This invention relates to a technique enhanced security for data entry.
To gain access to a web site offering secure content, such as a site maintained by a financial organization, a user enters verification information typically comprised of a user log-in and a password or Personal Identification Number (PIN). The user log-in specifically identifies the user; whereas the password or PIN comprises a secret code that only the user and the web site know, thereby preventing unauthorized access by upon entry of the user long-in alone. Web sites that offer unsecure content, for example the content provided by a newspaper or the like, typically do not require a high level of security. At best, such sites may only require a user to enter a log-in for the purpose of tracking customer usage.
Web sites with easy user access remain vulnerable to repeated automated access by computers. To allow for individual access by a human being but reduce in not eliminate repeated automated access by computers, many web sites make use of a Completely Automated Public Turing test to tell Computers and Humans Apart” (CAPTCHA). A typical CAPTCHA takes the form of a display of one or more sets of alphanumeric characters (typically, although not necessarily in the form of one or more words) obscured in some manner so as to be recognizable by a human being but unrecognizable by a computer, even with the aid of known computer-based imaging techniques. A user seeking access must decipher the obscured word or words and enter them to successfully gain access. The inability of a computer to decipher the obscured word or words thus prevents automated access.
Advances in computer-aided image recognition techniques have made present-day CAPTCHAs less secure. Thus, a need exists for a CAPTCHA having enhanced security.
Briefly, in accordance with a preferred embodiment of the present principles, a technique for authorizing access, such as access to web site, commences by generating for display at least one distorted string of alphanumeric characters, in combination with at least one of a glyph, picture or symbol, the glyph, picture or symbol being foreign to a target audience. (A glyph constitutes an individual mark on a written medium that contributes to the meaning of what is written.). The response of a user entered to in reaction to the distorted string of alphanumeric characters is compared to a reference string of characters to determine whether to grant access.
To reduce the incidence of unwanted repeated access through automated means, website operators often employ a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA). To gain access to a web site which employs a CAPTCHA, the user must successfully enter a string of alphanumeric characters purposely distorted to make computer-aided image recognition difficult if not impossible.
Adding lines or dashes through one or more words;
Running the original letters together;
Adding different contrasting backgrounds;
Inter-mixing the background and the words;
Changing the font between different alphanumeric strings;
Using more than one word in a string; and
Using non-words (gibberish) in a character string
The above-described distortion techniques, while effective in the past, will likely become less secure in the future as computer-aided imaging techniques improve. Thus, a need exists for a more secure CAPTCHA.
In accordance a preferred embodiment of the present principles, a more secure CAPTCHA makes use of a distorted alphanumeric character string or strings that include glyphs, pictures or symbols foreign to a target audience. (A glyph constitutes an individual mark on a written medium that contributes to the meaning of what is written.) A glyph used in any of the above CAPTCHAs would require the use of sophisticated computer imaging to recognize individual characters in order to determine which characters to discard. This process constitutes a trivial task for humans who would know which of the character set to expect, but a very difficult decision for a computer already struggling to decide where a character begins and ends, let alone identifying the character as being valid.
The presence of the glyph 302b within the string 306 will not impair human recognition of the word “confidential” since a human will likely ignore the glyph 302b as being irrelevant. However, attempting to recognize the string 306 as the word “confidential” using computer-imaging techniques will likely fail since such techniques will always seek to identify the glyph as an alphanumeric character. Substituting a picture or symbol in place of the glyph 302b will also greatly impede recognition of the string 306 of
The foregoing describes a method for achieving more secure CAPTCHA.
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/US2011/038031 | 5/26/2011 | WO | 00 | 9/9/2013 |
Number | Name | Date | Kind |
---|---|---|---|
6195698 | Lillibridge et al. | Feb 2001 | B1 |
7624277 | Simard et al. | Nov 2009 | B1 |
20090187986 | Ozeki | Jul 2009 | A1 |
20090307765 | Mardikar et al. | Dec 2009 | A1 |
20090319270 | Gross | Dec 2009 | A1 |
20100046790 | Koziol et al. | Feb 2010 | A1 |
20100095350 | Lazar et al. | Apr 2010 | A1 |
20100161927 | Sprouse et al. | Jun 2010 | A1 |
20100281526 | Raghavan | Nov 2010 | A1 |
20110106631 | Lieberman et al. | May 2011 | A1 |
20110202762 | Hadad et al. | Aug 2011 | A1 |
Entry |
---|
Kolupaev et al., “CAPTCHAs: Humans vs. Bots”, IEEE Security and Privacy, IEEE Computer Society, New York, NY, US, vol. 6, No. 1, Jan. 1, 2008, pp. 68-70. |
Number | Date | Country | |
---|---|---|---|
20130347090 A1 | Dec 2013 | US |