专利汇可以提供SYSTEM FOR DYNAMIC IMAGE CAPTCHA专利检索,专利查询,专利分析的服务。并且The invention is related to a "Completely Automated Public Turing test to Tell Computer and Human Apart" (throughout the following abbreviated by "CAPTCHA"), and in particular to a method for providing a CAPTCHA employing dynamic images and a system therefor.,下面是SYSTEM FOR DYNAMIC IMAGE CAPTCHA专利的具体信息内容。
The invention is related to a "Completely Automated Public Turing test to Tell Computer and Human Apart" (throughout the following abbreviated by "CAPTCHA"), and in particular to a method for providing a CAPTCHA employing dynamic images and a system therefor.
Nowadays, the life without the Internet and online services is not imaginable. Internet sites and online services are growing daily, and respectively, the related dangers are growing in parallel. One of these kinds of dangers is kind of Internet bots, which try to pose themselves as a human and act like a human. An Internet bot (in the following also shortly termed "bot") can perform simple and structured tasks, which it is programmed for, in many times faster than a human. It can, for instance, create a free e-mail account (or many e-mail accounts) for a likely malicious (or even commercial) purpose. Bots can also disturb an online appointment system or voting system by filling forms thousands of times to a certain option. To cope with such a problem, many Internet service providers (e. g. Google) use a technology named CAPTCHA (Completely Automated Public Turing test to Tell Computer and Human Apart). The CAPTCHA technology employs programs that protect web based services against malicious bots by generating and grading tests that humans can easily pass, but current computer programs cannot or increase their costs [4]. For instance, a human can read distorted text (as illustrated in
The CAPTCHAs are used in several web based services in different stages like creating accounts, reseting passwords or against dictionary attacks to any online account during login process. In addition, it is used in wide varity of online sevices like poles, appointmnets, news groups, blogs, etc.
The following list itemizes various state-of-the-art types of CAPTCHAs:
Note that in case that any degradation on the content is used (on image or audio video), the level of difficulty of test is increased by increasing the degradation parameters (like amount of noise, radiation, etc.). The CAPTCHA service providers use those parameters to increase the difficulty in case that they suspect that the requested user is a potential bot. It leads to low quality of experience for real users.
A further widely used CAPTCHA type known from the prior art is the concept of "reCAPTCHA". Detailed information thereon can be found in Refs. [6] and [11]. Google describes the concept as follows [10]:
Further according to Google [10], main applications of the reCAPTCHA concept are:
Whereas the above described types of CAPTCHAs proof powerful in resisting fully machine driven attempts to pass the CAPTCHA, they may fail when humans at least partly contribute to these attempts. One possibility to systematically deploy human intelligence in order to pass CAPTCHAs makes use of "crowdsourcing". The crowdsourcing micro-task platforms provide human intelligence as a service through API. This will be explained in the following.
According to Ref. [13], "crowdsourcing is an innovative way of organizing jobs and workers. The collaborative brainstorming enables hundreds or even thousands of people to contribute their thoughts and energies to a single task and can support complicated jobs that conventional means could never manage. Crowdsourcing uses an Internet task market, usually called a crowdsourcing platform, to connect workers to jobs. It enables those workers to take the kinds of jobs that they like and to complete those jobs when and where they want. Employers can find the kinds of workers they need, with the specific skills for their jobs, and pay for only the amount of work they need."
Thus, it is possible to include human intelligence, using a crowdsourcing micro-task platform API, in the attack process such that the bot tries to fraudulently or maliciously make an image from the CAPTCHA/reCAPTCHA question and automatically deliver it to an unaware "human", who is working on a normal task in crowdsourcing platform, and use his/her answer to solve the CAPTCHA/reCAPTCHA question. Then, one will be faced with a "human/machine" cooperation, which can break the security that has been putting on under attacked web base services. In particular, the questioner model of reCAPTCHA could also be learned by the techniques of machine learning and may eventually be circumvented.
As a consequence, there is a need for the provision of a CAPTCHA that cannot be circumvented (i. e., reliably be passed) by techniques employing crowdsourcing, or that at least considerably impede attempts to pass the CAPTCHA by those techniques.
The object of the present invention is thus the provision of a method and a system that provide a CAPTCHA that cannot be circumvented (i. e., reliably be passed) by techniques employing crowdsourcing, or that at least considerably impede attempts to pass the CAPTCHA by techniques using crowdsourcing.
This object is achieved by the method and the system with the features as disclosed by the claims presented in this document.
The present invention - termed "Dynamic Image CAPTCHA" (in the following also shortly referred to as "DIC") - employs techniques (e. g. dynamic images, time limitation as a technique for cope with the threats of crowdsourcing) to tackle the above-identified problem with any kinds of the Internet bots. In the following, a new method for a more secure CAPTCHA system based on dynamic imaging will be described, which comprises countermeasures also against social media hacking.
One aspect of the invention relates to a method for providing a CAPTCHA (completely automated public Turing test to tell computers and humans apart). The method comprises the steps:
Here, a "set of pictures" (as generated in step (lb)) denotes an unordered collection of pictures. An order of the pictures of such a set (or subset of the set) is then established in step (1b"') by the generation of an "enumeration". However, as the enumeration is not intrinsic to the set, the pictures of a set can be re-enumerated when this appears appropriate.
The term "presentation time" refers to the time a certain picture is shown to the user, when the pictures of the set of pictures are consecutively presented to the user.
The expression "confirmation action" relates to any action of a user that is performed during the presentation time of a picture, and which is suitable to notify the browser or web application that the shown picture shall be chosen by the user. Preferably, the user chooses a picture, when he/she assumes that the picture represent the "true" answer on the question or request he/she has been asked before (in step (1c)).
In one embodiment, the method is performed such that in step (1b), the set of pictures is generated by choosing a set from a pool of fixed sets of pictures being held available on the server.
In one embodiment, the method is performed such that in step (1b), the set of pictures is generated by choosing at least two pictures from a pool of pictures being held available on the server.
In a preferred embodiment of the method, the method is performed such that:
Preferably, in step (1b"), the distribution of the pictures to the subsets is carried out by the server, and step (1b") comprises the further substep of:
wherein in step (1b"'), for at least part of the subsets, the enumeration for the pictures is generated by the server, and wherein step (1b"') comprises a further substep of:
Further, step (1b") and/or step (1b'") may be performed by the browser or web application.
Also, when all pictures have been presented without detection of a confirmation action in step (1e), steps (1f) to (1h) may be replaced by the following step:
Note that in the latter case, steps (1f) to (1h) may be without any effect.
Moreover, when all pictures have been presented without detection of a confirmation action in step (1e), steps (1d) and (1e) may be repeated,
According to one embodiment, for each of the subsets, the number of pictures in the subset is between 2 and 20, preferably between 3 and 10, and most preferably 4 or 5.
According to one embodiment, the presentation time for each of the presented pictures is between 0.5 to 10 seconds, preferably between 1 to 5 seconds, and most preferably between 2 to 4 seconds.
When a predetermined maximum time is exceeded, the following step may be performed:
In one embodiment of the method, the followings steps may be performed:
wherein the new set of pictures is different from the previously generated set(s) of pictures;
wherein the repetition according to any one of steps (i) and (ii) is limited to a predetermined maximum number, the maximum number being set preferably to 1, 2, or 3.
In one embodiment of the method, the following step may be performed:
wherein the new question generated in step (1b') is different from the previously generated question(s),
wherein the repetition according to step (a) is limited to a predetermined maximum number, the maximum number being set preferably to 1, 2, or 3.
In one embodiment of the method, the following step may be performed:
wherein the new set of pictures is different from the previously generated set(s) of pictures,
wherein the new question is different from the previously generated question(s), and
wherein the repetition according to step (A) is limited to a predetermined maximum number, the maximum number being set preferably to 1, 2, or 3.
In a further embodiment of the method, step (1f) comprises additionally: sending a secret code of the client to the server; and step (1 g) comprises additionally: receiving the secret code and using the secret code for authenticating the client.
Here, a "secret code" is an identifier of the client which is kept secret on the client side machines and bound to them. It is used for authenticating the client.
A further aspect of the invention relates to a system for providing a completely automated public Turing test to tell computers and humans apart (CAPTCHA), according to the method described above. Said system comprises:
In particular, the server is configured for:
Further, the browser or web application is configured for:
In one embodiment of the system, either the server or the browser or web application is configured for:
In one embodiment of the system, either the server or the browser or web application is configured for:
In one embodiment of the system, either the server or the browser or web application is configured for:
Other aspects, features, and advantages will be apparent from the summary above, as well as from the description that follows, including the figures and the claims.
In the following, it will be described how to cope, according to the invention, with the above-identified problems. In the system and the method of the invention (DIC technology), the DIC service provider has a server with many dynamic pictures; these pictures can have any content (commercial, pedagogical or whatever a provider wants to show). Depending on the topics of the images, there will be a question and a single answer, but the user will see a set of N pictures, which is changing periodically (meaning every x seconds, another set of images will be shown). The user will be asked, for instance, to click on the "true" image(s) in the image set, i. e., on one (or more) of said N pictures that have been pre-assigned to the question. In other words, as the picture set is shown in chronological order, the user has to wait till he/she sees the true picture and then click on it. The periodical changes of image set leads to tackle any abuse with crowdsourcing technology. As time limitation on DIC expires, answers will not be accepted anymore and:
The combination of a DIC as above and time limitation makes it possible to provide a new human-computer detection test, which can be both, safer against bots and more attractive for any online service provider (or even business companies). The idea is that one needs not to be worried, if the HTML code of this CAPTCHA would be available for everyone, because the important point here is the approach being employed to secure the CAPTCHA. This approach, an example of the DIC technique according to the invention, is preferably based on a main DIC server, which holds a number of diverse dynamic pictures (and corresponding questions). In the DIC server, each picture has a unique identifier, according to which the server later can decide, whether or not the image chosen by the user is the correct one. More precisely, the server knows that the image with a certain unique identifier (e. g. TE1236Xr1) is the correct answer. Note that each time a new temporary identifier is created for each image before sending to the client. Therefore, a client does not reveal the real identifier of specific image. When the user clicks on one of the images, the corresponding (intermediate) code/identifier is sent back to the DIC server, and then the server compares the returned identifier with that one it knows as the correct answer. If they are equal, the task is successfully done, and if not, a new set of pictures or question depending on the implementation policy would be taken.
An example of the DIC approach according to the invention is shown in
As to the first set of pictures (i. e., the set shown in column A), a likely question could be: "Question 1 - please select all pictures containing smiles!" Then, the user should click within the third second (T3) after the DIC has been started (marked by the arrow in the field given by column A and row T3).
The (funny) question associated with the second set of pictures (set depicted in column B) may be: "Question 2 - which picture represents a person who has children in teen age?" The answer is then given by the "true picture" depicted at column B/row T2 (again marked by an arrow).
While the invention has been illustrated and described in detail in the drawings and foregoing description, such illustration and description are to be considered illustrative or exemplary and not restrictive. It will be understood that changes and modifications may be made by those of ordinary skill within the scope of the following claims. In particular, the present invention covers further embodiments with any combination of features from different embodiments described above and below.
Furthermore, in the claims the word "comprising" does not exclude other elements or steps, and the indefinite article "a" or "an" does not exclude a plurality. A single unit may fulfil the functions of several features recited in the claims. The terms "essentially", "about", "approximately" and the like in connection with an attribute or a value particularly also define exactly the attribute or exactly the value, respectively. Any reference signs in the claims should not be construed as limiting the scope.
标题 | 发布/更新时间 | 阅读量 |
---|---|---|
使用智能图像反钓鱼的方法、系统、移动设备和介质 | 2020-05-12 | 283 |
基于图灵测试的用户认证和用户在场验证系统、设备和方法 | 2020-05-17 | 689 |
一种验证方法和装置、计算机设备以及计算机存储介质 | 2020-05-13 | 54 |
基于匿名服务器的用户设置保护 | 2020-05-13 | 393 |
智能聊天机器人控制方法及控制装置 | 2020-05-25 | 723 |
System and method of providing and validating enhanced CAPTCHAs | 2020-05-22 | 816 |
No-CAPTCHA CAPTCHA | 2020-05-24 | 211 |
CAPTCHA IMAGE SCRAMBLE | 2020-05-25 | 502 |
SYSTEM AND METHOD OF PROVIDING AND VALIDATING ENHANCED CAPTCHAS | 2020-05-20 | 242 |
SYSTEM FOR DYNAMIC IMAGE CAPTCHA | 2020-05-16 | 990 |
高效检索全球专利专利汇是专利免费检索,专利查询,专利分析-国家发明专利查询检索分析平台,是提供专利分析,专利查询,专利检索等数据服务功能的知识产权数据服务商。
我们的产品包含105个国家的1.26亿组数据,免费查、免费专利分析。
专利汇分析报告产品可以对行业情报数据进行梳理分析,涉及维度包括行业专利基本状况分析、地域分析、技术分析、发明人分析、申请人分析、专利权人分析、失效分析、核心专利分析、法律分析、研发重点分析、企业专利处境分析、技术处境分析、专利寿命分析、企业定位分析、引证分析等超过60个分析角度,系统通过AI智能系统对图表进行解读,只需1分钟,一键生成行业专利分析报告。