Secure captcha test

US 10,356,073 B2
Filed: 08/29/2016
Issued: 07/16/2019
Est. Priority Date: 08/29/2016
Status: Active Grant

First Claim

Patent Images

1. A system comprising a processor;

and a memory to store data used by the processor, wherein the processor is operative to;

run a web browser application that is operative when run to;

retrieve and present a web page of a website in a browser window; and

in response to the website requesting performance of a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) challenge process, request a CAPTCHA challenge application to perform the CAPTCHA challenge process; and

run the CAPTCHA challenge application separately from the web browser application so that the CAPTCHA challenge application can implement defenses that are stronger than the defenses allowed by the web browser application, the defenses including at least one of an anti-grabbing defense or an anti-debugging defense, wherein the CAPTCHA challenge application is operative when run to;

obtain the CAPTCHA challenge test from an authentication server in response to the request to perform the CAPTCHA challenge process;

render a CAPTCHA window including the CAPTCHA challenge test separately from the browser window, but over the web page included in the browser window;

protect the CAPTCHA challenge application with the defenses and/or a secure enclave which is not accessible to an operating system on which the web browser application runs and other applications;

move the CAPTCHA window to track a size and/or a position of the browser window so that the CAPTCHA window appears to be integrated into the web page as the browser window is resized and/or repositioned;

send, to the authentication server, a value based on a user response to the CAPTCHA challenge test; and

obtain a response from the authentication server authenticating the user response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a system including a processor to run a web browser application and a CAPTCHA challenge application, wherein the web browser application is operative when run to retrieve and present a web page of a website, obtain a request from the website requesting performance of a CAPTCHA challenge process, and request the CAPTCHA challenge application to perform the CAPTCHA challenge process, the CAPTCHA challenge application is operative when run to request a CAPTCHA challenge test from an authentication server, obtain the CAPTCHA challenge test, render a CAPTCHA window including the CAPTCHA challenge test, obtain a user response to the CAPTCHA challenge test, send a value based on the user response to the authentication server, and obtain a response from the authentication server authenticating the user response, and the CAPTCHA challenge application and the web browser application are run as different processes by the processor.

Citations

20 Claims

1. A system comprising a processor;
- and a memory to store data used by the processor, wherein the processor is operative to;
  
  run a web browser application that is operative when run to;
  
  retrieve and present a web page of a website in a browser window; and
  
  in response to the website requesting performance of a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) challenge process, request a CAPTCHA challenge application to perform the CAPTCHA challenge process; and
  
  run the CAPTCHA challenge application separately from the web browser application so that the CAPTCHA challenge application can implement defenses that are stronger than the defenses allowed by the web browser application, the defenses including at least one of an anti-grabbing defense or an anti-debugging defense, wherein the CAPTCHA challenge application is operative when run to;
  
  obtain the CAPTCHA challenge test from an authentication server in response to the request to perform the CAPTCHA challenge process;
  
  render a CAPTCHA window including the CAPTCHA challenge test separately from the browser window, but over the web page included in the browser window;
  
  protect the CAPTCHA challenge application with the defenses and/or a secure enclave which is not accessible to an operating system on which the web browser application runs and other applications;
  
  move the CAPTCHA window to track a size and/or a position of the browser window so that the CAPTCHA window appears to be integrated into the web page as the browser window is resized and/or repositioned;
  
  send, to the authentication server, a value based on a user response to the CAPTCHA challenge test; and
  
  obtain a response from the authentication server authenticating the user response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system according to claim 1, wherein the web browser application does not control the CAPTCHA window.
  - 3. The system according to claim 1, wherein:
    - the CAPTCHA challenge application is further operative to;
      
      obtain an authentication token and/or a cookie from the authentication server authenticating the user response; and
      
      send the authentication token and/or the cookie to the web browser application for forwarding to the website.
  - 4. The system according to claim 1, wherein, in sending, the CAPTCHA challenge application is operative to send the value to the authentication server via a secure channel.
  - 5. The system according to claim 1, wherein the web browser application is operative to communicate with the CAPTCHA challenge application via an inter-process communication.
  - 6. The system according to claim 1, wherein the CAPTCHA challenge application is further operative to:
    - track a presence and a position of at least one overlay on the browser window; and
      
      render the CAPTCHA window over the web page so that the CAPTCHA window appears to be integrated into the web page when the at least one overlay is on the browser window.
  - 7. The system according to claim 1, further comprising a graphics controller, wherein:
    - the processor is operative to run the operating system; and
      
      the graphics controller is operative to process the CAPTCHA window for output to the display device, wherein the processing of the CAPTCHA window by the graphics controller is not accessible to the operating system.
  - 8. The system according to claim 1, wherein the defenses that are stronger than the defenses allowed by the web browser application included defenses designed to address attacks by an adversary who has full privileged access on the processor.

9. A method comprising:
- in response to a request from a web browser application to perform a Completely Automated Public Turning test to tell Computers and Human Apart (CAPTCHA) challenge process, obtaining a CAPTCHA challenge test from an authentication server;
  
  rendering a CAPTCHA window including the CAPTCHA challenge test separately from a browser window in which the web browser application is presenting a web page of a website, so that defenses which are stronger than defenses allowed by the web browser application can be implemented on the CAPTCHA window, the defenses including at least one of an anti-grabbing defense or an anti-debugging defense;
  
  protecting the CAPTCHA challenge application with the defenses and/or a secure enclave which is not accessible to the operating system on which the web browser application runs and other applications;
  
  moving the CAPTCHA window to track a size and/or a position of the browser window so that the CAPTCHA window is rendered over the web page included in the browser window and appears to be integrated into the web page as the browser window is resized and/or repositioned;
  
  sending, to the authentication server, a value based on a user response to the CAPTCHA challenge test; and
  
  obtaining a response from the authentication server authenticating the user response.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method according to claim 9, wherein the web browser application does not control the CAPTCHA window.
  - 11. The method according to claim 9, further comprising:
    - obtaining an authentication token and/or a cookie from the authentication server authenticating the user response; and
      
      sending the authentication token and/or the cookie to the web browser application for forwarding to the website.
  - 12. The method according to claim 9, wherein the sending further comprises:
    - sending the value to the authentication server via a secure channel.
  - 13. The method according to claim 9, further comprising:
    - obtaining the request from the web browser application via an inter-process communication.
  - 14. The method according to claim 9, further comprising:
    - tracking a presence and a position of at least one overlay on the browser window; and
      
      rendering the CAPTCHA window over the web page so that the CAPTCHA window appears to be integrated into the web page when the at least one overlay is on the browser window.
  - 15. The method according to claim 9, wherein the defenses which are stronger than defenses allowed by the web browser application can be implemented on the CAPTCHA window include defenses designed to address attacks by an adversary who has full privileged access on the processor.

16. A software product, comprising a non-transient computer-readable medium in which program instructions are stored, which instructions, when read by a processor, cause the processor to:
- in response to a request from a web browser application to perform a Completely Automated Public Turning test to tell Computers and Human Apart (CAPTCHA) challenge process, obtain a CAPTCHA challenge test from an authentication server;
  
  render a CAPTCHA window including the CAPTCHA challenge test separately from a browser window in which the web browser application is presenting a web page of a website, so that defenses which are stronger than defenses allowed by the web browser application can be implemented on the CAPTCHA window, the defenses including at least one of an anti-grabbing defense or an anti-debugging defense;
  
  protect the CAPTCHA challenge application with the defenses and/or a secure enclave which is not accessible to an operating system on which the web browser application runs and other applications;
  
  move the CAPTCHA window to track a size and/or a position of the browser window so that the CAPTCHA window is rendered over the web page included in the browser window and appears to be integrated into the web page as the browser window is resized and/or repositioned;
  
  send, to the authentication server, a value based on a user response to the CAPTCHA challenge test;
  
  obtain a response from the authentication server authenticating the user response.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The software product of claim 16, wherein the instructions, when read by a processor, further cause the processor to:
    - track a presence and a position of at least one overlay on the browser window; and
      
      render the CAPTCHA window over the web page so that the CAPTCHA window appears to be integrated into the web page when the at least one overlay is on the browser window.
  - 18. The software product of claim 16, wherein the defenses which are stronger than defenses allowed by the web browser application can be implemented on the CAPTCHA window include defenses designed to address attacks by an adversary who has full privileged access on the processor.
  - 19. The software product of claim 16, wherein the web browser application does not control the CAPTCHA window.
  - 20. The software product of claim 16, wherein the instructions, when read by a processor, further cause the processor to:
    - obtain the request from the web browser application via an inter-process communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Gonen, Gil, Haber, Ronen, Haenel, Arie
Primary Examiner(s)
Pham, Luu T
Assistant Examiner(s)
Wilcox, James J

Application Number

US15/249,493
Publication Number

US 20180063107A1
Time in Patent Office

1,051 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2133   Verifying human interaction...

G06F 3/14   Digital output to display d...

G09G 2340/0464   Positioning

G09G 2340/12   Overlay of images, i.e. dis...

G09G 2358/00   Arrangements for display da...

G09G 5/14   Display of multiple viewports

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/18   using different networks or...

Secure captcha test

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure captcha test

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links