Client-side CAPTCHA ceremony for user verification
First Claim
Patent Images
1. A method in a computer system with a processor and a memory for performing a local human verification ceremony, the method comprising:
- identifying an action to be performed on the computer system, the action being requested by possible malware executing on the computer system;
indicating that the local human verification ceremony needs to be performed before the identified action is performed, the local human verification ceremony requesting user verification to perform the identified action on the computer system;
creating a verification window that is digital rights management protected so that content of the verification window can be viewed, but cannot be copied or forwarded;
presenting to a user for viewing a CAPTCHA challenge as content of the verification window, wherein the CAPTCHA challenge displays an image of distorted text, further wherein the CAPTCHA challenge requests that the distorted text be entered in a response input-text-box;
upon receiving a request to copy or forward content of the verification window, suppressing the copying or forwarding of the verification window;
receiving from the user text input into the input-text-box;
determining by the computer system whether the text matches the distorted text; and
when it is determined that the received text does not match the distorted text, suppressing the performing of the identified action; and
when it is determined that the received text matches the distorted text, performing by the computer system the identified action.
2 Assignments
0 Petitions
Accused Products
Abstract
A facility for performing a local human verification ceremony to obtain user verification is provided. Upon determining that user verification is needed to perform an action on a computer system, the facility presents a CAPTCHA challenge requesting verification that the user wants the action performed on the computer system. Upon receiving a response, the facility compares the received response to an expected correct response. If the received response is the correct response, the facility authorizes the action to be performed.
-
Citations
17 Claims
-
1. A method in a computer system with a processor and a memory for performing a local human verification ceremony, the method comprising:
-
identifying an action to be performed on the computer system, the action being requested by possible malware executing on the computer system; indicating that the local human verification ceremony needs to be performed before the identified action is performed, the local human verification ceremony requesting user verification to perform the identified action on the computer system; creating a verification window that is digital rights management protected so that content of the verification window can be viewed, but cannot be copied or forwarded; presenting to a user for viewing a CAPTCHA challenge as content of the verification window, wherein the CAPTCHA challenge displays an image of distorted text, further wherein the CAPTCHA challenge requests that the distorted text be entered in a response input-text-box; upon receiving a request to copy or forward content of the verification window, suppressing the copying or forwarding of the verification window; receiving from the user text input into the input-text-box; determining by the computer system whether the text matches the distorted text; and when it is determined that the received text does not match the distorted text, suppressing the performing of the identified action; and when it is determined that the received text matches the distorted text, performing by the computer system the identified action. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-readable storage device whose contents cause a computer system to perform a local human verification ceremony, by a method comprising:
-
receiving from a process executing on the computer system a request to perform an action; determining that the local human verification ceremony needs to be performed before the action is performed because the action is being requested by possible malware, the local human verification ceremony requesting user verification to perform the action on the computer system; presenting to a user for user viewing a CAPTCHA challenge in a digital rights management (DRM) protected window to prevent copying of the CAPTCHA challenge, wherein the CAPTCHA challenge displays an image of an alpha-numeric string, further wherein the CAPTCHA challenge requests that the displayed alpha-numeric string be entered in a response input-text-box; receiving from the user content input into the input-text-box; determining by the computer system whether the received content matches the alpha-numeric string; when the received content does not match the alpha-numeric string, suppressing the performing of the action; and when the received content matches the alpha-numeric string, performing by the computer system the action wherein the human verification ceremony is performed locally on the computer system that executes the process that requests to perform the action and the action is performed locally on the computer system. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer system for performing a local human verification ceremony locally on the computer system that executes a process that requests to perform an action and for performing the action locally on the computer system, the system comprising:
-
a memory storing computer-executable instructions of; a component configured to receive from the process executing on the computer system a request to perform the action; a component configured to determine that the local human verification ceremony needs to be performed before the action is performed because the action is requested by possible malware executing on the computer system, wherein the local human verification ceremony requests user verification to perform the action on the computer system; a component that creates a verification window that is digital rights management protected so that content of the verification window can be viewed, but cannot be copied; a component configured to present a CAPTCHA challenge as content of the verification window, wherein the CAPTCHA challenge displays an image of distorted text, further wherein the CAPTCHA challenge requests that the distorted text be entered in a response input-text-box; a component that prevents the copying of content of the verification window; a component configured to receive a response to the CAPTCHA challenge, the component also configured to provide authorization to perform the action at the computer system upon determining by the computer system that the received response matches the displayed distorted text and to suppress the providing of authorization to perform the action upon determining that the received response does not match the displayed distorted text; and a processor executing the computer-executable instructions stored in the memory.
-
Specification