Patent Application
20090328163
The invention relates generally to computer systems, and more particularly to an improved system and method using a streaming captcha for online verification.
A captcha is an image that includes one or more words that are typically distorted in order to make it difficult for an automated agent or machine process to decipher, but easy for a human to decipher. A captcha is generally used to distinguish a human user from automated agent or machine process in order to eliminate robots from acquiring or submitting information online. A captcha may usually take the form of an image of a word that is mangled in some way and may be used in transactions that may require a human present, such as signing up for an online account, for instance. In this case, a captcha may be displayed, and, as part of the transaction, the text of the captcha must be supplied as input by presumably a human. In addition to being used to verify that a human may be involved in an online transaction or communication rather than an automated agent, captchas may also be used to avoid certain types of spam. For example, when a user enters a comment into an online system, it is increasingly common for the online system to send a captcha in order to verify that an automated agent is not being used to enter an advertising link automatically on a large number of comments in the online system.
However, captchas have been defeated by social engineering where unwitting third parties may decipher the captcha as part of a machine process. Captchas have also been defeated by image analysis. What is needed is a way to provide a captcha that is easy for a human to decipher but is not easily defeated by social engineering or by applying image analysis.
Briefly, the present invention may provide a system and method using a streaming captcha for online verification. In various embodiments, a client having a web browser may be operably coupled to a server for requesting a streaming captcha. The server may include a captcha serving engine that provides services to send a streaming captcha to a web browser operating on a client device for display as part of a web page and provides services to validate a character string received in response to display of the streaming captcha. The captcha serving engine may include an operably coupled streaming captcha composer that may superimpose a sequence of characters from a captcha character string on a video to compose the streaming captcha. The captcha serving engine may also include an operably coupled captcha streamer that may stream the streaming captcha to the web browser operating on the client for display as part of the web page. The captcha serving engine may also include an operably coupled response verifier that verifies a character string received from the client in response to display of the streaming captcha.
The present invention may effectively provide a streaming captcha that is easy for a human to decipher but difficult to be defeated by an automated agent. In various embodiments, a request sent by a client device may be received by a server to serve a streaming captcha to the client device. A server may compose a streaming captcha by superimposing a captcha character string on a video. A timer may be set and the streaming captcha may be streamed to the client device. The streaming captcha may be displayed on the client device, and a character string input by a user may be received in response to display of the streaming captcha. The character string received may be sent to the server for verification. The server may verify that the character string received is the same as the captcha character string displayed in the streaming captcha and may also verify that the response was sent within a predetermined time limit. The server may then send an indication of the verification to the client device.
Advantageously, the present invention may flexibly support various implementations of a streaming captcha. For instance, a streaming captcha may be composed by superimposing a captcha character string on a video stream so that the character string appears in the foreground part of the video stream. In an embodiment, the background part of the video stream may vary. Moreover, a character may change progressively into the next character in the sequence of characters in the captcha character string. Or an animation may be generated to display the sequence of characters from the captcha character string. Other advantages will become apparent from the following detailed description when taken in conjunction with the drawings, in which:
The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, and so forth, which perform particular tasks or implement particular abstract data types. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in local and/or remote computer storage media including memory storage devices.
With reference to
The computer system 100 may include a variety of computer-readable media. Computer-readable media can be any available media that can be accessed by the computer system 100 and includes both volatile and nonvolatile media. For example, computer-readable media may include volatile and nonvolatile computer storage media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by the computer system 100. Communication media may include computer-readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. For instance, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media.
The system memory 104 includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) 106 and random access memory (RAM) 110. A basic input/output system 108 (BIOS), containing the basic routines that help to transfer information between elements within computer system 100, such as during start-up, is typically stored in ROM 106. Additionally, RAM 110 may contain operating system 112, application programs 114, other executable code 116 and program data 118. RAM 110 typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by CPU 102.
The computer system 100 may also include other removable/non-removable, volatile/nonvolatile computer storage media. By way of example only,
The drives and their associated computer storage media, discussed above and illustrated in
The computer system 100 may operate in a networked environment using a network 136 to one or more remote computers, such as a remote computer 146. The remote computer 146 may be a personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer system 100. The network 136 depicted in
The present invention is generally directed towards a system and method for using a streaming captcha for online verification. A streaming captcha, as used herein, may mean a streaming video that includes one or more character strings that are typically distorted in order to make it difficult for an automated agent or machine process to decipher, but easy for a human to decipher. In various embodiments, a video with a captcha character string displayed in a sequence may be composed to stream to a client device. The video with the captcha character string may be streamed to the client device, and a character string input by a user may be received in response to display of the streaming captcha. The character string input by the user may be verified to be the captcha character string displayed in the streaming captcha.
As will be seen, many online applications may use a streaming captcha to distinguish a human user from automated agent or machine process in order to eliminate robots from acquiring or submitting information online. As will be understood, the various block diagrams, flow charts and scenarios described herein are only examples, and there are many other scenarios to which the present invention will apply.
Turning to
In various embodiments, a client computer 202 may be operably coupled to one or more servers 208 by a network 206. The client computer 202 may be a computer such as computer system 100 of
The server 208 may be any type of computer system or computing device such as computer system 100 of
There may be many online applications which may use a streaming captcha to verify the presence of a human user. For example, an online application may use the present invention to verify that a user is signing up for an online account. Similarly, ecommerce applications may use the present invention when responding to a request for product information to verify that a user is requesting the product information. For any of these online applications, a streaming captcha may be used to distinguish a human user from an automated agent or machine process in order to eliminate robots from acquiring or submitting information.
At step 304, the streaming captcha may be streamed to the client device. At step 306, a character string input by a user may be received in response to display of the streaming captcha. In an embodiment, each of the characters in the captcha character string could be required to be input by a user after the character was displayed in the streaming captcha and before the next character in the sequence may be displayed. In such an embodiment, the streaming captcha may stream a video clip with the character repeatedly until a character is received in response to displaying the character in the captcha character string for verification. In other embodiments, a character string may be received after the sequence of characters in the captcha character string was displayed in the streaming captcha.
At step 308, the character string input by the user may be verified to be the captcha character string displayed in the streaming captcha, and an indication of the verification may be output at step 310. For example, if the character string input by the user is the same as the captcha character string displayed in the streaming captcha, an acknowledgement of successful verification may be sent to the client device. If the character string is not the same as the captcha character string, a failure message may be sent to the client device.
At step 406, a character string input by a user may be received in response to display of the streaming captcha. In an embodiment, a user may be prompted to input each character in a sequence of captcha characters after the character has been displayed. At step 408, the character stream input by the user may be sent to a server for verification, and an indication of the verification may be received at step 410. If an acknowledgement is received that indicates the character string is the same as the captcha character string, a web browser or online application may allow a transaction to proceed, information to be acquired, information to be submitted, or other requested action that initiated online verification by a streaming captcha.
At step 506, a timer may be set. By applying timing constraints on the user's response, the time available to an attacker to solve the captcha may be limited. Such timing constraints may make it much harder to defeat the streaming captcha by social engineering. Moreover, applying timing constraints may also limit the amount of time that a robot would have to break the video stream into analyzable fragments for image analysis. At step 508, a streaming captcha may be streamed to the client device and a character string input by the user may be received at step 510.
At step 512, it may be determined whether the timer expired. If so, processing may continue at step 504 and another streaming captcha may be composed. In an embodiment, a few additional different streaming captchas may be composed in the event the timer continues to expire, otherwise a failure message may be sent to a client device. If it may be determined that the timer has not expired, then the character string received may be verified at step 514 to be the same captcha character string displayed in the streaming captcha. The server may send an indication of the verification to the client device at step 516 and processing may be finished.
Thus the present invention may be used by online applications to make it difficult for social engineering and automated image analysis to circumvent online verification of a user by a captcha. Advantageously, the background part of the video stream may vary continuously to make it harder for an automated tool to identify the individual elements of a streaming captcha such as image boundaries. Moreover, transition effects may vary the way each of the characters in the character sequence is presented. By applying timing constraints on the user's response, it may also make it much harder to defeat the streaming captcha by social engineering or image analysis.
As can be seen from the foregoing detailed description, the present invention provides an improved system and method using a streaming captcha for online verification. A request sent by a client device may be received by a server to serve a streaming captcha to the client device. A server may compose a streaming captcha, and the streaming captcha may be streamed to the client device. The streaming captcha may be displayed on the client device, and a character string input by a user may be received in response to display of the streaming captcha. The character string received may be sent to the server for verification that the character string received is the same as the captcha character string displayed in the streaming captcha. The server may then send an indication of the verification to the client device. Many online applications may use a streaming captcha to distinguish a human user from automated agent or machine process. Accordingly, the system and method provide significant advantages and benefits needed in contemporary computing and in online applications.
While the invention is susceptible to various modifications and alternative constructions, certain illustrated embodiments thereof are shown in the drawings and have been described above in detail. It should be understood, however, that there is no intention to limit the invention to the specific forms disclosed, but on the contrary, the intention is to cover all modifications, alternative constructions, and equivalents falling within the spirit and scope of the invention.
