SECURING PASSWORDS WITH CAPTCHA BASED HASH WHEN USED OVER THE WEB
First Claim
1. A method, implemented by a server computing system programmed to perform the following, comprising:
- sending, by the server, a web page over a network to a client, the web page comprising a CAPTCHA challenge, a request for a CAPTCHA answer for the challenge, a graphical user interface for receiving a user identifier and a password, and a security script, the security script to be executed by the client to generate a client hash value from password data and a CAPTCHA answer received from a user;
receiving, by the server, the generated hash value from the client;
computing, by the server, a server hash value for password data for the user that is stored in a data store coupled to the server and a CAPTCHA answer that is stored in the data store;
determining, by the server, whether the server hash value matches the client hash value; and
granting, by the server, data access to the user based on a determination that the values match and denying data access to the user based on a determination that the values do not match.
1 Assignment
0 Petitions
Accused Products
Abstract
A password security system, hosted by a server, sends a web page over a network to a client, that includes a CAPTCHA challenge, a request for a CAPTCHA answer, a graphical user interface for receiving a user identifier and a password, and a security script. The security script is to be executed by the client to generate a client hash value from password data and a CAPTCHA answer that is received from a user. The system receives the client hash value and computes a server hash value for password data for the user and a CAPTCHA answer that is stored in a data store that is coupled to the server. The system determines whether the server hash value matches the client hash value, and grants data access to the user when the values match and denies data access to the user when the values do not match.
94 Citations
20 Claims
-
1. A method, implemented by a server computing system programmed to perform the following, comprising:
-
sending, by the server, a web page over a network to a client, the web page comprising a CAPTCHA challenge, a request for a CAPTCHA answer for the challenge, a graphical user interface for receiving a user identifier and a password, and a security script, the security script to be executed by the client to generate a client hash value from password data and a CAPTCHA answer received from a user; receiving, by the server, the generated hash value from the client; computing, by the server, a server hash value for password data for the user that is stored in a data store coupled to the server and a CAPTCHA answer that is stored in the data store; determining, by the server, whether the server hash value matches the client hash value; and granting, by the server, data access to the user based on a determination that the values match and denying data access to the user based on a determination that the values do not match. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
a persistent storage unit to store a CAPTCHA challenge, a CAPTCHA answer, password data for a user, and a security script; and a processor coupled to the persistent storage unit to send a web page over a network to the client, the web page comprising the CAPTCHA challenge, a request for a CAPTCHA answer for the challenge, a graphical user interface for receiving a user identifier and a password, and the security script, the security script to be executed by the client to generate a client hash value from password data and a CAPTCHA answer received from the user, to receive the generated hash value from the client, to compute a server hash value for the password data for the user that is stored in the persistent storage unit and a CAPTCHA answer that is stored in the persistent storage unit, to determine whether the server hash value matches the client hash value, and to grant data access to the user based on a determination that the values match and to deny data access to the user based on a determination that the values do not match. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer-readable storage medium including instructions that, when executed by a computer system, cause the computer system to perform a set of operations comprising:
-
sending a web page over a network to a client, the web page comprising a CAPTCHA challenge, a request for a CAPTCHA answer for the challenge, a graphical user interface for receiving a user identifier and a password, and a security script, the security script to be executed by the client to generate a client hash value from password data and a CAPTCHA answer received from a user; receiving the generated hash value from the client; computing a server hash value for password data for the user that is stored in a data store coupled to the computer system and a CAPTCHA answer that is stored in the data store; determining whether the server hash value matches the client hash value; and granting data access to the user based on a determination that the values match and denying data access to the user based on a determination that the values do not match. - View Dependent Claims (13, 14)
-
-
15. A method, implemented by a client computing system programmed to perform the following, comprising:
-
receiving, by the client, a web page over a network from a server, the web page comprising a CAPTCHA challenge, a request for a CAPTCHA answer for the challenge, a graphical user interface for receiving a user identifier and a password, and a security script, the security script to be executed by the client to generate a client hash value from password data and a CAPTCHA answer received from a user; receiving, by the client, user input of a password and a CAPTCHA answer for the CAPTCHA challenge, via presenting the web page to the user; executing, by the client, the security script to generate the client hash value from the password data and the CAPTCHA answer received from the user; and sending, by the client, the client hash value to the server. - View Dependent Claims (16, 17, 18)
-
-
19. A computer-readable storage medium including instructions that, when executed by a computer system, cause the computer system to perform a set of operations comprising:
-
receiving a web page over a network from a server, the web page comprising a CAPTCHA challenge, a request for a CAPTCHA answer for the challenge, a graphical user interface for receiving a user identifier and a password, and a security script, the security script to be executed by the computer system to generate a client hash value from password data and a CAPTCHA answer received from a user; receiving user input of a password and a CAPTCHA answer for the CAPTCHA challenge, via presenting the web page to the user; executing the security script to generate the client hash value from the password data and the CAPTCHA answer received from the user; and sending the client hash value to the server. - View Dependent Claims (20)
-
Specification