Method for selectively restricting access to computer systems
First Claim
1. A computerized method for selectively accepting access requests from a client computer connected to a server computer by a network, comprising:
- receiving an access request in the server computer from the client computer via the network;
generating a predetermined number of random characters to form a string in the server computer in response to the access request;
modifying at least one perceptual attribute of the string of random characters to form a riddle configured to be easily answered by a human being with no advance knowledge of the riddle while being substantially difficult to answer by an automated agent unaided by human being, the string being a correct answer to the riddle;
rendering the riddle on an output device of the client computer;
receiving an answer to the riddle from the client computer;
determining if the answer to the riddle is correct; and
accepting the access request if the answer is correct and received within a predetermined time interval and otherwise denying the access request, wherein the access request is denied when the access request is received from the automated agent.
6 Assignments
0 Petitions
Accused Products
Abstract
A computerized method selectively accepts access requests from a client computer connected to a server computer by a network. The server computer receives an access request from the client computer. In response, the server computer generates a predetermined number of random characters. The random characters are used to form a string in the server computer. The string is randomly modified either visually or audibly to form a riddle. The original string becomes the correct answer to the riddle. The server computer renders the riddle on an output device of the client computer. In response, the client computer sends an answer to the server. Hopefully, the answer is a user'"'"'s guess for the correct answer. The server determines if the guess is the correct answer, and if so, the access request is accepted. If the correct answer is not received within a predetermined amount of time, the connection between the client and server computer is terminated by the server on the assumption that an automated agent is operating in the client on behalf of the user.
412 Citations
75 Claims
-
1. A computerized method for selectively accepting access requests from a client computer connected to a server computer by a network, comprising:
-
receiving an access request in the server computer from the client computer via the network;
generating a predetermined number of random characters to form a string in the server computer in response to the access request;
modifying at least one perceptual attribute of the string of random characters to form a riddle configured to be easily answered by a human being with no advance knowledge of the riddle while being substantially difficult to answer by an automated agent unaided by human being, the string being a correct answer to the riddle;
rendering the riddle on an output device of the client computer;
receiving an answer to the riddle from the client computer;
determining if the answer to the riddle is correct; and
accepting the access request if the answer is correct and received within a predetermined time interval and otherwise denying the access request, wherein the access request is denied when the access request is received from the automated agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
sending a first message to the client computer in response to receiving the access request from the client computer, the first message including the random characters of the string in the modified form of the riddle, a current time supplied by the server computer, the access request, and further including a first encoded value of a combination of the string, the current time, the access request and a master secret possessed by the server computer.
-
-
18. The method of claim 17 wherein the encoded value is generated by applying a hash function on the combination of the string, the current time, the access request and the master secret.
-
19. The method of claim 18 further including receiving a second message from the client computer, the second message including the answer, the current time supplied by the server, the access request, and the encoded value.
-
20. The method of claim 19 further including comparing a second encoded value computed by applying the hash function to a combination of the answer, the current time, the access request, and the master secret with the first encoded value to determine if the answer is identical to the string.
-
21. The method of claim 20 further including terminating the connection between the client computer and the server computer after the predetermined time interval from the current time of the first message.
-
22. The method of claim 2 wherein the client computer and the server computer are connected by the Internet, and the string is rendered using a Web page.
-
23. The method of claim 1 further including:
-
sending a first message to the client computer in response to receiving the access request from the client computer, the first message including the random characters of the string in the modified riddle form, a current time supplied by the server computer, and further including a first encoded value of a combination of the string, the current time, and a master secret possessed by the server computer; and
storing the first encoded value in a memory of the client computer.
-
-
24. The method of claim 23 further including:
receiving a second message from the client computer, the second message including the answer, the current time supplied by the server, and the encoded value.
-
25. The method of claim 24 further including comparing a second encoded value computed by applying the hash function to a combination of the answer, the current time, and the master secret with the stored first encoded value to determine if the answer is identical to the string.
-
26. The method of claim 25 wherein the first encoded value is removed from the memory after a first predetermined time interval.
-
27. The method of claim 26 further including:
terminating the connection between the client computer and the server computer if another access request is from the client within a second predetermined time interval, the second predetermined time interval being substantially less than the first predetermined time interval.
-
28. The method of claim 1 further including:
-
sending a first message to the client computer in response to receiving the access request from the client computer, the first message including the random characters of the string in the modified riddle form, and a transaction identifier; and
storing the string and a current time of the server with an associated transaction identifier in a memory of the client computer.
-
-
29. The method of claim 28 further including:
receiving a second message from the client computer, the second message including the answer, the access request, and the transaction identifier.
-
30. The method of claim 29 further including comparing the answer with the stored string of the associated transaction identifier to determine if the answer is identical to the string.
-
31. The method of claim 30 wherein the access request and the associated transaction identifier are removed from the memory after a first predetermined time interval from the current time of the first message.
-
32. The method of claim 31 further including:
terminating the connection between the client computer and the server computer if another access request is from the client within a second predetermined time interval, the second predetermined time interval being substantially less than the first predetermined time interval.
-
33. The method of claim 1 further including:
sending a first message to the client computer in response to receiving the access request from the client computer, the first message including the random characters of the string in the modified riddle form, a current time supplied by the server computer, the access request, an address of the client computer, and further including a first encoded value of a combination of the string, the current time, the access request, the address, and a master secret possessed by the server computer.
-
34. The method of claim 32 wherein the encoded value is generated by applying a hash function on the combination of the string, the current time, the access request, the address and the master secret.
-
35. The method of claim 33 further including receiving a second message from the client computer, the second message including the answer, the current time supplied by the server, the access request, and the encoded value.
-
36. The method of claim 34 further including comparing a second encoded value computed by applying the hash function to a combination of the answer, the current time, the access request, the address, and the master secret with the first encoded value to determine if the answer is identical to the string.
-
37. The method of claim 35 wherein the access request is accepted if the second message including the correct answer is received within the predetermined time interval from the current time supplied by the server computer.
-
38. The method of claim 36 further including terminating the connection between the client computer and the server computer after the predetermined time interval from the current time of the first message.
-
39. The method of claim 1 further including:
accepting a predetermined number of access requests after the correct answer is received before rendering an additional riddle.
-
40. The method of claim 1 further including:
-
sending a password to the user if a predetermined number of access requests are accepted from the client; and
accepting additional access requests from the client if the additional access requests are received along with the password.
-
-
41. The method of claim 40 further including:
revoking the password if the rate at which the additional access requests are received is less than a predetermined threshold.
-
42. The method of claim 1 wherein the access request is an electronic mail message.
-
43. The method of claim 1 wherein the server computer is a search engine, and the access request is to add a Web page to an index of the server computer.
-
44. The method of claim 1 wherein the server computer stores information, and the access request is to read the information.
-
45. The method of claim 1 wherein the access request is a response from the client computer to a poll generated by the server computer.
-
46. The method of claim 1 wherein the access request is an entry for a contest operated by the server computer.
-
47. An apparatus for accepting access requests from a client computer connected to a server computer by a network, comprising:
-
means for receiving an access request in the server computer from the client computer via the network;
a random character generator generating a predetermined number of random characters to form a string in the server computer in response to the access request;
means for modifying at least one perceptual attribute of the string of random characters to form a riddle configured to be easily answer by a human being with no advance knowledge of the riddle while being substantially difficult to answer by an automated agent unaided by a human being, the string being a correct answer to the riddle;
means for rendering the riddle on an output device of the client computer, a correct answer to the riddle being the string;
means for receiving an answer to the riddle from the client computer;
means for determining if the answer to the riddle is correct; and
means for accepting the access request if the answer is correct and received within a predetermined time interval and otherwise denying the access request, wherein the access request is denied when the access request is received from the automated agent.
-
-
48. A computer program product for use in conjunction with a computer system, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism for selectively accepting access requests from a client computer connected to a server computer by a network, the computer program mechanism comprising:
-
instructions that receive an access request in the server computer from the client computer via the network;
instructions that generate a predetermined number of random characters to form a string in the server computer in response to the access request;
instructions that modify at least one perceptual attribute of the string of random characters to form a riddle configured to be easily answered by a human being with no advance knowledge of the riddle while being substantially difficult to answer by an automated agent unaided by a human being, the string being a correct answer to the riddle;
instructions that render the riddle on an output device of the client computer;
instructions that receive an answer to the riddle from the client computer;
instructions that determine if the answer to the riddle is correct;
instructions that accept the access request if the answer is correct and received within a predetermined time interval and that otherwise deny the access request, wherein the access request is denied when the access request is received from the automated agent. - View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
instructions that send a password to the user if a predetermined number of access requests are accepted from the client; and
instructions that accept additional access requests from the client if the additional access requests are received along with the password.
-
-
61. The computer program product of claim 60 further including instructions that revoke the password if the rate at which the additional access requests are received is less than a predetermined threshold.
-
62. A computer system for selectively accepting access requests from a client computer connected to a server computer by a network, comprising:
-
a memory; and
a processor to execute instructions stored in the memory, wherein the memory stores instructions that;
receive an access request in the server computer from the client computer via the network;
generate a predetermined number of random characters to form a string in the server computer in response to the access request;
modify at least one perceptual attribute of the string of random characters to form a riddle configured to be easily answered by a human being with no advance knowledge of the riddle while being substantially difficult to answer by an automated agent unaided by a human being, the string being a correct answer to the riddle;
render the riddle on an output device of the client computer;
receive an answer to the riddle from the client computer;
determine if the answer to the riddle is correct; and
accept the access request if the answer is correct and received within a predetermined time interval and otherwise deny the access request, wherein the access request is denied when the access request is received from the automated agent. - View Dependent Claims (63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75)
send a password to the user if a predetermined number of access requests are accepted from the client; and
accept additional access requests from the client if the additional access requests are received along with the password.
-
-
75. The computer system of claim 74, the memory further storing instructions that revoke the password if the rate at which the additional access requests are received is less than a predetermined threshold.
Specification