CN1666175A - 用于监控用户与计算机之间交互的方法和系统 - Google Patents
用于监控用户与计算机之间交互的方法和系统 Download PDFInfo
- Publication number
- CN1666175A CN1666175A CN03815384XA CN03815384A CN1666175A CN 1666175 A CN1666175 A CN 1666175A CN 03815384X A CN03815384X A CN 03815384XA CN 03815384 A CN03815384 A CN 03815384A CN 1666175 A CN1666175 A CN 1666175A
- Authority
- CN
- China
- Prior art keywords
- random
- reference data
- image
- user
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q99/00—Subject matter not provided for in other groups of this subclass
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C5/00—Ciphering apparatus or methods not provided for in the preceding groups, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Abstract
提供了一种用于监控用户与计算机之间的交互的方法和系统。所述方法包括:生成包括用户可读的随机参考数据在内的图像;以及将所述图像传送到所述计算机,以显示给所述用户。然后接收用户输入数据(122),并在所述随机参考数据和所述用户输入数据之间进行比较,以确定所述用户是否正在和所述计算机交互。
Description
技术领域
本发明涉及监控用户与计算机之间的交互。
背景技术
因特网环境中经常出现的一类问题就是机器人对网站的非授权访问或非正当访问,这些机器人通常被称为“蛆虫(bot)”。蛆虫是运行在那些无需用户交互就可自动访问网站的计算机上的程序。虽然有些蛆虫可能出于正当目的访问网站,例如被授权从网页搜集信息的搜索引擎蜘蛛程序,但是其它蛆虫却执行着非正当的功能。例如,某些蛆虫访问网站并出于不正当的目的注册多个虚构的用户,访问网站以挖掘保密的用户信息,猜试用户密码,未经授权在销售或拍卖网站上列出产品项等等。可以理解,由于运行蛆虫程序的计算机具有很强的处理能力,所以在极其短的时间内可能发生大量的非授权访问。虽然用户或个人也可以进行非授权访问,但这一过程要慢得多。
发明内容
提供了一种用于监控用户和计算机之间交互的方法和系统。所述方法包括:生成包括所述用户可读的随机参考数据在内的图像,并且将所述图像传送给所述计算机以显示给所述用户。然后接收到用户输入数据,并在所述随机参考数据和所述用户输入数据之间进行比较,以确定所述用户是否正在和所述计算机交互。
参考附图并根据以下的详细描述将会清楚本发明的其它特性。
附图说明
在附图中以示例而非限制的方式图示了本发明,其中,相同的标号表示相似的特性。
在附图中:
图1示出了根据本发明的一个方面用于监控用户和计算机之间的交互的示例性系统的示意框图;
图2示出了根据本发明的另一方面生成包括随机参考串在内的参考数据的示例性方法的示意流程图;
图3示出了同样根据本发明的一个方面生成用户可读的、包括随机参考串在内的图像的示例性方法的示意流程图;
图4示出了图3中方法的更详细的示意流程图,其中示出了将随机参考串包括在图像中的过程;
图5示出了同样根据本发明的一个方面监控用户与计算机之间的交互的示例性方法的示意流程图;
图6示出了在计算机上呈现给用户的示例性用户界面的示意表示;
图7示出了用于视觉受损用户的示例性用户界面;
图8示出了用于监控令牌的重复使用的示例性表;以及
图9示出了示例性计算机的示意硬件体系结构。
具体实施方式
下面描述一种用于监控用户与计算机之间交互的方法和系统。在以下描述中,出于解释的目的阐述了很多具体的细节,以提供对本发明的完整理解。但是对本领域的技术人员而言很明显的是,没有这些具体细节也可以实现本发明。
具体参考图1,标号10总体上表示一种根据本发明的一个方面用于监控用户与计算机12之间的交互的系统。在本发明的一种实施方式中,系统10被用在因特网环境中,用户在该环境中访问因特网服务机构的网站。因此,参考经由因特网11的用户注册过程来描述本发明。但是应当理解,本发明可被应用于将对用户与计算机之间的交互进行监控的任何计算机环境中。
计算机12包括万维网浏览器应用程序14,该应用程序生成诸如示例性的注册表单16的用户界面。注册表单16包括显示区18,用于显示包括随机参考数字在内的图像20,并且为了实现注册,要求用户从图像20中读取该随机参考数字,并将其输入到用户数据输入栏22。为了完成注册,用户激活“GO”按钮24,该按钮接着将注册信息传送到注册服务器26。正如下面更详细描述的那样,图像20被扭曲和修改,以防止诸如软件机器人的自动进程使用光学字符识别(OCR)技术获得所述参考数字。然而,图像20足够清晰,使得用户可以读取参考数字,以输入到输入数据栏22中。可见,为了实现注册,需要与计算机12之间进行人工交互。
在一种实施方式中,参考数字是由因特网应用服务器28生成的,该服务器经由因特网11,例如以令牌的形式将参考数据中的随机数字传递到浏览器应用程序14,如箭头30所示。然后如箭头34所示,浏览器应用程序14在超文本标记语言(HTML)图像调用期间,将令牌传递给图像服务器32。图像服务器32随后解密该令牌,并且随机地将参考数字包括在图像20中,此后如线36所示,图像20被传送到浏览器应用程序14以包括在显示区18中。在用户已将所述数字输入到用户数据输入栏22中,并且完成了注册表单中的其它内容(例如完成了栏38、40中的内容)后,栏22中的用户输入数据和令牌接着就被传送到注册服务器26。然后,注册服务器26解密该令牌以得到参考数字,接着将用户输入的数字与该参考数字进行比较,并且如果两个数字匹配,则注册服务器26可以认证该用户。但是,除比较两个数字之外,注册服务器26还执行所述令牌的校验和验证和时间戳分析,下面将更详细地描述。
具体参考图2,标号50总体上表示一种根据本发明的一个方面、用于生成包括参考串在内的随机参考数据以包括在图像20中的示例性方法,所述参考串以随机参考数字的示例性形式出现。在一种实施方式中,在应用服务器28中执行方法50。可以理解,虽然随机参考串是以随机参考数字的形式出现的,但是在其他实施方式中,随机参考串可以是数字、字符和/或任何图形数据。然而,当随机参考串以数字随机数的形式出现时,系统10可以与语言无关。
在示例性的注册过程中,当万维网浏览器应用程序14向应用服务器28请求注册表单时,方法50开始(参见框52)。此后,如框54所示,确定系统10中用于传送参考数据的具体令牌大小,并且以毫秒为单位为其记录时间戳(参见框56)。生成随机参考数字,如框58所示,并且进一步随机化该数字,如框60所示。此后,参考数字的大小受到限制(参见框62),以符合在框54处所选择的令牌大小。然后执行时间戳和参考数字的校验和(参见框64),以产生包括时间数据、参考数字和校验和在内的参考数据(参见框66),然后例如使用Blowfish对该参考数据进行加密,如框68所示。然后,加密后的参考数据进行Base64编码(参见框70),以产生加密并编码后的令牌(参见框72),该令牌接着被包括进HTML网页中(参见框74),并被发送给用户(参见图2中的框76和图1中的箭头30)。
应用服务器28所生成的包括参考数据的令牌的实施例如下:
(64位)1595139460 | (32位)069587 | (32位)59991 |
时间戳 | 随机数 | 校验和 |
令牌的时间戳(参见图2中的框56)指示了该令牌是何时生成的,并且下面将会更加详细地描述,该时间戳被服务器26用来确定所述令牌以前是否曾在有效的注册过程中被使用过。时间戳通常是指令牌被创建时应用服务器28上的时间。
虽然在上述实施方式中,令牌是在HTML网页中被传送到浏览器应用程序14,但是可以理解,在其他实施方式中,也可以在cookie、其他表单、URL等中传递令牌。此外,通常是利用私钥对令牌进行加密,并且当从浏览器应用程序14接收到对注册表单16的请求时,即时地(on-the-fly)或动态地生成随机数字。因此,在一种实施方式中,不提供任何数字或图像库,并且每次处理来自计算机12的请求时,都生成不同的包括随机数字在内的参考数据。
当浏览器应用程序14对图像服务器32进行图像调用,以取出图像20显示在从应用服务器28接收的网页中时,其就将从应用服务器28接收到的经过加密和编码的令牌传递到图像服务器32,如图1中的箭头34所示。具体参考图3,标号80总体上表示一种根据本发明另一方面的、用于生成图像20的示例性方法。如框82所示,图像服务器32从浏览器应用程序14接收用户调用,并识别出带有参考数据的令牌,并且使用Base64解码方法来解码参考数据(参见框84)。此后,使用Blowfish来解密参考数据(参见框86),以获得解码并解密后的参考数据,其包括时间数据、参考数字和校验和,如框88所示。然后如框90所示,基于校验和来检查参考数据的完整性,在这之后生成图像20。
具体参考图4,标号100总体上表示一种根据本发明一个方面的、用于生成包括随机参考数字在内的随机图像20的示例性方法。如框102所示,在图像服务器32处生成图像修改随机数字,接着基于该图像修改随机数字,创建并修改图像。例如,可以随机地使用所述图像修改随机数字,以从多种不同的字体中为参考数字中的每一个数字选择一种字体(参见框104),从而防止机器人获得该数字。在一种实施方式中,如框106和线108所示,可以迭代地生成多个图像修改随机数字,并且响应于每一个随机数字,可以使每个数字显示在图像20中的位置随机地偏离中心、可以随机地生成要显示数字的各种颜色、可以向图像20中加入网格线、可以向图像20中加入随机扭曲或噪声等等(参见框104)。一旦图像20已被充分扭曲,它就被转换为jpeg格式(参见框108),此后它被发送到计算机12,如图4中的框110和图1中的箭头36所示。
在一种实施方式中,将可以理解的是,由于图像修改数字是一个随机数字,所以图像不仅包括随机参考数字,而且以随机方式在图像中包括该数字。在一种实施方式中,图像被扭曲及修改,使得需要少量的人工解译来辨识或识别参考数字。
如上所述,浏览器应用程序14在显示区18中显示图像20,使得用户可以读取其中所提供的数字,并且利用计算机12的键盘,将各个数字手动输入到输入表单或栏22中。一旦用户完成了整个注册表单,则用户一般将激活“GO”按钮24,响应于该按钮,浏览器应用程序14就将用户输入数据、输入到表单16中的数据、以及包括参考数据的令牌都传送到服务器26,如图1中的箭头41所示。
具体参考图5,标号120总体上表示一种根据本发明一个方面的、用于监控用户与计算机12之间的交互的示例性方法。如框122所示,在一种实施方式中,服务器26接收包括参考数据在内的令牌(作为表单16的一部分)以及用户输入数字。然后对令牌的参考数据进行Base64解码和Blowfish解密,以获得包括随机参考数字在内的参考数据(参见框124)。如同在服务器32中的情形一样,接着使用校验和来检查参考数据的完整性(参见框126),并且如判决框128所示,如果否认了令牌的参考数据的完整性(参见框130),则在有限数量的机会中给予用户又一次机会(参见框132)来重新输入显示在图像20中的数字。
然而,回到判决框128,如果参考数据的完整性被接受了,则检查令牌的时间戳,以确保其处于特别预先确定的时间范围或时间窗内,如框131所示。具体地说,根据要求用户输入到注册表单16中的内容量,允许在大约3到20分钟的时间窗内使令牌的参考数据有效。如果时间戳指示了少于3分钟或多于20分钟的时间段,则假定该注册尝试是由机器人做出的或者是一种重试性攻击(replay attack),在这种攻击中试图使用同一令牌进行多次注册尝试。因此,如判决框132所示,如果令牌的时间戳不在所述时间窗内,则拒绝该注册尝试(参见框130)。
然而,如果时间戳在可接受的时间窗内,则将用户输入数字与参考数字进行比较来看它们是否匹配,如框134所示。如果用户输入数字和参考数字不匹配(参见框136),则拒绝该注册尝试(参见框130)。在附图所示的实施方式中,应用服务器28执行时间戳操作并且注册服务器26检查所述时间戳操作,这样服务器26、28上的时间就同步了。
在某些情形中,用户可能会无意地多次激活“GO”按钮24,例如由于显示屏上很慢的刷新速率。因此,在某些实施方式中,参考数据可能对于多个收到的注册尝试都是有效的。在这些情形中,如果用户输入数字和参考数字匹配,则进行进一步的检查,以确定是否已经使用了同一令牌作为注册验证的基础(参见框138)。具体地说,方法120访问表140(参见图8)以获得有关令牌的使用信息及其参考数据。如图5中的判决框142所示,如果令牌的数字不包括在表140中,则将其插入到表140中(参见框144),并将其参考计数设置为“1”(参见图8中的列148)。此后,注册过程获得认证或生效,如框146所示。
然而,回到判决框142,如果与令牌相关联的参考数字包括在表140中,则递增其包括在列148中的参考计数(参见框150),然后方法120检查与令牌相关联的计数是否超过了预定的最大数。例如,如果预定的最大数是3,那么一旦表140中的计数已经达到3,就拒绝在这之后使用相同参考数字的注册尝试(参见图5中框152和130)。然而,如果计数小于3,则可以完成该注册过程(参见框146)。
在某些实施方式中,表140包括一个龄期(age)列154,其被用来检查时间戳是否处于预定的时间窗内(参见框131)。可以根据列148中的计数和列154中所示的令牌的龄期,有选择地拒绝注册尝试。图8中的注释156示出了上述方法的示例性应用,其中,时间窗是120分钟,并且使用相同参考数据的重试尝试的最大次数是3。
在图6中示出了由应用服务器28提供给浏览器应用程序14的用户界面的一种实施方式的示例性屏幕快照。通常使用HTML来生成图6的用户界面,并且如上所述,虽然是参考注册过程来描述本发明的,但是本发明也可被用来在任何其他情形中监控用户与计算机12之间的交互。由于以防止机器人或其它任何自动进程识别出参考数字的方式来修改图像20,所以对于视觉受损的用户来说,可能很难读取所产生的图像20。因此,如图7所示,可以提供一种替代性的签约或注册程序,其中提供了一个免费号码(158)供视觉受损的人拨打,从而实现注册。
在上述实施方式中,服务器26、28和32被表示为相互独立的服务器,它们可能位于不同的机构处。因此,在一种实施方式中,在不同的服务器之间传送的令牌可能是服务器26、28、32之间唯一的交互。在这种实施方式中,可以在服务器26上提供单个集中式表140,并且它无需在服务器28和32上进行复制。然而,可以理解的是,在其他实施方式中,任意两个或更多个服务器可以合并为单个服务器。
图9示出了以计算机系统200的示例性形式出现的机器的示意表示,其中可以执行一组指令,用于使所述机器执行上述方法中的任何一种。计算机12以及服务器26、28和32可以与计算机系统200相似。
在替代实施方式中,所述机器可以包括网络路由器、网络交换机、网桥、个人数字助手(PDA)、蜂窝电话、万维网设备、机顶盒(STB)或者能够执行指示了该机器所要采取的动作的指令序列的任何机器。
计算机系统200包括处理器202、主存储器204和静态存储器206,它们通过总线208相互通信。计算机系统200还可以包括视频显示单元210(例如,液晶显示器(LCD)或阴极射线管(CRT))。计算机系统200还包括字母数字输入设备(例如键盘)、光标控制设备214(例如鼠标)、盘驱动单元216、信号发生设备218(例如扬声器)和网络接口设备220。
盘驱动单元216包括机器可读介质222,其上存储有用于实施上述任何一种或所有方法的一组指令(软件)224。软件224也被表示为全部或至少部分地驻留于主存储器204和/或处理器202内。软件224还可以经由网络接口设备220来发送或接收。对于本说明书而言,术语“机器可读介质”应被视为包括能够存储或编码供该机器执行并使得该机器执行本发明任何一种方法的指令序列的任何介质。因此,术语“机器可读介质”应被视为包括但不限于固态存储器、光盘和磁盘以及载波信号。虽然机器可读介质可以存在于单个机器上,但是也能理解的是,它也可以分布式地存在于一个以上的机器上。
这样,已经描述了一种用于监控用户与计算机之间的交互的方法和系统。虽然参考特定的示例性实施方式描述了本发明,但是很明显的是,可以对这些实施方式做出各种修改和改变,而不会偏离本发明更宽的精神和范围。因此,说明书和附图应被视作示例性的而非限制性的。
Claims (52)
1.一种监控用户和计算机之间的交互的方法,所述方法包括:
生成包括所述用户可读的随机参考数据在内的图像;
将所述图像传送到所述计算机,以显示给所述用户;
接收用户输入数据;以及
比较所述随机参考数据和所述用户输入数据,以确定所述用户是否正在和所述计算机交互。
2.如权利要求1所述的方法,其中所述参考数据包括随机参考串。
3.如权利要求2所述的方法,其中所述随机参考串包括多个数字。
4.如权利要求3所述的方法,其中所述参考数据以随机方式被包括在所述图像中。
5.如权利要求4所述的方法,其中,以随机方式包括所述参考数据的操作包括以下方式之一:随机地使每个数字偏离中心,按照随机选择的字体提供每个数字,按照随机选择的颜色提供每个数字,以及向所述图像中加入噪声。
6.如权利要求4所述的方法,其中,以随机方式包括所述随机参考数据的操作包括:
生成图像修改随机数字;以及
根据所述图像修改随机数字,将所述参考数字包括在所述图像中。
7.如权利要求1所述的方法,其包括:
在应用服务器处生成随机参考串;
将所述随机参考串包括在所述参考数据中;
加密所述参考数据;以及
以万维网表单、统一资源定位符和cookie中之一,经由因特网将所述加密后的参考数据传送到所述计算机。
8.如权利要求7所述的方法,其包括在注册过程期间,将所述加密后的参考数据传送到所述计算机,要求所述用户输入数据与所述参考串相对应以实现注册。
9.如权利要求8所述的方法,其包括在将所述加密后的参考数据传送给所述计算机之前,对所述加密后的参考数据进行Base64编码。
10.如权利要求7所述的方法,其中,在加密所述参考数据之前,将时间戳包括在所述参考数据中。
11.如权利要求10所述的方法,其包括:
从所述参考串和所述时间戳来生成校验和;以及
加密所述参考串、时间戳和校验和,以形成被传送给所述计算机的所述随机参考数据。
12.如权利要求7所述的方法,其中在用于提供超文本标记语言页的图像服务器处,将所述参考串包括在所述图像中,所述方法包括:
与向万维网浏览器提供图像的超文本标记语言请求一起,接收所述加密后的参考数据;以及
解密所述加密后的参考数据,以获得所述参考串。
13.如权利要求12所述的方法,其包括对所述解密后的参考数据进行Base64解码,以获得所述参考数据。
14.如权利要求13所述的方法,其包括从所述参考数据中提取所述参考串,以生成所述图像。
15.一种生成随机图像的方法,所述方法包括:
接收加密后的随机参考数据;
解密所述加密后的随机参考数据,以获得随机参考串;
以随机方式将所述随机参考串包括在所述图像中;以及
将所述图像传送给接收方计算机。
16.如权利要求15所述的方法,其中,所述加密后的随机参考数据被Base64编码,所述方法包括在对所述加密后的参考串进行解密前,对所述加密后的参考数据进行Base64解码。
17.如权利要求15所述的方法,其中以随机方式包括所述参考串的操作包括以下方式之一:随机地使所述参考串中的每个数字偏离中心,按照随机选择的字体提供所述参考串,按照随机选择的颜色提供所述参考串,以及向所述图像中加入噪声。
18.如权利要求15所述的方法,其中,以随机方式包括所述参考串的操作包括:
生成图像修改随机数字;以及
根据所述图像修改随机数字,将所述参考串包括在所述图像中。
19.如权利要求15所述的方法,其包括以超文本标记语言图像调用的形式,经由因特网接收所述加密后的随机参考数据。
20.一种监控用户与计算机之间的交互的方法,所述方法包括:
从所述计算机接收加密后的参考数据,所述参考数据包括对用户可见的随机参考串,该用户正在查阅包括所述参考串在内的图像;
接收用户输入数据,所述用户输入数据是由用户响应于查阅所述图像而输入的;
解密所述加密后的参考数据,以获得所述参考串;
比较所述参考串与所述用户输入数据;以及
响应于所述比较,有选择地认证所述用户交互。
21.如权利要求20所述的方法,其包括:
从所述加密后的参考数据中提取时间戳;
将所述时间戳与参考时间范围做比较;以及
当所述时间戳位于所述参考时间范围内时,有选择地认证所述用户交互。
22.如权利要求21所述的方法,其包括:
每次在所述时间范围内接收到所述参考数据时,就递增与所述参考数据相关联的计数;以及
当所述计数超出参考计数时,有选择地拒绝所述用户交互。
23.一种包含指令序列的机器可读介质,所述指令序列在由机器执行时使得所述机器:
接收加密后的随机参考数据;
解密所述加密后的随机参考数据,以获得随机参考串;
以随机方式将所述随机参考串包括在图像中;以及
将所述图像传送给接收方计算机。
24.如权利要求23所述的机器可读介质,其中,当所述加密后的随机参考数据被Base64编码时,所述机器在对所述加密后的参考串进行解密前,对所述加密后的参考数据进行Base64解码。
25.如权利要求23所述的机器可读介质,其中,以随机方式包括所述参考串的操作包括以下方式之一:随机地使所述参考串中的每个数字偏离中心,按照随机选择的字体提供所述参考串,按照随机选择的颜色提供所述参考串的每个数字,以及向所述图像中加入噪声。
26.如权利要求23所述的机器可读介质,其中,以随机方式包括所述参考串的操作包括使得所述机器:
生成图像修改随机数字;以及
根据所述图像修改随机数字,将所述参考串包括在所述图像中。
27.如权利要求23所述的机器可读介质,其中所述机器以超文本标记语言图像调用的形式,经由因特网接收所述加密后的随机参考数据。
28.一种包含指令序列的机器可读介质,所述指令序列在被机器执行时使得所述机器:
从计算机接收加密后的参考数据,所述参考数据包括对用户可见的随机参考串,所述用户正在查阅包括所述参考串在内的图像;
接收用户输入数据,所述用户输入数据是由用户响应于查阅所述图像而输入的;
解密所述加密后的参考数据,以获得所述参考串;
比较所述参考串与所述用户输入数据;以及
响应于所述比较,有选择地认证所述用户交互。
29.如权利要求28所述的机器可读介质,其中所述机器:
从所述加密后的参考数据中提取时间戳;
将所述时间戳与参考时间范围做比较;以及
当所述时间戳在所述参考时间范围内时,有选择地认证所述用户交互。
30.如权利要求29所述的机器可读介质,其中所述机器:
每次在所述时间范围内接收到所述参考数据时,就递增与所述参考数据相关联的计数;以及
当所述计数超出参考计数时,有选择地拒绝所述用户交互。
31.一种包含指令序列的机器可读介质,所述指令序列在被机器执行时使得所述机器:
生成包括用户可读的随机参考数据在内的图像;
将所述图像传送到所述计算机,以显示给所述用户;
接收用户输入数据;以及
比较所述随机参考数据和所述用户输入数据,以确定所述用户是否正在和所述计算机交互。
32.如权利要求31所述的机器可读介质,其中所述参考数据包括随机参考串。
33.如权利要求31所述的机器可读介质,其中所述参考数据以随机方式被包括在所述图像中。
34.如权利要求33所述的机器可读介质,其中,通过以下方式之一将所述参考数据包括进去:随机地使每个数字远离中心,按照随机选择的字体提供每个数字,按照随机选择的颜色提供每个数字,以及向所述图像中加入噪声。
35.如权利要求33所述的机器可读介质,其中通过以下操作将所述随机参考数据包括进去:
生成图像修改随机数字;并且
根据所述图像修改随机数字,将所述参考数字包括在所述图像中。
36.如权利要求31所述的机器可读介质,其中所述机器:
与向万维网浏览器提供图像的超文本标记语言请求一起,接收所述加密后的参考数据;以及
解密所述加密后的参考数据,以获得所述参考数据。
37.一种用于监控用户与计算机之间的交互的计算机系统,所述系统至少包括一个服务器用于:
生成包括用户可读的随机参考数据在内的图像;
将所述图像传送到所述计算机,以显示给所述用户;
接收用户输入数据;以及
比较所述随机参考数据和所述用户输入数据,以确定所述用户是否正在和所述计算机交互。
38.如权利要求37所述的计算机系统,其中所述参考数据包括随机参考串,所述随机参考串包括多个数字。
39.如权利要求38所述的计算机系统,其中所述参考数据以随机方式被包括在所述图像中。
40.如权利要求39所述的计算机系统,其中,以随机方式包括所述参考数据的操作包括以下方式之一:随机地使每个数字远离中心,按照随机选择的字体提供每个数字,按照随机选择的颜色提供每个数字,以及向所述图像中加入噪声。
41.如权利要求40所述的计算机系统,其中,以随机方式包括所述参考数据的操作包括:
生成图像修改随机数字;以及
根据所述图像修改随机数字,将所述参考数字包括在所述图像中。
42.如权利要求37所述的计算机系统,其中,在注册过程期间将所述加密后的参考数据传送到所述计算机,要求所述用户输入数据与所述参考数据相对应以实现注册。
43.如权利要求37所述的计算机系统,其中,在加密所述参考数据之前,将时间戳包括在所述参考数据中。
44.如权利要求37所述的计算机系统,其中所述机器:
与向万维网浏览器提供图像的超文本标记语言请求一起,接收所述加密后的参考数据;以及
解密所述加密后的参考数据,以获得所述参考数据。
45.一种用于生成随机图像的计算机系统,所述系统至少包括一个服务器用于:
接收加密后的随机参考数据;
解密所述加密后的随机参考数据,以获得随机参考串;
以随机方式将所述随机参考串包括在所述图像中;以及
将所述图像传送给接收方计算机。
46.如权利要求45所述的计算机系统,其中通过以下方式之一将所述参考串包括进去:随机地使所述参考串的每个数字偏离中心,按照随机选择的字体提供所述参考串,按照随机选择的颜色提供所述参考串,以及向所述图像中加入噪声。
47.如权利要求45所述的计算机系统,其中所述服务器:
生成图像修改随机数字;以及
根据所述图像修改随机数字,将所述参考串包括在所述图像中。
48.如权利要求45所述的计算机系统,其中,以超文本标记语言图像调用的形式,经由因特网接收所述加密后的随机参考数据。
49.一种用于监控用户与计算机之间的交互的计算机系统,所述计算机系统包括服务器,所述服务器用于:
从所述计算机接收加密后的参考数据,所述参考数据包括对用户可见的随机参考串,该用户正在查阅包括所述参考串在内的图像;
接收用户输入数据,所述用户输入数据是由用户响应于查阅所述图像而输入的;
解密所述加密后的参考数据,以获得所述参考串;
比较所述参考串与所述用户输入数据;以及
响应于所述比较,有选择地认证所述用户交互。
50.如权利要求49所述的计算机系统,其中所述服务器:
从所述加密后的参考数据中提取时间戳;
将所述时间戳与参考时间范围做比较;以及
当所述时间戳位于所述参考时间范围内时,有选择地认证所述用户交互。
51.如权利要求50所述的计算机系统,其中所述服务器:
每次在所述时间范围内接收到所述参考数据时,就递增与所述参考数据相关联的计数;以及
当所述计数超出参考计数时,有选择地拒绝所述用户交互。
52.一种用于监控用户与计算机之间的交互的计算机系统,所述系统包括:
用于生成包括所述用户可读的随机参考数据在内的图像的装置;
用于将所述图像传送到所述计算机,以显示给所述用户的装置;
用于接收用户输入数据的装置;以及
用于比较所述随机参考数据和所述用户输入数据,以确定所述用户是否正在和所述计算机交互的装置。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/186,637 | 2002-06-28 | ||
US10/186,637 US7139916B2 (en) | 2002-06-28 | 2002-06-28 | Method and system for monitoring user interaction with a computer |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1666175A true CN1666175A (zh) | 2005-09-07 |
CN100565451C CN100565451C (zh) | 2009-12-02 |
Family
ID=29779927
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB03815384XA Expired - Lifetime CN100565451C (zh) | 2002-06-28 | 2003-06-27 | 用于监控用户与计算机之间交互的方法和系统 |
Country Status (6)
Country | Link |
---|---|
US (3) | US7139916B2 (zh) |
EP (1) | EP1540468A4 (zh) |
KR (1) | KR100808434B1 (zh) |
CN (1) | CN100565451C (zh) |
AU (1) | AU2003248752A1 (zh) |
WO (1) | WO2004003736A1 (zh) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101534196A (zh) * | 2008-03-12 | 2009-09-16 | 因特伟特公司 | 用于安全调用rest api的方法和装置 |
CN106789997A (zh) * | 2016-12-12 | 2017-05-31 | 中国传媒大学 | 一种防重放攻击的加密方法 |
Families Citing this family (177)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7747507B2 (en) | 1996-05-23 | 2010-06-29 | Ticketmaster L.L.C. | Computer controlled auction system |
US9622058B1 (en) | 2000-06-02 | 2017-04-11 | Timothy G. Newman | Apparatus, system, methods and network for communicating information associated with digital images |
US7978219B1 (en) | 2000-08-30 | 2011-07-12 | Kevin Reid Imes | Device, network, server, and methods for providing digital images and associated processing information |
US8326352B1 (en) | 2000-09-06 | 2012-12-04 | Kevin Reid Imes | Device, network, server, and methods for providing service requests for wireless communication devices |
US7139916B2 (en) | 2002-06-28 | 2006-11-21 | Ebay, Inc. | Method and system for monitoring user interaction with a computer |
US10366373B1 (en) | 2002-12-09 | 2019-07-30 | Live Nation Entertainment, Incorporated | Apparatus for access control and processing |
US9477820B2 (en) | 2003-12-09 | 2016-10-25 | Live Nation Entertainment, Inc. | Systems and methods for using unique device identifiers to enhance security |
US9740988B1 (en) | 2002-12-09 | 2017-08-22 | Live Nation Entertainment, Inc. | System and method for using unique device indentifiers to enhance security |
US7624277B1 (en) * | 2003-02-25 | 2009-11-24 | Microsoft Corporation | Content alteration for prevention of unauthorized scripts |
US20050140675A1 (en) * | 2003-08-06 | 2005-06-30 | Billingsley Eric N. | Method and system to generate an image for monitoring user interaction with a computer |
US8112483B1 (en) * | 2003-08-08 | 2012-02-07 | Emigh Aaron T | Enhanced challenge-response |
US8539063B1 (en) * | 2003-08-29 | 2013-09-17 | Mcafee, Inc. | Method and system for containment of networked application client software by explicit human input |
US7464408B1 (en) | 2003-08-29 | 2008-12-09 | Solidcore Systems, Inc. | Damage containment by translation |
US7337324B2 (en) * | 2003-12-01 | 2008-02-26 | Microsoft Corp. | System and method for non-interactive human answerable challenges |
US8078483B1 (en) | 2003-12-16 | 2011-12-13 | Ticketmaster | Systems and methods for queuing access to network resources |
US7840968B1 (en) | 2003-12-17 | 2010-11-23 | Mcafee, Inc. | Method and system for containment of usage of language interfaces |
US7783735B1 (en) * | 2004-03-22 | 2010-08-24 | Mcafee, Inc. | Containment of network communication |
US20050216397A1 (en) | 2004-03-26 | 2005-09-29 | Clearcommerce, Inc. | Method, system, and computer program product for processing a financial transaction request |
US7505946B2 (en) * | 2004-03-31 | 2009-03-17 | Microsoft Corporation | High performance content alteration architecture and techniques |
US7584123B1 (en) | 2004-04-06 | 2009-09-01 | Ticketmaster | Systems for dynamically allocating finite or unique resources |
US20050278253A1 (en) * | 2004-06-15 | 2005-12-15 | Microsoft Corporation | Verifying human interaction to a computer entity by way of a trusted component on a computing device or the like |
US7873955B1 (en) | 2004-09-07 | 2011-01-18 | Mcafee, Inc. | Solidifying the executable software set of a computer |
US7533419B2 (en) * | 2004-10-29 | 2009-05-12 | Microsoft Corporation | Human interactive proof service |
US8239937B2 (en) * | 2004-12-16 | 2012-08-07 | Pinoptic Limited | User validation using images |
US7793259B2 (en) * | 2005-03-02 | 2010-09-07 | Microsoft Corporation | System and method for managing user interaction data in a networked environment |
WO2006102354A2 (en) | 2005-03-22 | 2006-09-28 | Ticketmaster | Apparatus and methods for providing queue messaging over a network |
US9608929B2 (en) | 2005-03-22 | 2017-03-28 | Live Nation Entertainment, Inc. | System and method for dynamic queue management using queue protocols |
US9762685B2 (en) | 2005-04-27 | 2017-09-12 | Live Nation Entertainment, Inc. | Location-based task execution for enhanced data access |
US20140379390A1 (en) | 2013-06-20 | 2014-12-25 | Live Nation Entertainment, Inc. | Location-based presentations of ticket opportunities |
US7603552B1 (en) | 2005-05-04 | 2009-10-13 | Mcafee, Inc. | Piracy prevention using unique module translation |
US20060288226A1 (en) * | 2005-06-15 | 2006-12-21 | Stelor Productions, Llc. | System and method for establishing and authorizing a security code |
JP2007004656A (ja) * | 2005-06-27 | 2007-01-11 | Toshiba Corp | サーバ装置、方法およびプログラム |
US7945952B1 (en) * | 2005-06-30 | 2011-05-17 | Google Inc. | Methods and apparatuses for presenting challenges to tell humans and computers apart |
US7856661B1 (en) | 2005-07-14 | 2010-12-21 | Mcafee, Inc. | Classification of software on networked systems |
GB2429094B (en) * | 2005-08-09 | 2010-08-25 | Royal Bank Of Scotland Group P | Online transaction systems and methods |
US7562221B2 (en) * | 2005-09-21 | 2009-07-14 | Rsa Security Inc. | Authentication method and apparatus utilizing proof-of-authentication module |
US7748034B2 (en) * | 2005-10-12 | 2010-06-29 | Cisco Technology, Inc. | Strong anti-replay protection for IP traffic sent point to point or multi-cast to large groups |
US7929805B2 (en) * | 2006-01-31 | 2011-04-19 | The Penn State Research Foundation | Image-based CAPTCHA generation system |
US7757269B1 (en) | 2006-02-02 | 2010-07-13 | Mcafee, Inc. | Enforcing alignment of approved changes and deployed changes in the software change life-cycle |
US8572381B1 (en) * | 2006-02-06 | 2013-10-29 | Cisco Technology, Inc. | Challenge protected user queries |
CA2637184C (en) | 2006-02-07 | 2016-08-16 | Ticketmaster | Methods and systems for reducing burst usage of a networked computer system |
US7721107B2 (en) * | 2006-02-10 | 2010-05-18 | Palo Alto Research Center Incorporated | Physical token for supporting verification of human presence in an online environment |
US7895573B1 (en) | 2006-03-27 | 2011-02-22 | Mcafee, Inc. | Execution environment file inventory |
US7870387B1 (en) | 2006-04-07 | 2011-01-11 | Mcafee, Inc. | Program-based authorization |
US8352930B1 (en) | 2006-04-24 | 2013-01-08 | Mcafee, Inc. | Software modification by group to minimize breakage |
US7542973B2 (en) * | 2006-05-01 | 2009-06-02 | Sap, Aktiengesellschaft | System and method for performing configurable matching of similar data in a data repository |
US7672942B2 (en) * | 2006-05-01 | 2010-03-02 | Sap, Ag | Method and apparatus for matching non-normalized data values |
CN101467173A (zh) | 2006-05-09 | 2009-06-24 | 票务专家公司 | 用于进入控制和处理的装置 |
US8555404B1 (en) | 2006-05-18 | 2013-10-08 | Mcafee, Inc. | Connectivity-based authorization |
CA2658979A1 (en) | 2006-07-12 | 2008-01-17 | Arbitron Inc. | Methods and systems for compliance confirmation and incentives |
US20080049969A1 (en) * | 2006-08-25 | 2008-02-28 | Jason David Koziol | Methods And Systems For Generating A Symbol Identification Challenge For An Automated Agent |
US8631467B2 (en) * | 2006-09-01 | 2014-01-14 | Ebay Inc. | Contextual visual challenge image for user verification |
US8131611B2 (en) * | 2006-12-28 | 2012-03-06 | International Business Machines Corporation | Statistics based method for neutralizing financial impact of click fraud |
US9424154B2 (en) | 2007-01-10 | 2016-08-23 | Mcafee, Inc. | Method of and system for computer system state checks |
US8332929B1 (en) | 2007-01-10 | 2012-12-11 | Mcafee, Inc. | Method and apparatus for process enforced configuration management |
US20080209223A1 (en) * | 2007-02-27 | 2008-08-28 | Ebay Inc. | Transactional visual challenge image for user verification |
US8683549B2 (en) * | 2007-03-23 | 2014-03-25 | Microsoft Corporation | Secure data storage and retrieval incorporating human participation |
US8983051B2 (en) | 2007-04-03 | 2015-03-17 | William F. Barton | Outgoing call classification and disposition |
US8131556B2 (en) | 2007-04-03 | 2012-03-06 | Microsoft Corporation | Communications using different modalities |
US7671567B2 (en) * | 2007-06-15 | 2010-03-02 | Tesla Motors, Inc. | Multi-mode charging system for an electric vehicle |
US20090012855A1 (en) * | 2007-07-06 | 2009-01-08 | Yahoo! Inc. | System and method of using captchas as ads |
US8495727B2 (en) * | 2007-08-07 | 2013-07-23 | Microsoft Corporation | Spam reduction in real time communications by human interaction proof |
US7849133B2 (en) | 2007-08-07 | 2010-12-07 | Ticketmaster, Llc | Systems and methods for providing resource allocation in a networked environment |
US20090150983A1 (en) * | 2007-08-27 | 2009-06-11 | Infosys Technologies Limited | System and method for monitoring human interaction |
US9807096B2 (en) | 2014-12-18 | 2017-10-31 | Live Nation Entertainment, Inc. | Controlled token distribution to protect against malicious data and resource access |
US20090083826A1 (en) * | 2007-09-21 | 2009-03-26 | Microsoft Corporation | Unsolicited communication management via mobile device |
US9747598B2 (en) * | 2007-10-02 | 2017-08-29 | Iii Holdings 1, Llc | Dynamic security code push |
US8631503B2 (en) | 2007-10-03 | 2014-01-14 | Ebay Inc. | System and methods for key challenge validation |
US8280993B2 (en) * | 2007-10-04 | 2012-10-02 | Yahoo! Inc. | System and method for detecting Internet bots |
WO2009050407A2 (fr) * | 2007-10-04 | 2009-04-23 | France Telecom | Procede de communication sur un reseau au moyen d'un serveur mettant en oeuvre un test |
US8195931B1 (en) | 2007-10-31 | 2012-06-05 | Mcafee, Inc. | Application change control |
US8265396B2 (en) * | 2007-12-12 | 2012-09-11 | International Business Machines Corporation | Data entry retrieval |
US8701189B2 (en) | 2008-01-31 | 2014-04-15 | Mcafee, Inc. | Method of and system for computer system denial-of-service protection |
US8869238B2 (en) * | 2008-02-06 | 2014-10-21 | Ca, Inc. | Authentication using a turing test to block automated attacks |
US20090204819A1 (en) * | 2008-02-07 | 2009-08-13 | Microsoft Corporation | Advertisement-based human interactive proof |
US20090210937A1 (en) * | 2008-02-15 | 2009-08-20 | Alexander Kraft | Captcha advertising |
EP2098971A1 (en) * | 2008-03-04 | 2009-09-09 | Nagravision S.A. | Method for compensating a viewer of a broadcast programme for his presence during part of said broadcast programme |
US20090235178A1 (en) * | 2008-03-12 | 2009-09-17 | International Business Machines Corporation | Method, system, and computer program for performing verification of a user |
US8615502B2 (en) | 2008-04-18 | 2013-12-24 | Mcafee, Inc. | Method of and system for reverse mapping vnode pointers |
US7516220B1 (en) | 2008-05-15 | 2009-04-07 | International Business Machines Corporation | Method and system for detecting and deterring robot access of web-based interfaces by using minimum expected human response time |
US20090297064A1 (en) * | 2008-05-30 | 2009-12-03 | Koziol Jason D | Method and system for generating a representation symbol as an identification challenge |
US8627407B1 (en) * | 2008-06-27 | 2014-01-07 | Symantec Corporation | Systems and methods for preventing unauthorized modification of network resources |
US20090328163A1 (en) * | 2008-06-28 | 2009-12-31 | Yahoo! Inc. | System and method using streaming captcha for online verification |
US20100046790A1 (en) * | 2008-08-22 | 2010-02-25 | Koziol Anthony R | Method and system for generating a symbol identification challenge |
US8433785B2 (en) * | 2008-09-16 | 2013-04-30 | Yahoo! Inc. | System and method for detecting internet bots |
US8544003B1 (en) | 2008-12-11 | 2013-09-24 | Mcafee, Inc. | System and method for managing virtual machine configurations |
EP2200199A1 (en) | 2008-12-19 | 2010-06-23 | Nagravision S.A. | A method for documenting viewing activity of a viewer of a broadcast program content |
US8751628B2 (en) | 2009-05-05 | 2014-06-10 | Suboti, Llc | System and method for processing user interface events |
US8832257B2 (en) | 2009-05-05 | 2014-09-09 | Suboti, Llc | System, method and computer readable medium for determining an event generator type |
US20100302255A1 (en) * | 2009-05-26 | 2010-12-02 | Dynamic Representation Systems, LLC-Part VII | Method and system for generating a contextual segmentation challenge for an automated agent |
US8381284B2 (en) | 2009-08-21 | 2013-02-19 | Mcafee, Inc. | System and method for enforcing security policies in a virtual environment |
US8341627B2 (en) | 2009-08-21 | 2012-12-25 | Mcafee, Inc. | Method and system for providing user space address protection from writable memory area in a virtual environment |
US20110047055A1 (en) * | 2009-08-24 | 2011-02-24 | Maximillian Funk | Dynamic Computer-Based Information Management System |
US20110081640A1 (en) * | 2009-10-07 | 2011-04-07 | Hsia-Yen Tseng | Systems and Methods for Protecting Websites from Automated Processes Using Visually-Based Children's Cognitive Tests |
US9552497B2 (en) | 2009-11-10 | 2017-01-24 | Mcafee, Inc. | System and method for preventing data loss using virtual machine wrapped applications |
US8707453B2 (en) * | 2010-01-29 | 2014-04-22 | Christopher Liam Ivey | System and method for restricting access to a computer system to live persons by means of semantic association of images |
US9213821B2 (en) * | 2010-02-24 | 2015-12-15 | Infosys Limited | System and method for monitoring human interaction |
US8209743B1 (en) * | 2010-03-09 | 2012-06-26 | Facebook, Inc. | CAPTCHA image scramble |
TW201131417A (en) * | 2010-03-15 | 2011-09-16 | F2Ware Inc | CAPTCHA (completely automated public test to tell computers and humans apart) data generation methods and related data management systems and computer program products thereof |
US9781170B2 (en) | 2010-06-15 | 2017-10-03 | Live Nation Entertainment, Inc. | Establishing communication links using routing protocols |
US10096161B2 (en) | 2010-06-15 | 2018-10-09 | Live Nation Entertainment, Inc. | Generating augmented reality images using sensor and location data |
AU2011268420B2 (en) | 2010-06-15 | 2014-05-01 | Ticketmaster, Llc | Methods and systems for computer aided event and venue setup and modeling and interactive maps |
US8938800B2 (en) | 2010-07-28 | 2015-01-20 | Mcafee, Inc. | System and method for network level protection against malicious software |
US8925101B2 (en) | 2010-07-28 | 2014-12-30 | Mcafee, Inc. | System and method for local protection against malicious software |
US8549003B1 (en) | 2010-09-12 | 2013-10-01 | Mcafee, Inc. | System and method for clustering host inventories |
US20120102536A1 (en) * | 2010-10-26 | 2012-04-26 | Samuel Der-Kazaryan | Method and Apparatus for Interaction Between Parties in a Commercial Transaction |
US10476873B2 (en) | 2010-11-29 | 2019-11-12 | Biocatch Ltd. | Device, system, and method of password-less user authentication and password-less detection of user identity |
US9483292B2 (en) | 2010-11-29 | 2016-11-01 | Biocatch Ltd. | Method, device, and system of differentiating between virtual machine and non-virtualized device |
US11269977B2 (en) | 2010-11-29 | 2022-03-08 | Biocatch Ltd. | System, apparatus, and method of collecting and processing data in electronic devices |
US9547766B2 (en) * | 2010-11-29 | 2017-01-17 | Biocatch Ltd. | Device, system, and method of detecting malicious automatic script and code injection |
US8938787B2 (en) * | 2010-11-29 | 2015-01-20 | Biocatch Ltd. | System, device, and method of detecting identity of a user of a mobile electronic device |
US10164985B2 (en) | 2010-11-29 | 2018-12-25 | Biocatch Ltd. | Device, system, and method of recovery and resetting of user authentication factor |
US9450971B2 (en) * | 2010-11-29 | 2016-09-20 | Biocatch Ltd. | Device, system, and method of visual login and stochastic cryptography |
US10032010B2 (en) | 2010-11-29 | 2018-07-24 | Biocatch Ltd. | System, device, and method of visual login and stochastic cryptography |
US9621567B2 (en) * | 2010-11-29 | 2017-04-11 | Biocatch Ltd. | Device, system, and method of detecting hardware components |
US11210674B2 (en) | 2010-11-29 | 2021-12-28 | Biocatch Ltd. | Method, device, and system of detecting mule accounts and accounts used for money laundering |
US10897482B2 (en) | 2010-11-29 | 2021-01-19 | Biocatch Ltd. | Method, device, and system of back-coloring, forward-coloring, and fraud detection |
US10747305B2 (en) | 2010-11-29 | 2020-08-18 | Biocatch Ltd. | Method, system, and device of authenticating identity of a user of an electronic device |
US10917431B2 (en) | 2010-11-29 | 2021-02-09 | Biocatch Ltd. | System, method, and device of authenticating a user based on selfie image or selfie video |
US11223619B2 (en) | 2010-11-29 | 2022-01-11 | Biocatch Ltd. | Device, system, and method of user authentication based on user-specific characteristics of task performance |
US9526006B2 (en) * | 2010-11-29 | 2016-12-20 | Biocatch Ltd. | System, method, and device of detecting identity of a user of an electronic device |
US10069837B2 (en) | 2015-07-09 | 2018-09-04 | Biocatch Ltd. | Detection of proxy server |
US10949514B2 (en) | 2010-11-29 | 2021-03-16 | Biocatch Ltd. | Device, system, and method of differentiating among users based on detection of hardware components |
US10262324B2 (en) | 2010-11-29 | 2019-04-16 | Biocatch Ltd. | System, device, and method of differentiating among users based on user-specific page navigation sequence |
US10685355B2 (en) | 2016-12-04 | 2020-06-16 | Biocatch Ltd. | Method, device, and system of detecting mule accounts and accounts used for money laundering |
US10055560B2 (en) | 2010-11-29 | 2018-08-21 | Biocatch Ltd. | Device, method, and system of detecting multiple users accessing the same account |
US10776476B2 (en) | 2010-11-29 | 2020-09-15 | Biocatch Ltd. | System, device, and method of visual login |
US10621585B2 (en) | 2010-11-29 | 2020-04-14 | Biocatch Ltd. | Contextual mapping of web-pages, and generation of fraud-relatedness score-values |
US10586036B2 (en) | 2010-11-29 | 2020-03-10 | Biocatch Ltd. | System, device, and method of recovery and resetting of user authentication factor |
US10298614B2 (en) * | 2010-11-29 | 2019-05-21 | Biocatch Ltd. | System, device, and method of generating and managing behavioral biometric cookies |
US9665703B2 (en) * | 2010-11-29 | 2017-05-30 | Biocatch Ltd. | Device, system, and method of detecting user identity based on inter-page and intra-page navigation patterns |
US10404729B2 (en) | 2010-11-29 | 2019-09-03 | Biocatch Ltd. | Device, method, and system of generating fraud-alerts for cyber-attacks |
US9069942B2 (en) * | 2010-11-29 | 2015-06-30 | Avi Turgeman | Method and device for confirming computer end-user identity |
US10037421B2 (en) | 2010-11-29 | 2018-07-31 | Biocatch Ltd. | Device, system, and method of three-dimensional spatial user authentication |
US10834590B2 (en) | 2010-11-29 | 2020-11-10 | Biocatch Ltd. | Method, device, and system of differentiating between a cyber-attacker and a legitimate user |
US9275337B2 (en) * | 2010-11-29 | 2016-03-01 | Biocatch Ltd. | Device, system, and method of detecting user identity based on motor-control loop model |
US10395018B2 (en) | 2010-11-29 | 2019-08-27 | Biocatch Ltd. | System, method, and device of detecting identity of a user and authenticating a user |
US10949757B2 (en) | 2010-11-29 | 2021-03-16 | Biocatch Ltd. | System, device, and method of detecting user identity based on motor-control loop model |
US10069852B2 (en) | 2010-11-29 | 2018-09-04 | Biocatch Ltd. | Detection of computerized bots and automated cyber-attack modules |
US9477826B2 (en) * | 2010-11-29 | 2016-10-25 | Biocatch Ltd. | Device, system, and method of detecting multiple users accessing the same account |
US10474815B2 (en) | 2010-11-29 | 2019-11-12 | Biocatch Ltd. | System, device, and method of detecting malicious automatic script and code injection |
US10970394B2 (en) | 2017-11-21 | 2021-04-06 | Biocatch Ltd. | System, device, and method of detecting vishing attacks |
US10728761B2 (en) | 2010-11-29 | 2020-07-28 | Biocatch Ltd. | Method, device, and system of detecting a lie of a user who inputs data |
US20190158535A1 (en) * | 2017-11-21 | 2019-05-23 | Biocatch Ltd. | Device, System, and Method of Detecting Vishing Attacks |
US10083439B2 (en) | 2010-11-29 | 2018-09-25 | Biocatch Ltd. | Device, system, and method of differentiating over multiple accounts between legitimate user and cyber-attacker |
US9582609B2 (en) | 2010-12-27 | 2017-02-28 | Infosys Limited | System and a method for generating challenges dynamically for assurance of human interaction |
US9075993B2 (en) | 2011-01-24 | 2015-07-07 | Mcafee, Inc. | System and method for selectively grouping and managing program files |
US9112830B2 (en) | 2011-02-23 | 2015-08-18 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
US8918849B2 (en) * | 2011-05-12 | 2014-12-23 | Konvax Corporation | Secure user credential control |
DE102011105407A1 (de) | 2011-06-22 | 2012-12-27 | Robert Brenninkmeijer | Verfahren und System zur Übertragung einer Nachricht |
US10558789B2 (en) * | 2011-08-05 | 2020-02-11 | [24]7.ai, Inc. | Creating and implementing scalable and effective multimedia objects with human interaction proof (HIP) capabilities, with challenges comprising different levels of difficulty based on the degree on suspiciousness |
US9621528B2 (en) | 2011-08-05 | 2017-04-11 | 24/7 Customer, Inc. | Creating and implementing scalable and effective multimedia objects with human interaction proof (HIP) capabilities, with challenges comprising secret question and answer created by user, and advertisement corresponding to the secret question |
US9594881B2 (en) | 2011-09-09 | 2017-03-14 | Mcafee, Inc. | System and method for passive threat detection using virtual memory inspection |
US8694738B2 (en) | 2011-10-11 | 2014-04-08 | Mcafee, Inc. | System and method for critical address space protection in a hypervisor environment |
US9069586B2 (en) | 2011-10-13 | 2015-06-30 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US8973144B2 (en) | 2011-10-13 | 2015-03-03 | Mcafee, Inc. | System and method for kernel rootkit protection in a hypervisor environment |
US8713668B2 (en) | 2011-10-17 | 2014-04-29 | Mcafee, Inc. | System and method for redirected firewall discovery in a network environment |
US8800024B2 (en) | 2011-10-17 | 2014-08-05 | Mcafee, Inc. | System and method for host-initiated firewall discovery in a network environment |
US20130106894A1 (en) | 2011-10-31 | 2013-05-02 | Elwha LLC, a limited liability company of the State of Delaware | Context-sensitive query enrichment |
US9332363B2 (en) | 2011-12-30 | 2016-05-03 | The Nielsen Company (Us), Llc | System and method for determining meter presence utilizing ambient fingerprints |
EP2826202B1 (en) | 2012-02-07 | 2016-10-26 | Visa International Service Association | Mobile human challenge-response test |
CN102612032A (zh) * | 2012-03-22 | 2012-07-25 | 东方通信股份有限公司 | 一种应用于移动终端的图形化验证方法及系统 |
US8739272B1 (en) | 2012-04-02 | 2014-05-27 | Mcafee, Inc. | System and method for interlocking a host and a gateway |
US9258306B2 (en) | 2012-05-11 | 2016-02-09 | Infosys Limited | Methods for confirming user interaction in response to a request for a computer provided service and devices thereof |
US8789139B2 (en) * | 2012-12-20 | 2014-07-22 | Hewlett-Packard Development Company, L.P. | Automated test to tell computers and humans apart |
US8973146B2 (en) | 2012-12-27 | 2015-03-03 | Mcafee, Inc. | Herd based scan avoidance system in a network environment |
CN105580023B (zh) | 2013-10-24 | 2019-08-16 | 迈克菲股份有限公司 | 网络环境中的代理辅助的恶意应用阻止 |
US9363264B2 (en) * | 2013-11-25 | 2016-06-07 | At&T Intellectual Property I, L.P. | Networked device access control |
US9213825B1 (en) * | 2014-02-21 | 2015-12-15 | American Megatrends, Inc. | User authentication using two-dimensional barcodes |
US10176153B1 (en) * | 2014-09-25 | 2019-01-08 | Amazon Technologies, Inc. | Generating custom markup content to deter robots |
GB2539705B (en) | 2015-06-25 | 2017-10-25 | Aimbrain Solutions Ltd | Conditional behavioural biometrics |
GB2552032B (en) | 2016-07-08 | 2019-05-22 | Aimbrain Solutions Ltd | Step-up authentication |
US10198122B2 (en) | 2016-09-30 | 2019-02-05 | Biocatch Ltd. | System, device, and method of estimating force applied to a touch surface |
US10579784B2 (en) | 2016-11-02 | 2020-03-03 | Biocatch Ltd. | System, device, and method of secure utilization of fingerprints for user authentication |
US10397262B2 (en) | 2017-07-20 | 2019-08-27 | Biocatch Ltd. | Device, system, and method of detecting overlay malware |
CN111522619B (zh) * | 2020-05-03 | 2023-11-10 | 渴创技术(深圳)有限公司 | 基于软件类型和鼠标指针位置自动降低扩展屏幕刷新频率方法 |
US11606353B2 (en) | 2021-07-22 | 2023-03-14 | Biocatch Ltd. | System, device, and method of generating and utilizing one-time passwords |
Family Cites Families (51)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4695966A (en) | 1984-03-22 | 1987-09-22 | Sharp Kabushiki Kaisha | Image processing device |
US4949391A (en) | 1986-09-26 | 1990-08-14 | Everex Ti Corporation | Adaptive image acquisition system |
US6643656B2 (en) * | 1991-07-31 | 2003-11-04 | Richard Esty Peterson | Computerized information retrieval system |
JP3164617B2 (ja) | 1991-11-07 | 2001-05-08 | 株式会社日立製作所 | 文字図形変形処理装置および方法 |
DE19633724A1 (de) * | 1996-08-21 | 1998-02-26 | Baasel Scheel Lasergraphics Gm | Kopiergeschützter Sicherheitsdruck |
US6209104B1 (en) * | 1996-12-10 | 2001-03-27 | Reza Jalili | Secure data entry and visual authentication system and method |
JP4013286B2 (ja) | 1997-01-22 | 2007-11-28 | 松下電器産業株式会社 | 画像符号化装置と画像復号化装置 |
US6618117B2 (en) * | 1997-07-12 | 2003-09-09 | Silverbrook Research Pty Ltd | Image sensing apparatus including a microcontroller |
AUPO793897A0 (en) * | 1997-07-15 | 1997-08-07 | Silverbrook Research Pty Ltd | Image processing method and apparatus (ART25) |
US7050143B1 (en) * | 1998-07-10 | 2006-05-23 | Silverbrook Research Pty Ltd | Camera system with computer language interpreter |
US6037984A (en) | 1997-12-24 | 2000-03-14 | Sarnoff Corporation | Method and apparatus for embedding a watermark into a digital image or image sequence |
US6195698B1 (en) | 1998-04-13 | 2001-02-27 | Compaq Computer Corporation | Method for selectively restricting access to computer systems |
US6292575B1 (en) | 1998-07-20 | 2001-09-18 | Lau Technologies | Real-time facial recognition and verification system |
US6243093B1 (en) * | 1998-09-14 | 2001-06-05 | Microsoft Corporation | Methods, apparatus and data structures for providing a user interface, which exploits spatial memory in three-dimensions, to objects and which visually groups matching objects |
US6829748B1 (en) | 1998-11-27 | 2004-12-07 | Canon Kabushiki Kaisha | Automatic kerning of text |
WO2000041103A1 (en) * | 1998-12-31 | 2000-07-13 | Perfecto Technologies Ltd. | Method and system for discriminating a human action from a computerized action |
US6721423B1 (en) | 1999-01-28 | 2004-04-13 | Ross J. Anderson | Lost cost countermeasures against compromising electromagnetic computer emanations |
US6397355B1 (en) * | 1999-03-29 | 2002-05-28 | International Business Machines Corporation | System, method, and program for automatic error detection while utilizing a software state machine for carrying out the process flow of a software program |
US6405203B1 (en) * | 1999-04-21 | 2002-06-11 | Research Investment Network, Inc. | Method and program product for preventing unauthorized users from using the content of an electronic storage medium |
US6895507B1 (en) * | 1999-07-02 | 2005-05-17 | Time Certain, Llc | Method and system for determining and maintaining trust in digital data files with certifiable time |
AUPQ278799A0 (en) * | 1999-09-13 | 1999-10-07 | Telstra R & D Management Pty Ltd | An access control method |
US20010037468A1 (en) | 2000-04-11 | 2001-11-01 | Gaddis M. Norton | Method and apparatus for creating unique image passwords |
US6763515B1 (en) * | 2000-06-05 | 2004-07-13 | National Instruments Corporation | System and method for automatically generating a graphical program to perform an image processing algorithm |
US6868539B1 (en) * | 2000-06-28 | 2005-03-15 | Microsoft Corp. | System and method providing single application image |
US6947557B1 (en) * | 2000-08-14 | 2005-09-20 | International Business Machines Corporation | Method and program product for maintaining security of publicly distributed information |
EP1404532B1 (en) | 2001-07-11 | 2011-09-21 | Ecole Polytechnique Fédérale de Lausanne (EPFL) | Images incorporating microstructures |
US7383570B2 (en) * | 2002-04-25 | 2008-06-03 | Intertrust Technologies, Corp. | Secure authentication systems and methods |
US7149899B2 (en) | 2002-04-25 | 2006-12-12 | Intertrust Technologies Corp. | Establishing a secure channel with a human user |
US20030204569A1 (en) * | 2002-04-29 | 2003-10-30 | Michael R. Andrews | Method and apparatus for filtering e-mail infected with a previously unidentified computer virus |
US7139916B2 (en) | 2002-06-28 | 2006-11-21 | Ebay, Inc. | Method and system for monitoring user interaction with a computer |
US6886863B1 (en) * | 2002-12-19 | 2005-05-03 | The Standard Register Company | Secure document with self-authenticating, encryptable font |
US7856477B2 (en) | 2003-04-04 | 2010-12-21 | Yahoo! Inc. | Method and system for image verification to prevent messaging abuse |
US20050140675A1 (en) | 2003-08-06 | 2005-06-30 | Billingsley Eric N. | Method and system to generate an image for monitoring user interaction with a computer |
US7725395B2 (en) | 2003-09-19 | 2010-05-25 | Microsoft Corp. | System and method for devising a human interactive proof that determines whether a remote client is a human or a computer program |
US7197646B2 (en) * | 2003-12-19 | 2007-03-27 | Disney Enterprises, Inc. | System and method for preventing automated programs in a network |
US7430720B2 (en) | 2004-03-05 | 2008-09-30 | America Online, Inc. | System and method for preventing screen-scrapers from extracting user screen names |
US7505946B2 (en) * | 2004-03-31 | 2009-03-17 | Microsoft Corporation | High performance content alteration architecture and techniques |
US7533419B2 (en) * | 2004-10-29 | 2009-05-12 | Microsoft Corporation | Human interactive proof service |
US8255223B2 (en) * | 2004-12-03 | 2012-08-28 | Microsoft Corporation | User authentication by combining speaker verification and reverse turing test |
US7200576B2 (en) * | 2005-06-20 | 2007-04-03 | Microsoft Corporation | Secure online transactions using a captcha image as a watermark |
US20070026372A1 (en) * | 2005-07-27 | 2007-02-01 | Huelsbergen Lorenz F | Method for providing machine access security by deciding whether an anonymous responder is a human or a machine using a human interactive proof |
GB2429094B (en) | 2005-08-09 | 2010-08-25 | Royal Bank Of Scotland Group P | Online transaction systems and methods |
US7300058B2 (en) * | 2005-10-26 | 2007-11-27 | Ogilvie John W | Rewarding detection of notable nonrandom patterns in games |
US7756289B2 (en) | 2006-03-22 | 2010-07-13 | Ancestry.Com Operations Inc. | Image watermarking systems and methods |
US7552467B2 (en) * | 2006-04-24 | 2009-06-23 | Jeffrey Dean Lindsay | Security systems for protecting an asset |
US20080050018A1 (en) * | 2006-08-25 | 2008-02-28 | Jason Koziol | Method for generating dynamic representations for visual tests to distinguish between humans and computers |
US8631467B2 (en) | 2006-09-01 | 2014-01-14 | Ebay Inc. | Contextual visual challenge image for user verification |
US8019127B2 (en) * | 2006-09-13 | 2011-09-13 | George Mason Intellectual Properties, Inc. | Image based turing test |
EP2605171B1 (en) | 2007-01-23 | 2016-03-30 | Carnegie Mellon University | Controlling access to computer systems and annotating media files |
US20080209223A1 (en) * | 2007-02-27 | 2008-08-28 | Ebay Inc. | Transactional visual challenge image for user verification |
US8631503B2 (en) * | 2007-10-03 | 2014-01-14 | Ebay Inc. | System and methods for key challenge validation |
-
2002
- 2002-06-28 US US10/186,637 patent/US7139916B2/en active Active
-
2003
- 2003-06-27 CN CNB03815384XA patent/CN100565451C/zh not_active Expired - Lifetime
- 2003-06-27 AU AU2003248752A patent/AU2003248752A1/en not_active Abandoned
- 2003-06-27 KR KR1020047021494A patent/KR100808434B1/ko active IP Right Grant
- 2003-06-27 EP EP03762197A patent/EP1540468A4/en not_active Withdrawn
- 2003-06-27 WO PCT/US2003/020457 patent/WO2004003736A1/en not_active Application Discontinuation
-
2006
- 2006-09-19 US US11/533,250 patent/US7770209B2/en active Active
-
2010
- 2010-08-02 US US12/848,895 patent/US8341699B2/en not_active Expired - Lifetime
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101534196A (zh) * | 2008-03-12 | 2009-09-16 | 因特伟特公司 | 用于安全调用rest api的方法和装置 |
CN101534196B (zh) * | 2008-03-12 | 2014-09-03 | 因特伟特公司 | 用于安全调用rest api的方法和装置 |
CN106789997A (zh) * | 2016-12-12 | 2017-05-31 | 中国传媒大学 | 一种防重放攻击的加密方法 |
CN106789997B (zh) * | 2016-12-12 | 2020-01-17 | 中国传媒大学 | 一种防重放攻击的加密方法 |
Also Published As
Publication number | Publication date |
---|---|
KR100808434B1 (ko) | 2008-02-29 |
US7770209B2 (en) | 2010-08-03 |
US20070074154A1 (en) | 2007-03-29 |
US20040003258A1 (en) | 2004-01-01 |
KR20050058296A (ko) | 2005-06-16 |
CN100565451C (zh) | 2009-12-02 |
AU2003248752A1 (en) | 2004-01-19 |
EP1540468A4 (en) | 2007-10-24 |
US7139916B2 (en) | 2006-11-21 |
US8341699B2 (en) | 2012-12-25 |
US20110016511A1 (en) | 2011-01-20 |
EP1540468A1 (en) | 2005-06-15 |
AU2003248752A8 (en) | 2004-01-19 |
WO2004003736A1 (en) | 2004-01-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100565451C (zh) | 用于监控用户与计算机之间交互的方法和系统 | |
US11431702B2 (en) | Authenticating and authorizing users with JWT and tokenization | |
US20190312859A1 (en) | Authenticated bypass of default security countermeasures | |
US8566907B2 (en) | Multiple user login detection and response system | |
CN1998174A (zh) | 生成用于监视用户与计算机的交互的图像的方法和系统 | |
US20040006710A1 (en) | Computer security system | |
CN1506873A (zh) | 在全异的网域之间验证和传送可核实授权的方法和系统 | |
CA2833969C (en) | System and method for web-based security authentication | |
US20170034314A1 (en) | Validation associated with a form | |
CN1667542A (zh) | 在计算机系统上进行身份转换的系统和方法 | |
JPWO2003069490A1 (ja) | ユーザ認証方法およびユーザ認証システム | |
CN1608362A (zh) | 认证方法 | |
CN111371813B (zh) | 一种基于边缘计算的大数据网络数据防护方法及系统 | |
US9106624B2 (en) | System security for network resource access using cross firewall coded requests | |
CN104901951A (zh) | 一种Web应用中基于移动终端的密码数据处理与交互方法 | |
JP2002007345A (ja) | ユーザ認証方法 | |
CN113918977A (zh) | 基于物联网和大数据分析的用户信息传输装置 | |
CN116506206A (zh) | 基于零信任网络用户的大数据行为分析方法及系统 | |
CN107844290B (zh) | 基于数据流安全威胁分析的软件产品设计方法及装置 | |
CN102027728B (zh) | 用于战胜中间人计算机黑客技术的方法和系统 | |
KR100877593B1 (ko) | 랜덤하게 맵핑되는 가변 패스워드에 의한 인증 보안 방법 | |
CN116108416A (zh) | 一种应用程序接口安全防护方法及系统 | |
CN1856782B (zh) | 安全认证服务的方法 | |
US20220116220A1 (en) | Password management system and method | |
CN114268450A (zh) | 一种api接口认证方法及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C41 | Transfer of patent application or patent right or utility model | ||
TR01 | Transfer of patent right |
Effective date of registration: 20151104 Address after: California, USA Patentee after: PAYPAL, Inc. Address before: California, USA Patentee before: EBAY Inc. |
|
CX01 | Expiry of patent term |
Granted publication date: 20091202 |
|
CX01 | Expiry of patent term |