COUNTERACTING RANDOM GUESS ATTACKS AGAINST HUMAN INTERACTIVE PROOFS WITH TOKEN BUCKETS

US 20090076965A1
Filed: 09/17/2007
Published: 03/19/2009
Est. Priority Date: 09/17/2007
Status: Abandoned Application

First Claim

Patent Images

1. A system for distinguishing between a human and non-human user, comprising:

a human interactive proof (HIP) challenge component that displays a HIP challenge to a user,HIP determination component that determines if the user is a human or non-human based upon a response to the challenge provided by the user, wherein the HIP determination component employs at least one token bucket associated with the user in making the determination.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method that facilitates and effectuates distinguishing a human from a non-human user. A human interactive proof (HIP) employs a token bucket algorithm in order to reduce the success rate for a non-human user employing a guessing or artificial intelligence to solve a substantial number of HIP challenges. The algorithm can employ token buckets associated with IP address and user session from which the user is attempting to solve the HIP challenge. If a token bucket is empty the algorithm can treat a correct response as incorrect and refill a portion of the buckets for a further attempt. This forces two correct responses to be received by a user within the refill quantity for the users bucket(s) before the user is identified as human.

79 Citations

View as Search Results

20 Claims

1. A system for distinguishing between a human and non-human user, comprising:
- a human interactive proof (HIP) challenge component that displays a HIP challenge to a user,HIP determination component that determines if the user is a human or non-human based upon a response to the challenge provided by the user, wherein the HIP determination component employs at least one token bucket associated with the user in making the determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein the token bucket is associated with an IP address from which the user is attempting to solve the challenge and the IP address token bucket is initialized to a predetermined initial value.
  - 3. The system of claim 2, wherein a user session token bucket is associated with a user session from which the user is attempting to solve the challenge and the user session token bucket is initialized to a current value of the IP address token bucket.
  - 4. The system of claim 3, wherein the HIP determination component subtracts at least one token from the IP address token bucket upon creation of a user session.
  - 5. The system of claim 4, wherein the HIP determination component subtracts at least one token from the IP address token bucket and subtracts one token from the user session token bucket upon the user submitting a response to the challenge.
  - 6. The system of claim 5, wherein the HIP determination component determines the user is non human if the token bucket is empty.
  - 7. The system of claim 5, wherein the HIP determination component determines that the user is non human or human based upon the response submitted by the user if the token bucket is not empty.
  - 8. The system of claim 7, wherein the HIP determination component refills the IP address token bucket and user session token bucket by a predetermined refill value if the user response is correct.
  - 9. The system of claim 1, wherein the HIP determination component initializes the token bucket to a predetermined initial value.
  - 10. The system of claim 9, wherein the HIP determination component subtracts at least one token from the token bucket upon the user submitting a response to the challenge.
  - 11. The system of claim 10, wherein the HIP determination component determines the user is non human if the token bucket is empty.
  - 12. The system of claim 10, wherein the HIP determination component determines that the user is non human or human based upon the response submitted by the user if the token bucket is not empty.
  - 13. The system of claim 12, wherein the HIP determination component refills the token bucket by a predetermined refill value if the user response is correct.

14. A method for distinguishing between a human and non-human user, comprising:
- displaying a HIP challenge to a user; and
  
  determining if the user is a human or non-human based upon a response to the challenge provided by the user, wherein at least one token bucket associated with the user is employed in making the determination.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, further comprising:
    - associating an IP address token bucket to the user that is associated with an IP address from which the user is attempting to solve the challenge;
      
      initializing the IP address token bucket to a predetermined initial value;
      
      associating a user session token bucket to the user that is associated with a user session from which the user is attempting to solve the challenge; and
      
      initializing the user session token bucket to a current value of the IP address token bucket.
  - 16. The method of claim 15, subtracting at least one token from the IP address token bucket upon creation of a user session.
  - 17. The method of claim 16, subtracting at least one token from the IP address token bucket and subtracting one token from the user session token bucket upon the user submitting a response to the challenge.
  - 18. The method of claim 17, further comprising:
    - determining that the user is non human if the token bucket is empty; and
      
      determining that the user non human or human based upon the response submitted by the user if the token bucket is not empty.
  - 19. The method of claim 18, refilling the IP address token bucket and user session token bucket by a predetermined refill value if the user response is correct.

20. A system for distinguishing between a human and non-human user, comprising:
- means for displaying a HIP challenge to a user; and
  
  means for determining if the user is a human or non-human based upon a response to the challenge provided by the user, wherein at least one token bucket associated with the user is employed in making the determination.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Elson, Jeremy Eric, Douceur, John R., Howell, Jonathan Ryan

Application Number

US11/856,367
Publication Number

US 20090076965A1
Time in Patent Office

Days
Field of Search
US Class Current

705/55
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06F 2221/2133   Verifying human interaction...

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

COUNTERACTING RANDOM GUESS ATTACKS AGAINST HUMAN INTERACTIVE PROOFS WITH TOKEN BUCKETS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

COUNTERACTING RANDOM GUESS ATTACKS AGAINST HUMAN INTERACTIVE PROOFS WITH TOKEN BUCKETS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links