Many computer users currently use various types of networked computing services that require a form of registration or authentication. Typically, registration for the service dictates that the user provide information, such as name, a user name, an address, a password, etc. Authentication for the service may include requiring the user to provide a user name and password. For many networked computing services, authentication may also require the user to establish that the user is a human being and that the user is in fact the authorized user for the service.
E-mail is an example of a networked computing service that is available to many users connected on a network. The user connects his or her computer to the Internet through an Internet Service Provider (“ISP”). The user can then open an e-mail account through any number of e-mail services. Many of these e-mail services have a registration process in which the user must provide information such as a name, a user name, an address, etc. in order to open an e-mail account. Once an e-mail account is opened, the computer user can then send and receive messages from other computer users that use the Internet.
A continuing problem facing Internet users is receiving e-mail called SPAM. SPAM is essentially junk e-mail that has relatively little worth to most e-mail users. E-mail users must spend a great deal of time looking through and deleting these unwanted e-mails from their mailboxes in order to keep their mailboxes from exceeding size limits imposed by ISP's. Further, SPAM expends a great deal of bandwidth on the Internet. A large number of resources are needed for transmitting and receiving junk e-mail. As a result, Internet resources that are used for more useful data flow have slower response times and are less efficient.
SPAM can be propagated in many different ways. One of the main causes of SPAM is computers that use scripts to impersonate users. During the registration process for an e-mail address, a computer can use a script to generate multiple e-mail addresses that do not even have a corresponding human user. These multiple e-mail addresses can then be used by the computer to send unwanted e-mail messages to other Internet users.
Computers can also be used to run scripts that send out multiple e-mail messages from a user generated e-mail address or from a script generated e-mail address to the same set of recipients. A computer user would take a great deal of time to send out a large number of e-mail messages to a set of recipients. On the other hand, a computer running a script can transmit e-mail messages at the speed that it would take thousands of computer users to perform the same task in the same amount of time.
Another area of services in which scripts pose a large problem is internet voting services and Internet contests. The Internet has many web pages in which users can participate in a poll. For instance, users can vote for their favorite musician, artist, athlete, etc. The user can always return to the web page and vote another time, but the chances are small that most users will bother trying to vote again. However, a computer can use a script to vote a large number of times in a very small amount of time. The result is that the voting results are skewed a by a large amount. Further, a user that enters a contest will almost never win if a script places thousands of entries into the same contest.
While the above-mentioned examples of networked computing services are susceptible to automated programs, there are many other instances in which it is desirable to authenticate the user of the networked service and to establish that the user of the networked service is a human being.
A computer running a script is one class if invalid user. Another class of invalid user may be a human being that may have been hired to defeat the authentication process for a particular computer service. In such an instance, it is not only desirable that the authentication process be capable of defeating an automated script, but also that the authentication process be capable of discerning between the authorized human user and an unauthorized human being that is attempting to defeat the authentication process.
Some approaches to solving the problem of computers running scripts involve the use of authentication schemes. For instance, a randomly selected string can be modified so that only a human user will be able to guess the result. A string of text can be rearranged over a shaded background so that the user can pick out the text. The user is then required to type in the text that stands out from the background.
A number of problems exist with these types of authentication schemes. Computer users do not want to spend the time to perform tedious tasks such as typing in a string of text to authenticate themselves. Further, the static feature of this type of test allows more advanced image filtering programs to decipher the string. Finally, e-mail software that is dependent on a character set may make international deployment difficult. Further, while somewhat effective against an automated script, such an approach is ineffective against an unauthorized human being attempting to defeat the authentication process.