CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are often used to ensure that information submitted to a computer system was submitted by a human rather than a computer. A CAPTCHA is a type of challenge-response test used to ensure that a response is not generated by a computer and are commonly used to prevent automated software from performing actions which degrade the quality of service of a given system, whether due to abuse or resource expenditure. The authentication process usually involves the system requesting a user to complete a simple test which the system is able to generate and grade. Assuming attacking computers are unable to solve the CAPTCHA, any user entering a correct solution is presumed to be human. The most common type of CAPTCHA in use requires the user enter letters or digits from a distorted image that appears on a display screen.
Automated approaches to defeat the use of CAPTCHAs usually involve the use of optical character recognition (OCR). OCR is used by the attacking computer to “read” the letters or digits by analyzing a captured image of the CAPTCHA. The use of OCR has been countered by distorting the letters and digits forming the CAPTCHA in such a way that OCR can not solve the CAPTCHA, but humans can still perceive the letters and digits. In the meantime, OCR techniques have advanced to the point where standard distorted text-based CAPTCHAs require so much deformation to authenticate the user that the CAPCHAs in many cases are difficult for humans to read.
It is in this context that embodiments of the invention arise.
Broadly speaking, the present invention fills these needs by providing a method and apparatus for generating multi-frame challenge-response tests using motion. In one embodiment, the relative motion between the foreground and background of the challenge-response test obscures the entry object from automated computing systems, while allowing human users to readily solve the challenge-response test. It should be appreciated that the present invention can be implemented in numerous ways, including as a method, a system, or a device. Several inventive embodiments of the present invention are described below.
In accordance with one aspect of the invention, a method for generating a multi-frame image rendering of a challenge-response test on a display is detailed. The method begins by identifying a pattern with graphical elements, and a display region for rendering an entry object of the multi-frame image of the challenge-response test. Then a foreground sampling window having a non-patterned area defined by the entry object is defined. The foreground sampling window captures graphical elements of the pattern along a first path. In addition, a background sampling window that captures graphical elements of the pattern along a second path is defined. The foreground sampling window is overlaid on the background sampling window at the display region of the display, such that the entry object of the challenge-response test is discernable from the pattern during a period of time when multiple frames are rendered.
In accordance with another aspect of the invention, a computing system for authenticating access using a multi-frame image rendering of a challenge-response test is provided. The computing system has a processor with a test generation engine for generating an entry object of the multi-frame challenge-response test, and identifying a pattern with graphical elements. The processor further includes a pattern sampling engine that defines a foreground sampling window a non-patterned area defined by the entry object of the test generation engine. In addition, the pattern sampling engine defines background sampling window, and both the foreground sampling window and background sampling windows capture the graphical elements of the pattern while moving along a first and second path, respectively, across the pattern. An overlay engine of the processor overlays contents foreground sampling window on the contents of background sampling window. A display renderer engine of the processor renders multiple frames the challenge-response test, such that the entry object is discernable from the pattern when multiple frames are rendered.
Other aspects and advantages of the invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, illustrating by way of example the principles of the invention.
The invention, together with further advantages thereof, may best be understood by reference to the following description taken in conjunction with the accompanying drawings.
FIGS. 1A-1-5 illustrates exemplary patterns that can be used to generate a multiple frame challenge-response test, in accordance with one embodiment of the present invention.
The following embodiments describe an apparatus and method for generating multi-frame challenge-response tests using motion. The challenge-response test can be located in a display region of a webpage or a program screen to prevent access to automated computers for exemplary functions that include e-mailing content of the webpage, log on to an account, or perform a transaction. It will be obvious, however, to one skilled in the art, that the present invention may be practiced without some or all of these specific details. In other instances, well known process operations have not been described in detail in order not to unnecessarily obscure the present invention.
Humans are much better at tracking motion than machines. This deficiency in machine systems is exploited to create a text-based multi-frame challenge-response test using standard, non-warped characters which a human can discern from a pattern, but which would are difficult for an attacking computer to interpret. The generated multi-frame challenge-response test uses a foreground sampling window and a background sampling window that samples part of pattern. The foreground sampling window has a non-patterned area that contains an entry object of the multi-frame challenge-response test, which are the characters that need to be entered by the user. As a snapshot, a static fame of the multi-frame challenge-response test appears as a field of uniform noise. Only when multiple frames of the multi-frame challenge-response test are rendered is the entry object discernable from the pattern. Embodiments described below generate multi-frame challenge-response test using motion that are human-solvable, but extremely difficult for attacking computers to solve.
FIGS. 1A-1-5 illustrates exemplary patterns that can be used to generate a multiple frame challenge-response test, in accordance with one embodiment of the present invention. The multi-frame challenge-response test uses patterns 4 defined by graphical elements 10. Graphical elements 10 of the pattern 4 should be broadly construed to include lines, alpha-numeric characters, dots, symbols, random shapes, characters in non-Latin scripts, any combination of these graphical elements 10, etc. In one embodiment, the pattern 4 has a substantially uniform distribution of graphical elements 10. The exemplary patterns 4 and graphical elements 10 of FIGS. 1A-1-5 are for illustrative purposes, and as such, are not meant to limit the patterns 4 or graphical elements 10 that can be used to implement the present invention.
The exemplary movements of
Creating a pattern 4 can start with a set number of graphical elements 10. Still further each graphical element 10 can be assigned a random initial position, a random lifetime, or a rate of movement. In one embodiment, the rate of movement of the graphical elements 10 is a slight random variation from the initial rate of movement of the foreground sampling window 16 or the background sampling window 12. After generating each frame of the challenge-response test, graphical elements 10 are assigned a new position based on the position of the graphical element 10 in the previous frame, and the rate of movement associated with the graphical element 10. In addition, the lifetime of the graphical elements 10 is decremented as each frame of the multi-frame challenge-response test is generated. When the lifetime of a graphical element 10 reaches zero, the graphical element 10 is assigned a new random position, and a new rate of movement. After the lifetime of a graphical element reaches zero, a new position and lifetime are randomly assigned to the graphical element 10.
As illustrated in
The samples 16A of the foreground sampling window 16 are overlaid over samples 12A of the background sampling window 12 through an overlay engine 60. In one embodiment, the overlay engine 60 overlays the sample 16A from the foreground sampling window 16 over the corresponding sample 12A from the background sampling window 12. The result of overlaying the sample 16A from the foreground sampling window 16 over the sample 12A of the background sampling window 16 is an overlaid frame. The overlaid frames are transmitted to a display render 62. The display renderer 62 receives the overlaid frames from the overlay engine 60, and generates a loop of multiple sequential overlaid frames. In one embodiment, the positions of the background sampling window 12 and the foreground sampling window 16 at the end of the loop is substantially the same as the beginning of the loop. This allows a loop of multiple frames to be rendered without an abrupt twitch when the multiple frame loop restarts from the beginning of the loop.
The loop of multiple sequential overlaid frames is transmitted from the display renderer 62 and rendered at a rate of multiple frames per second in the display region 14 of the display. The entry object 24 of the challenge-response test is not discernable from the pattern 4 when the background sampling window 12 and the foreground sampling window 16 are fixed to a position and are rendered in the display region 14B of the display. In one embodiment, the frame with the static foreground sampling window 16 and background sampling window 12 appears to be a field of uniform noise when rendered in the display region 14B. Still further, the entry object 24 of the challenge response test is discernable during a period of time when the loop of multiple overlaid frames is rendered in the display region 14A due to the differing move vectors of the foreground sampling window 16 and the background sampling window 12. In other words, the relative difference in motion between the background sampling window 12 and the foreground sampling window 16, allows a user to discern the shape of the entry object 24 of the challenge response test rendered in the display region 14B.
It is possible that an attacking computing system might be able to track the relative movement between the graphical elements 10A of the background sampling window 12 and the graphical elements 10B of the foreground sampling window 16 to discern the entry object 24 of the challenge-response test rendered in the display region 14B. To increase the difficulty for attacking computing systems to discern the entry object 24 of the rendered challenge-response test, the pattern 4 can be modified over time as discussed above. Frames of the graphical elements 10B of the foreground sampling window 16 are overlaid over the graphical elements 10A of the background sampling window 12 are created using a pattern 4 with randomly moving graphical elements 10, as discussed above.
As discussed above, the graphical elements 10A of the background sampling window 12 are visible in the non-patterned area 18 of the foreground sampling window 16, and the graphical elements 10B of the foreground sampling window 16 are visible in the remainder of the display region 14. Since the graphical elements 10 of the pattern 4 are randomized using the same methodology, a single frame has a substantially uniform distribution of graphical elements 10. Randomization of the graphical elements 10 of the pattern is particularly effective when the size of the graphical elements 10 of the pattern 4 is small relative to the size of the non-patterned area 18 of the foreground sampling window 16 that forms the entry object 24 of the challenge-response test.
During the period of time when multiple frames of the challenge-response test are rendered in rapid succession, the entry object 24 of the challenge-response test is discernable from the pattern 4. For example, over a period of time when approximately seven or eight frames of the challenge-response test are rendered, the entry 24 can be discerned from the pattern 4. The exemplary number of frames is for illustrative purposes, and is not intended to be limiting. An attacking computer attempting to “read” the entry object 24 of the challenge-response test would need to overlay several frames of the challenge-response test and analyze the frames to determine if the entry object 24 can be discerned. Or the attacking computer would need to analyze the motion of the pattern 4, which would be computationally expensive if the pattern 4 is randomized.
In operation 204, a foreground sampling window that captures the graphical elements of the pattern along a path is defined. In one embodiment, the foreground sampling window includes a non-patterned area that does not capture the graphical elements of the pattern, as illustrated in
In operation 208, the background sampling window and the foreground sampling window are presented in the display region of the display. In one embodiment, an overlay engine overlays samples of the foreground sampling window over corresponding samples of the background sampling window. The overlaid samples of the foreground sampling window and the background sampling window are rendered by a display renderer, as discussed in reference to
The server system 50 may further include a pattern sampling engine (PSE) 54 for defining the foreground sampling window and a background sampling window. In one embodiment, as illustrated in
The overlay engine (OE) 60 of the server system 50 overlays the graphical elements captured by the foreground sampling window over the corresponding graphical elements captured by background sampling window, as directed by the pattern sampling engine 54. The overlaid frames from the overlay engine 20 are transmitted to the display renderer (DR) 62 that renders a multiple frame loop of the challenge-response test. The multiple frame loop is transmitted to the client system 58 though the Internet 56. The entry object of the challenge-response test is discernable from the pattern when multiple frames are rendered on the display region 14 of the webpage 20.
The invention may be practiced with other computer system configurations including hand-held devices, microprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, mainframe computers and the like. The invention may also be practiced in distributing computing environments where tasks are performed by remote processing devices that are linked through a network.
With the above embodiments in mind, it should be understood that the invention may employ various computer-implemented operations involving data stored in computer systems. These operations are those requiring physical manipulation of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. Further, the manipulations performed are often referred to in terms, such as producing, identifying, determining, or comparing.
Any of the operations described herein that form part of the invention are useful machine operations. The invention also relates to a device or an apparatus for performing these operations. The apparatus may be specially constructed for the required purpose, such as a special purpose computer. When defined as a special purpose computer, the computer can also perform other processing, program execution or routines that are not part of the special purpose, while still being capable of operating for the special purpose. Alternatively, the operations may be processed by a general purpose computer selectively activated or configured by one or more computer programs stored in the computer memory, cache, or obtained over a network. When data is obtained over a network the data may be processed by other computers on the network, e.g., a cloud of computing resources.
The embodiments of the present invention can also be defined as a machine that transforms data from one state to another state. The transformed data can be saved to storage and then manipulated by a processor. The processor thus transforms the data from one thing to another. Still further, the methods can be processed by one or more machines or processors that can be connected over a network. Each machine can transform data from one state or thing to another, and can also process data, save data to storage, transmit data over a network, display the result, or communicate the result to another machine.
The invention can also be embodied as computer readable code on a computer readable medium. The computer readable medium is any data storage device that can store data, which can thereafter be read by a computer system. Examples of the computer readable medium include hard drives, network attached storage (NAS), read-only memory, random-access memory, CD-ROMs, CD-Rs, CD-RWs, DVDs, Flash, magnetic tapes, and other optical and non-optical data storage devices. The computer readable medium can also be distributed over a network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.
Although the foregoing invention has been described in some detail for purposes of clarity of understanding, it will be apparent that certain changes and modifications can be practiced within the scope of the appended claims. Accordingly, the present embodiments are to be considered as illustrative and not restrictive, and the invention is not to be limited to the details given herein, but may be modified within the scope and equivalents of the appended claims.
Number | Name | Date | Kind |
---|---|---|---|
4722005 | Ledenbach | Jan 1988 | A |
5874991 | Steinberg et al. | Feb 1999 | A |
5945972 | Okumura et al. | Aug 1999 | A |
6692170 | Abir | Feb 2004 | B2 |
7054928 | Segan et al. | May 2006 | B2 |
7194542 | Segan et al. | Mar 2007 | B2 |
7624277 | Simard et al. | Nov 2009 | B1 |
8152637 | Watanabe et al. | Apr 2012 | B2 |
8276099 | Yost | Sep 2012 | B2 |
8613047 | Chen et al. | Dec 2013 | B2 |
20020029252 | Segan et al. | Mar 2002 | A1 |
20020122197 | Abir | Sep 2002 | A1 |
20030219146 | Jepson et al. | Nov 2003 | A1 |
20050197164 | Chan | Sep 2005 | A1 |
20060168144 | Segan et al. | Jul 2006 | A1 |
20070250898 | Scanlon et al. | Oct 2007 | A1 |
20070252804 | Engel et al. | Nov 2007 | A1 |
20070294644 | Yost | Dec 2007 | A1 |
20080077863 | Jong et al. | Mar 2008 | A1 |
20080127302 | Qvarfordt et al. | May 2008 | A1 |
20080158257 | Bobrow et al. | Jul 2008 | A1 |
20080170751 | Lei et al. | Jul 2008 | A1 |
20080175482 | Ma et al. | Jul 2008 | A1 |
20090080729 | Zhang et al. | Mar 2009 | A1 |
20090089706 | Furches et al. | Apr 2009 | A1 |
20090165046 | Stallings et al. | Jun 2009 | A1 |
20090292980 | Swineford et al. | Nov 2009 | A1 |
20100045799 | Lei et al. | Feb 2010 | A1 |
20100061462 | Ichiki | Mar 2010 | A1 |
20100066662 | Tomisawa et al. | Mar 2010 | A1 |
20100073568 | Van Ostrand et al. | Mar 2010 | A1 |
20100106464 | Hlasny et al. | Apr 2010 | A1 |
20100118049 | Bobrow et al. | May 2010 | A1 |
20100165112 | Scanlon et al. | Jul 2010 | A1 |
20100168881 | Weber et al. | Jul 2010 | A1 |
20100169389 | Weber et al. | Jul 2010 | A1 |
20100205667 | Anderson et al. | Aug 2010 | A1 |
20110004835 | Yanchar et al. | Jan 2011 | A1 |
20110044536 | Cobb et al. | Feb 2011 | A1 |
20110051992 | Cobb et al. | Mar 2011 | A1 |
20110052067 | Cobb et al. | Mar 2011 | A1 |
20110052068 | Cobb et al. | Mar 2011 | A1 |
20110064267 | Cobb et al. | Mar 2011 | A1 |
20110064268 | Cobb et al. | Mar 2011 | A1 |
20110261050 | Smolic et al. | Oct 2011 | A1 |
20110276663 | Rhoads | Nov 2011 | A1 |
20120038459 | Hindus et al. | Feb 2012 | A1 |
Entry |
---|
Bing Search q=captcha+invisible+static+frames&qs Aug. 10, 2014. |
Bing Search q=invisible+static+frames&qs=n&form= Aug. 10, 2014. |
S. King, “Multi-Step Challenge-Response Test”, U.S. Appl. No. 12/873,140, filed Aug. 31, 2010. |
Captcha, Wikipedia, the free encyclopedia, Nov. 9, 2009, pp. 1-8, http://en.wikipedia.org/wiki/Captcha. |
Number | Date | Country | |
---|---|---|---|
20110185311 A1 | Jul 2011 | US |