PREVENTING ABUSE OF SERVICES THROUGH INFRASTRUCTURE INCOMPATIBILITY

US 20110314540A1
Filed: 06/22/2010
Published: 12/22/2011
Est. Priority Date: 06/22/2010
Status: Active Grant

First Claim

Patent Images

1. A method of preventing an abuser from gaining access to a service, the method comprising:

using a processor to perform acts comprising;

identifying a feature of an infrastructure that a spammer uses to register for said service;

presenting a registration page that allows a user to register for said service;

including, in said registration page, a Human Interaction Proof (HIP) challenge, wherein said HIP challenge comprises an aspect that is incompatible with said feature in that said feature prevents said infrastructure from being used to solve said HIP challenge;

determining that said user has solved said HIP challenge; and

based on said determining, allowing said user to register for said service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Spammers, and other abusers of web services, may be deterred in their attempts to sign up for these services at large scale by making changes to the service registration procedure, where the changes are designed to break the spammer'"'"'s infrastructure. In one example, a procedure to register for a web service involves presenting a Human Interaction Proof (HIP, or “captcha”) to the user, and gating access to the service upon receipt of a correct solution. If spammers use botnets and/or image capture techniques to initiate registration processes and to transport the HIPs to human or automated solvers, then the registration procedure can be changed in a way that is incompatible with capturing these images, or in a way that is incompatible with receiving HIP solutions from someplace other than the location at which registration was initiated.

10 Citations

View as Search Results

20 Claims

1. A method of preventing an abuser from gaining access to a service, the method comprising:
- using a processor to perform acts comprising;
  
  identifying a feature of an infrastructure that a spammer uses to register for said service;
  
  presenting a registration page that allows a user to register for said service;
  
  including, in said registration page, a Human Interaction Proof (HIP) challenge, wherein said HIP challenge comprises an aspect that is incompatible with said feature in that said feature prevents said infrastructure from being used to solve said HIP challenge;
  
  determining that said user has solved said HIP challenge; and
  
  based on said determining, allowing said user to register for said service.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said feature comprises an ability to capture still images on a machine and to transfer captured images to a location remote from said machine, and wherein said aspect comprises presenting said HIP challenge as a non-still image.
  - 3. The method of claim 1, wherein said feature comprises an ability to capture images in an image format on a machine and to transfer captured images to a location remote from said machine, and wherein said aspect comprises including, in said registration page, a program that executes on a browser of said user to produce an image of said HIP challenge.
  - 4. The method of claim 1, wherein said feature comprises:
    - use of a bot on a first machine to initiate a process of registering for said service and to capture said HIP challenge; and
      
      an ability to send, from a second machine to a registration server, a solution to said HIP challenge, wherein said second machine is distinct from said first machine;
      
      and wherein said aspect comprises insisting that said solution be received from the same machine that initiates said process of registering.
  - 5. The method of claim 1, wherein said feature comprises capturing said HIP challenge as a single image, and wherein said aspect comprises revealing said image in plural stages.
  - 6. The method of claim 1, wherein said feature comprises an ability to capture said HIP challenge without use of a code that is shared between a machine that initiates a registration process and a server that provides said registration page, and wherein said aspect comprises using a code as part of presenting said HIP challenge or as part of sending a solution to said HIP challenge.
  - 7. The method of claim 1, wherein said HIP challenge is presented by:
    - including, in said page, a program that reveals a first portion of said HIP challenge, wherein said program exchanges a code with a server and uses said code to transmit a solution to said first portion, whereupon a second portion of said HIP challenge is revealed only in response to transmitting a correct solution, with said code, to said server.

8. One or more computer-readable storage media that store executable instructions to prevent an abuser from gaining access to a service, wherein said executable instructions, when executed by a computer, cause the computer to perform acts comprising:
- identifying a feature of an infrastructure that an entity uses to register for said service;
  
  including, in a registration page for said service, a Human Interaction Proof (HIP) challenge, wherein said HIP challenge comprises an aspect that is incompatible with said feature in that said feature prevents said infrastructure from being used to solve said HIP challenge;
  
  receiving, from a user, a solution to said HIP challenge; and
  
  allowing said user to register for said service based on a determination that said user has solved said HIP challenge.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The one or more computer-readable storage media of claim 8, wherein said feature comprises an ability to capture still images on a machine, and wherein said aspect comprises presenting said HIP challenge as a non-still image.
  - 10. The one or more computer-readable storage media of claim 8, wherein said feature comprises an ability to capture images in an image format on a machine, and wherein said aspect comprises including, in said registration page, a program that executes on a browser of said user to produce an image of said HIP challenge.
  - 11. The one or more computer-readable storage media of claim 8, wherein said feature comprises:
    - use of a bot on a first machine to initiate a process of registering for said service and to capture said HIP challenge; and
      
      an ability to send, from a second machine to a registration server, a solution to said HIP challenge, wherein said second machine is distinct from said first machine; and
      
      wherein said aspect comprises insisting that said solution be received from the same machine that initiates said process of registering.
  - 12. The one or more computer-readable storage media of claim 8, wherein said feature comprises capturing said HIP challenge as a single image, and wherein said aspect comprises revealing said image in plural stages.
  - 13. The one or more computer-readable storage media of claim 8, wherein said feature comprises an ability to capture said HIP challenge without use of a code that is shared between a machine that initiates a registration process and a server that provides said registration page, and wherein said aspect comprises using a code as part of presenting said HIP challenge or as part of sending a solution to said HIP challenge.
  - 14. The one or more computer-readable storage media of claim 8, wherein said acts further comprise:
    - including, in said page, a program that reveals a first portion of said HIP challenge, wherein said program exchanges a code with a server and uses said code to transmit a solution to said first portion, whereupon a second portion of said HIP challenge is revealed only in response to transmitting a correct solution, with said code, to said server.

15. A system for preventing an abuser from gaining access to a service, the system comprising:
- a memory;
  
  a processor; and
  
  a component that is stored in said memory and executes on said processor, that identifies a feature of an infrastructure that a spammer uses to register for said service, presenting a registration page that allows a user to register for said service, that includes, in said registration page, a Human Interaction Proof (HIP) challenge, wherein said HIP challenge comprises an aspect that prevents said infrastructure from being used to solve said HIP challenge, and that allows said user to register for said service based on a determination that said user has solved said HIP challenge.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein said feature comprises an ability to capture still images on a machine and to transfer captured images to a location remote from said machine, and wherein said aspect comprises presenting said HIP challenge as a non-still image.
  - 17. The system of claim 15, wherein said feature comprises an ability to capture images in an image format on a machine and to transfer captured images to a location remote from said machine, and wherein said aspect comprises including, in said registration page, a program that executes on a browser of said user to produce an image of said HIP challenge.
  - 18. The system of claim 15, wherein said feature comprises:
    - use of a bot on a first machine to initiate a process of registering for said service and to capture said HIP challenge; and
      
      an ability to send, from a second machine to a registration server, a solution to said HIP challenge, wherein said second machine is distinct from said first machine; and
      
      wherein said aspect comprises insisting that said solution be received from the same machine that initiates said process of registering.
  - 19. The system of claim 15, wherein said feature comprises capturing said HIP challenge as a single image, and wherein said aspect comprises revealing said image in plural stages.
  - 20. The system of claim 15, wherein said HIP challenge is presented by:
    - including, in said page, a program that reveals a first portion of said HIP challenge, wherein said program exchanges a code with a server and uses said code to transmit a solution to said first portion, whereupon a second portion of said HIP challenge is revealed only in response to transmitting a correct solution, with said code, to said server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Poluri, Ravi Kiran R., Li, Weisheng, Guo, Wei-Quiang Michael, Shami, Usman A.

Granted Patent

US 8,745,729 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/21
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2117   User registration

G06F 2221/2133   Verifying human interaction...

PREVENTING ABUSE OF SERVICES THROUGH INFRASTRUCTURE INCOMPATIBILITY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

PREVENTING ABUSE OF SERVICES THROUGH INFRASTRUCTURE INCOMPATIBILITY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others