Stateless Human Detection For Real-Time Messaging Systems
First Claim
1. A method, comprising:
- receiving an electronic message from a sender;
determining if the electronic message includes a sender response to a previously issued challenge;
if the electronic message does not include a response to a previously issued challenge;
submitting a challenge to the sender to determine that the electronic message was sent from a human user;
transmitting the challenge to the sender in a challenge packet that includes encrypted information that, when returned from the sender and decrypted, is sufficient to identify the challenge and a challenge answer; and
wherein after the challenge packet is transmitted to the sender, no state related to the electronic message or the challenge is retained.
2 Assignments
0 Petitions
Accused Products
Abstract
Stateless human detection for real-time systems allows a real-time message system to challenge incoming messages suspected of being generated by an automated application. When a suspect message is detected, a challenge is presented to a sender of the message. The challenge is designed to require human intervention to provide a correct answer to the challenge. A challenge packet is sent with the challenge and includes a challenge answer and, possibly, a server identifier, a challenge identifier and/or a time stamp that can be used to prevent attacks on the challenge. The challenge packet is encrypted so that the sender cannot access the contents thereof. When the sender provides a response to the challenge, the sender returns the challenge packet. The challenge packet is decrypted and the challenge answer is compared to a sender answer. If the answers match, the sender is allowed subsequent access to the messaging system.
67 Citations
20 Claims
-
1. A method, comprising:
-
receiving an electronic message from a sender;
determining if the electronic message includes a sender response to a previously issued challenge;
if the electronic message does not include a response to a previously issued challenge;
submitting a challenge to the sender to determine that the electronic message was sent from a human user;
transmitting the challenge to the sender in a challenge packet that includes encrypted information that, when returned from the sender and decrypted, is sufficient to identify the challenge and a challenge answer; and
wherein after the challenge packet is transmitted to the sender, no state related to the electronic message or the challenge is retained. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. One or more computer-readable media having executable instructions stored thereon that, when executed, implement the following steps:
-
receiving a message from a sender;
determining that an interactive challenge should be issued to the sender to determine if the sender is a human user;
selecting a challenge and a corresponding challenge answer from a challenge library;
encrypting the challenge answer with a private certificate;
creating a challenge packet that includes at least the challenge and the encrypted challenge answer;
transmitting the challenge packet to the sender; and
wherein no state related to the message or the challenge is retained after the challenge packet is transmitted to the sender. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
a messaging module configured to send messages to and receive messages from at least one remote system;
a communications stack configured, among other things, to provide a challenge to a sender of an incoming message to determine if the sender is an automated application, the challenge being provided without saving any state related to the challenge or the incoming message;
a challenge library that stores a plurality of challenges and corresponding challenge answers in a fixed size data structure; and
a cryptographic module configured to encrypt a portion of a challenge packet that is transmitted with a challenge. - View Dependent Claims (19, 20)
-
Specification