source that is accessible only to the entity responsible for causing the CAPTCHA to be constructed. For example, if the candidate images come from a private collection, these candidate images may have information inaccessible to the general public, which may be used to obtain private information for the candidate images.


One or more images are selected from the set of candidate images based on each image's private information and public information for the construction of an image CAPTCHA (step 220). The image(s) is/are selected such that when they are used to construct the image CAPTCHA that includes the selected image(s), a challenge, and a correct response, it is difficult, even nearly impossible, for a computer to automatically determine the correct response of the image CAPTCHA using only the public information of each of the selected image(s) (step 230).


According to various embodiments, in general, the process for selecting images for a CAPTCHA starts with a set of candidate images from which to select the CAPTCHA images. For each of these candidate images, as much publicly and privately available information is obtained as possible. Upon obtaining the pertinent information, the information is given as input to a CAPTCHA type-specific procedure. The procedure returns a judgment on whether the candidate image is suitable for use in the CAPTCHA under consideration based on the pertinent information about the candidate image. The procedure for image selection may make a decision on several candidate images at a time for some types of CAPTCHAs.


Although the steps of the method illustrated in FIG. 2 are described as occurring in a particular order, the present disclosure contemplates any suitable steps of the method illustrated in FIG. 2 occurring in any particular order.


Refining the Image Selection Process

There are different types of CAPTCHA challenges. The two sample CAPTCHA tests illustrated in FIGS. 1A and 1B requests the testee to recognize and describe the subject matter of the image presented. Other types of CAPTCHA include requesting the testee to selected one image from multiple images that best matches or is most similar to a target image, to find the boundary or geometric center of an image that is positioned among multiple connected and optionally distorted images, etc. According to particular embodiments, if the specific type of the CAPTCHA to be constructed is known, then the selection of the image(s) used for the CAPTCHA may be further refined based on the type of the CAPTCHA to be constructed.



FIG. 3 illustrates an image-description type CAPTCHA 300. An image 310 is presented to the testee. The challenge is for the testee to describe the subject matter of the image 310. The challenge may be presented in a variety of ways. For example, in one option, the testee may be asked to provide a word or a phrase 320 that describes the object in the image 310. In an alternative option, the testee may be asked to select one of the multiple words provided 330 that describes the object in the image 310. For this type of CAPTCHA, it is preferable that the image selected has little or no public information and/or incorrect public information.


For a computer program to solve image-description type CAPTCHAs, in addition to image recognition or pattern recognition algorithms, which often do not provide satisfactory results, the computer program may use publicly available information associated with the presented image to help determine the subject matter of the presented image. The public information may include tags, descriptions, and other publicly available data associated with the image. Thus, the less public information of the presented image is available, the more difficult it is for the computer program to guess the correct subject matter of the presented image. Alternatively or in addition, if the presented image has incorrect public information, it may mislead the computer program into guessing the wrong response. Whether an image's public information is correct or incorrect may be determined by comparing the image's public information against the image's private information. If the two sets of information do not agree mostly, it is likely that the image's public information is largely incorrect.


Thus, to construct an image-description type CAPTCHA, it is desirable to select an image that has public information that is orthogonal to the correct response of the CAPTCHA. Generally, the less correct public information and/or the more incorrect public information the presented image has, the more difficult it is for the computer program to guess the correct response. In step 220, when selecting an image from the candidate images to construct an image-description type CAPTCHA, the selection process may be further refined by analyzing the amount and/or the correctness of the public information of each candidate image and selecting an image that has relatively little or no public information and/or mostly incorrect public information.



FIG. 4 illustrates an image-similarity type CAPTCHA 400. A target image 410 and a set of additional choice images 421, 422, 423, 424 are presented to the testee. The challenge is for the testee to select from the additional choice images 421, 422, 423, 424 one image that matches or is similar to the target image 410. In this example, the testee is asked to select one of the additional choice images 421, 422, 423, 424 that shows the same person as that in the target image 410.


For a computer program to solve image-similarity type CAPTCHAs, the computer program may use publication information associated with the presented images to help determine which of the additional choice images shows the same subject matter as that in the target image. If the correct response image and the target image have little or no similar public information, then it may be difficult for the computer program to guess the correct response image using the public images of each of the presented images. In this example, the image 422 shows the same person as that in the target image 410. If the image 422 and the target image 410 share little or no similar public information, then it may be difficult for the computer program to guess that the image 422 is the correct response image. Optionally in addition, if the incorrect response images, i.e., the images 421, 423, 424, share similar public information with the target image 410, then it may mislead the computer program into guessing the wrong response image.


Thus, to construct an image-similarity type CAPTCHA, it is desirable to select a set of images where the target image and the correct response image share little or no similar public information, i.e., the difference between the publication information of the target image and the public information of the correct response image is relatively large. Generally, the less similar public information shared between the target image and the correct response image, the more difficult for the computer program to guess the correct response image using each image's public information. In step 220, when selecting images from the candidate images to construct an image-similarity type CAPTCHA, the selection process may be further refined by analyzing the degrees of similarity between the public information of the selected target image and the public information of each of the selected additional choice images and selecting a target image and a correct response image that share little or no similar public information. Optionally in addition, those additional choice images other than the correct response image may be selected based on their sharing similar public information with the target image.


Computer System

The method described above may be implemented as computer software using computer-readable instructions and physically stored in computer-readable medium. A “computer-readable medium” as used herein may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, system or device. The computer readable medium may be, by way of example only but not by limitation, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, system, device, propagation medium, or computer memory.


The computer software may be encoded using any suitable computer languages, including future programming languages. Different programming techniques can be employed, such as, for example, procedural or object oriented. The software instructions may be executed on various types of computers, including single or multiple processor devices.


Embodiments of the present disclosure may be implemented by using a programmed general purpose digital computer, by using application specific integrated circuits, programmable logic devices, field programmable gate arrays, optical, chemical, biological, quantum or nano-engineered systems, components and mechanisms may be used. In general, the functions of the present disclosure can be achieved by any means as is known in the art. Distributed, or networked systems, components and circuits can be used. Communication, or transfer, of data may be wired, wireless, or by any other means.


For example, FIG. 5 illustrates a computer system 500 suitable for implementing embodiments of the present disclosure. The components shown in FIG. 5 for computer system 500 are exemplary in nature and are not intended to suggest any limitation as to the scope of use or functionality of the computer software implementing embodiments of the present disclosure. Neither should the configuration of components be interpreted as having any dependency or requirement relating to any one or combination of components illustrated in the exemplary embodiment of a computer system. Computer system 500 may have many physical forms including an integrated circuit, a printed circuit board, a small handheld device (such as a mobile telephone or PDA), a personal computer or a super computer.


Computer system 500 includes a display 532, one or more input devices 533 (e.g., keypad, keyboard, mouse, stylus, etc.), one or more output devices 534 (e.g., speaker), one or more storage devices 535, various types of storage medium 536.


The system bus 540 link a wide variety of subsystems. As understood by those skilled in the art, a “bus” refers to a plurality of digital signal lines serving a common function. The system bus 540 may be any of several types of bus structures including a memory bus, a peripheral bus, and a local bus using any of a variety of bus architectures. By way of example and not limitation, such architectures include the Industry Standard Architecture (ISA) bus, Enhanced ISA (EISA) bus, the Micro Channel Architecture (MCA) bus, the Video Electronics Standards Association local (VLB) bus, the Peripheral Component Interconnect (PCI) bus, the PCI-Express bus (PCI-X), and the Accelerated Graphics Port (AGP) bus.


Processor(s) 501 (also referred to as central processing units, or CPUs) optionally contain a cache memory unit 502 for temporary local storage of instructions, data, or computer addresses. Processor(s) 501 are coupled to storage devices including memory 503. Memory 503 includes random access memory (RAM) 504 and read-only memory (ROM) 505. As is well known in the art, ROM 505 acts to transfer data and instructions uni-directionally to the processor(s) 501, and RAM 504 is used typically to transfer data and instructions in a bi-directional manner. Both of these types of memories may include any suitable of the computer-readable media described below.


A fixed storage 508 is also coupled bi-directionally to the processor(s) 501, optionally via a storage control unit 507. It provides additional data storage capacity and may also include any of the computer-readable media described below. Storage 508 may be used to store operating system 509, EXECs 510, application programs 512, data 511 and the like and is typically a secondary storage medium (such as a hard disk) that is slower than primary storage. It should be appreciated that the information retained within storage 508, may, in appropriate cases, be incorporated in standard fashion as virtual memory in memory 503.


Processor(s) 501 is also coupled to a variety of interfaces such as graphics control 521, video interface 522, input interface 523, output interface, storage interface 525, and these interfaces in turn are coupled to the appropriate devices. In general, an input/output device may be any of: video displays, track balls, mice, keyboards, microphones, touch-sensitive displays, transducer card readers, magnetic or paper tape readers, tablets, styluses, voice or handwriting recognizers, biometrics readers, or other computers. Processor(s) 501 may be coupled to another computer or telecommunications network 530 using network interface 520. With such a network interface 520, it is contemplated that the CPU 501 might receive information from the network 530, or might output information to the network in the course of performing the above-described method steps. Furthermore, method embodiments of the present disclosure may execute solely upon CPU 501 or may execute over a network 530 such as the Internet in conjunction with a remote CPU 501 that shares a portion of the processing.


According to various embodiments, when in a network environment, i.e., when computer system 500 is connected to network 530, computer system 500 may communicate with other devices that are also connected to network 530. Communications may be sent to and from computer system 500 via network interface 520. For example, incoming communications, such as a request or a response from another device, in the form of one or more packets, may be received from network 530 at network interface 520 and stored in selected sections in memory 503 for processing. Outgoing communications, such as a request or a response to another device, again in the form of one or more packets, may also be stored in selected sections in memory 503 and sent out to network 530 at network interface 520. Processor(s) 501 may access these communication packets stored in memory 503 for processing.


In addition, embodiments of the present disclosure further relate to computer storage products with a computer-readable medium that have computer code thereon for performing various computer-implemented operations. The media and computer code may be those specially designed and constructed for the purposes of the present disclosure, or they may be of the kind well known and available to those having skill in the computer software arts. Examples of computer-readable media include, but are not limited to: magnetic media such as hard disks, floppy disks, and magnetic tape; optical media such as CD-ROMs and holographic devices; magneto-optical media such as floptical disks; and hardware devices that are specially configured to store and execute program code, such as application-specific integrated circuits (ASICs), programmable logic devices (PLDs) and ROM and RAM devices. Examples of computer code include machine code, such as produced by a compiler, and files containing higher-level code that are executed by a computer using an interpreter.


As an example and not by way of limitation, the computer system having architecture 500 may provide functionality as a result of processor(s) 501 executing software embodied in one or more tangible, computer-readable media, such as memory 503. The software implementing various embodiments of the present disclosure may be stored in memory 503 and executed by processor(s) 501. A computer-readable medium may include one or more memory devices, according to particular needs. Memory 503 may read the software from one or more other computer-readable media, such as mass storage device(s) 535 or from one or more other sources via communication interface. The software may cause processor(s) 501 to execute particular processes or particular steps of particular processes described herein, including defining data structures stored in memory 503 and modifying such data structures according to the processes defined by the software. In addition or as an alternative, the computer system may provide functionality as a result of logic hardwired or otherwise embodied in a circuit, which may operate in place of or together with software to execute particular processes or particular steps of particular processes described herein. Reference to software may encompass logic, and vice versa, where appropriate. Reference to a computer-readable media may encompass a circuit (such as an integrated circuit (IC)) storing software for execution, a circuit embodying logic for execution, or both, where appropriate. The present disclosure encompasses any suitable combination of hardware and software.


A “processor,” “process,” or “act” includes any human, hardware and/or software system, mechanism or component that processes data, signals or other information. A processor can include a system with a general-purpose central processing unit, multiple processing units, dedicated circuitry for achieving functionality, or other systems. Processing need not be limited to a geographic location, or have temporal limitations. For example, a processor can perform its functions in “real time,” “offline,” in a “batch mode,” etc. Portions of processing can be performed at different times and at different locations, by different (or the same) processing systems.


Although the acts, operations or computations disclosed herein may be presented in a specific order, this order may be changed in different embodiments. In addition, the various acts disclosed herein may be repeated one or more times using any suitable order. In some embodiments, multiple acts described as sequential in this disclosure can be performed at the same time. The sequence of operations described herein can be interrupted, suspended, or otherwise controlled by another process, such as an operating system, kernel, etc. The acts can operate in an operating system environment or as stand-alone routines occupying all, or a substantial part, of the system processing.


Reference throughout the present disclosure to “particular embodiment,” “example embodiment,” “illustrated embodiment,” “some embodiments,” “various embodiments,” “one embodiment,” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present disclosure and not necessarily in all embodiments. Thus, respective appearances of the phrases “in a particular embodiment,” “in one embodiment,” “in some embodiments,” or “in various embodiments” in various places throughout this specification are not necessarily referring to the same embodiment. Furthermore, the particular features, structures, or characteristics of any specific embodiment of the present disclosure may be combined in any suitable manner with one or more other embodiments. It is to be understood that other variations and modifications of the embodiments of the present disclosure described and illustrated herein are possible in light of the teachings herein and are to be considered as part of the spirit and scope of the present disclosure.


It will also be appreciated that one or more of the elements depicted in FIGS. 1 through 5 can also be implemented in a more separated or integrated manner, or even removed or rendered as inoperable in certain cases, as is useful in accordance with a particular application.


As used in the description herein and throughout the claims that follow, “a”, “an”, and “the” includes plural references unless the context clearly dictates otherwise. Also, as used in the description herein and throughout the claims that follow, the meaning of “in” includes “in” and “on” unless the context clearly dictates otherwise. Additionally, the term “or” as used herein is generally intended to mean “and/or” unless otherwise indicated. Combinations of components or steps will also be considered as being noted, where terminology is foreseen as rendering the ability to separate or combine is unclear.


While this disclosure has described several preferred embodiments, there are alterations, permutations, and various substitute equivalents, which fall within the scope of this disclosure. It should also be noted that there are many alternative ways of implementing the methods and apparatuses of the present disclosure. It is therefore intended that the following appended claims be interpreted as including all such alterations, permutations, and various substitute equivalents as fall within the true spirit and scope of the present disclosure.

Claims
  • 1. A method, comprising: accessing a plurality of candidate images, each candidate image comprising public information and private information;selecting one or more images from the plurality of candidate images based at least in part on each image's public information and private information; andconstructing a CAPTCHA comprising the one or more images, a challenge, and a correct response,wherein it is difficult for a computer to automatically determine the correct response using only the public information of each of the one or more images, andwherein the private information of each of the one or more images is accessible only to an entity responsible for constructing the CAPTCHA.
  • 2. The method as recited in claim 1, wherein it is nearly impossible for the computer to automatically determine the correct response of the CAPTCHA using only the public information of each of the one or more images.
  • 3. The method as recited in claim 1, wherein it is impossible for the computer to automatically determine the correct response of the CAPTCHA using only the public information of each of the one or more images.
  • 4. The method as recited in claim 1, wherein selecting the one or more images from the plurality of candidate images is further based on a type of the CAPTCHA.
  • 5. The method as recited in claim 4, wherein: the one or more images comprises one image,the challenge comprises describing a subject matter of the image, andthe image is selected from the plurality of candidate images based on the image lacking public information or having incorrect public information.
  • 6. The method as recited in claim 4, wherein: the one or more images comprises one target image and a plurality of choice images,the challenge comprises selecting a response image from the plurality of choice images that has a subject matter that is most similar to a subject matter of the target image among the plurality of choice images, andthe target image and the plurality of choice images are selected from the plurality of candidate images based on the target image and the response image having different public information.
  • 7. The method as recited in claim 6, wherein the target image and the plurality of choice images are selected from the plurality of candidate images further based on the target image and each of the plurality of choice images other than the response image having similar public information.
  • 8. The method as recited in claim 1, further comprising obtaining the plurality of candidate images from the Internet.
  • 9. The method as recited in claim 8, further comprising obtaining the private information of each of the plurality of candidate images from search queries communicated to a search engine associated with the entity.
  • 10. The method as recited in claim 8, further comprising obtaining the private information of each of the plurality of candidate images from logs generated by a server associated with the entity, wherein the logs comprises data relating to Internet activities conducted via the server.
  • 11. A computer program product comprising a plurality of computer program instructions physically stored in a computer-readable medium, wherein the plurality of computer program instructions are operable to cause at least one computing device to: access a plurality of candidate images, each candidate image comprising public information and private information;select one or more images from the plurality of candidate images based at least in part on each image's public information and private information; andconstruct a CAPTCHA comprising the one or more images, a challenge, and a correct response,wherein it is difficult for a computer to automatically determine the correct response using only the public information of each of the one or more images, andwherein the private information of each of the one or more images is accessible only to an entity responsible for constructing the CAPTCHA.
  • 12. The computer program product as recited in claim 11, wherein it is nearly impossible for the computer to automatically determine the correct response of the CAPTCHA using only the public information of each of the one or more images.
  • 13. The computer program product as recited in claim 11, wherein it is impossible for the computer to automatically determine the correct response of the CAPTCHA using only the public information of each of the one or more images.
  • 14. The computer program product as recited in claim 11, wherein to select the one or more images from the plurality of candidate images is further based on a type of the CAPTCHA.
  • 15. The computer program product as recited in claim 14, wherein: the one or more images comprises one image,the challenge comprises describing a subject matter of the image, andthe image is selected from the plurality of candidate images based on the image lacking public information or having incorrect public information.
  • 16. The computer program product as recited in claim 14, wherein: the one or more images comprises one target image and a plurality of choice images,the challenge comprises selecting a response image from the plurality of choice images that has a subject matter that is most similar to a subject matter of the target image among the plurality of choice images, andthe target image and the plurality of choice images are selected from the plurality of candidate images based on the target image and the response image having different public information.
  • 17. The computer program product as recited in claim 16, wherein the target image and the plurality of choice images are selected from the plurality of candidate images further based on the target image and each of the plurality of choice images other than the response image having similar public information.
  • 18. The computer program product as recited in claim 11, wherein the plurality of computer program instructions are further operable to cause the at least one computing device to obtain the plurality of candidate images from the Internet.
  • 19. The computer program product as recited in claim 18, wherein the plurality of computer program instructions are further operable to cause the at least one computing device to obtain the private information of each of the plurality of candidate images from search queries communicated to a search engine associated with the entity.
  • 20. The computer program product as recited in claim 18, wherein the plurality of computer program instructions are further operable to cause the at least one computing device to obtain the private information of each of the plurality of candidate images from logs generated by a server associated with the entity, wherein the logs comprises data relating to Internet activities conducted via the server.