Client-side CAPTCHA ceremony for user verification

US 8,145,914 B2
Filed: 12/15/2005
Issued: 03/27/2012
Est. Priority Date: 12/15/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method in a computer system with a processor and a memory for performing a local human verification ceremony, the method comprising:

identifying an action to be performed on the computer system, the action being requested by possible malware executing on the computer system;

indicating that the local human verification ceremony needs to be performed before the identified action is performed, the local human verification ceremony requesting user verification to perform the identified action on the computer system;

creating a verification window that is digital rights management protected so that content of the verification window can be viewed, but cannot be copied or forwarded;

presenting to a user for viewing a CAPTCHA challenge as content of the verification window, wherein the CAPTCHA challenge displays an image of distorted text, further wherein the CAPTCHA challenge requests that the distorted text be entered in a response input-text-box;

upon receiving a request to copy or forward content of the verification window, suppressing the copying or forwarding of the verification window;

receiving from the user text input into the input-text-box;

determining by the computer system whether the text matches the distorted text; and

when it is determined that the received text does not match the distorted text, suppressing the performing of the identified action; and

when it is determined that the received text matches the distorted text, performing by the computer system the identified action.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A facility for performing a local human verification ceremony to obtain user verification is provided. Upon determining that user verification is needed to perform an action on a computer system, the facility presents a CAPTCHA challenge requesting verification that the user wants the action performed on the computer system. Upon receiving a response, the facility compares the received response to an expected correct response. If the received response is the correct response, the facility authorizes the action to be performed.

76 Citations

View as Search Results

17 Claims

1. A method in a computer system with a processor and a memory for performing a local human verification ceremony, the method comprising:
- identifying an action to be performed on the computer system, the action being requested by possible malware executing on the computer system;
  
  indicating that the local human verification ceremony needs to be performed before the identified action is performed, the local human verification ceremony requesting user verification to perform the identified action on the computer system;
  
  creating a verification window that is digital rights management protected so that content of the verification window can be viewed, but cannot be copied or forwarded;
  
  presenting to a user for viewing a CAPTCHA challenge as content of the verification window, wherein the CAPTCHA challenge displays an image of distorted text, further wherein the CAPTCHA challenge requests that the distorted text be entered in a response input-text-box;
  
  upon receiving a request to copy or forward content of the verification window, suppressing the copying or forwarding of the verification window;
  
  receiving from the user text input into the input-text-box;
  
  determining by the computer system whether the text matches the distorted text; and
  
  when it is determined that the received text does not match the distorted text, suppressing the performing of the identified action; and
  
  when it is determined that the received text matches the distorted text, performing by the computer system the identified action.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the CAPTCHA challenge requests that the distorted text be entered in the response input-text-box within a predetermined timeout.
  - 3. The method of claim 1, wherein the CAPTCHA challenge is obtained from a remote server.
  - 4. The method of claim 1, wherein the CAPTCHA challenge is one of a plurality of CAPTCHA challenges that are maintained on the computer system.
  - 5. The method of claim 1, wherein the identified action is being performed by an operating system on the computer system.

6. A computer-readable storage device whose contents cause a computer system to perform a local human verification ceremony, by a method comprising:
- receiving from a process executing on the computer system a request to perform an action;
  
  determining that the local human verification ceremony needs to be performed before the action is performed because the action is being requested by possible malware, the local human verification ceremony requesting user verification to perform the action on the computer system;
  
  presenting to a user for user viewing a CAPTCHA challenge in a digital rights management (DRM) protected window to prevent copying of the CAPTCHA challenge, wherein the CAPTCHA challenge displays an image of an alpha-numeric string, further wherein the CAPTCHA challenge requests that the displayed alpha-numeric string be entered in a response input-text-box;
  
  receiving from the user content input into the input-text-box;
  
  determining by the computer system whether the received content matches the alpha-numeric string;
  
  when the received content does not match the alpha-numeric string, suppressing the performing of the action; and
  
  when the received content matches the alpha-numeric string, performing by the computer system the actionwherein the human verification ceremony is performed locally on the computer system that executes the process that requests to perform the action and the action is performed locally on the computer system.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 7. The computer-readable storage device of claim 6, wherein the display of the image of the alpha-numeric string is distorted.
  - 8. The computer-readable storage device of claim 6, wherein the alpha-numeric string contains at least one numeric character.
  - 9. The computer-readable storage device of claim 6, wherein the alpha-numeric string contains at least one text character.
  - 10. The computer-readable storage device of claim 6, wherein the CAPTCHA challenge is one of a plurality of CAPTCHA challenges that are maintained on the computer system.
  - 11. The computer-readable storage device of claim 6, wherein the CAPTCHA challenge is one of a plurality of CAPTCHA challenges that are maintained on the computer system.
  - 12. The computer-readable storage device of claim 6, wherein the action is be performed by an operating system on the computer system.
  - 13. The computer-readable storage device of claim 6, wherein the action is to install an application on the computer system.
  - 14. The computer-readable storage device of claim 6, wherein the action is to alter a security configuration on the computer system.
  - 15. The computer-readable storage device of claim 6, wherein the action is to alter a system configuration setting on the computer system.
  - 16. The computer-readable storage device of claim 6, wherein the authorization is provided if the matching response is received within a predetermined timeout.

17. A computer system for performing a local human verification ceremony locally on the computer system that executes a process that requests to perform an action and for performing the action locally on the computer system, the system comprising:
- a memory storing computer-executable instructions of;
  
  a component configured to receive from the process executing on the computer system a request to perform the action;
  
  a component configured to determine that the local human verification ceremony needs to be performed before the action is performed because the action is requested by possible malware executing on the computer system, wherein the local human verification ceremony requests user verification to perform the action on the computer system;
  
  a component that creates a verification window that is digital rights management protected so that content of the verification window can be viewed, but cannot be copied;
  
  a component configured to present a CAPTCHA challenge as content of the verification window, wherein the CAPTCHA challenge displays an image of distorted text, further wherein the CAPTCHA challenge requests that the distorted text be entered in a response input-text-box;
  
  a component that prevents the copying of content of the verification window;
  
  a component configured to receive a response to the CAPTCHA challenge, the component also configured to provide authorization to perform the action at the computer system upon determining by the computer system that the received response matches the displayed distorted text and to suppress the providing of authorization to perform the action upon determining that the received response does not match the displayed distorted text; and
  
  a processor executing the computer-executable instructions stored in the memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Steeves, David J.
Primary Examiner(s)
Zee, Edward
Assistant Examiner(s)
King, John B

Application Number

US11/303,441
Publication Number

US 20070143624A1
Time in Patent Office

2,294 Days
Field of Search

709/225, 709/228, 709/203, 713/155, 713/184
US Class Current

713/184
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/36   by graphic or iconic repres...

G06F 2221/2103   Challenge-response

G06F 2221/2133   Verifying human interaction...

H04L 2463/101   applying security measures ...

H04L 63/145   the attack involving the pr...

H04W 12/06   Authentication

Client-side CAPTCHA ceremony for user verification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

76 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Client-side CAPTCHA ceremony for user verification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links