The advent of global communications networks such as the Internet has presented commercial opportunities for reaching vast numbers of potential customers. In the past several years, users have turned to the Internet as a reliable source of news, research resources, and various other types of information. In addition, online shopping, making dinner reservations, and buying concert and/or movie tickets are just a few of the common activities currently conducted while sitting in front of a computer by way of the Internet. However, the widespread use of the Internet by businesses as well as private consumers can lead to unwanted or even undesirable exposure to a variety of economic risks and/or security weaknesses.
With respect to online businesses, security and the validity of buyers making online purchases or reservations have become main concerns. For example, many restaurants provide an online reservation service wherein customers can make their reservations via the Internet using the restaurants' websites. Unfortunately, this system makes restaurant owners somewhat vulnerable to dinner service attacks—which are but one type of automated script attack. Such attacks occur when a computer makes several hundred, if not more, fake online reservations affecting a large number of restaurants. As a result of such an attack, these businesses can be interrupted or even damaged due to loss revenues, system repairs and clean-up costs, as well as the expenses associated with improving network security.
Another type of attack can be in the form of a spam attack. Spam attacks can be made to target one entity such as a particular business or thousands of users randomly selected according to their email addresses. In general, spam has become a fast-growing problem due to the rising popularity of email usage. As is well known, electronic messaging is becoming increasingly pervasive as a means for disseminating unwanted advertisements and promotions (e.g., spam) to network users. Widespread spam dissemination to hundreds or thousands of users or even to a single entity at a time can be attributed to the use of automated actions taken by computers. For example, spammers can program computers to create or open dozens and dozens of different email accounts from legitimate message service providers such as on a daily or weekly basis. By doing this, they can ensure that their spam is delivered to as many recipients as possible, even if one or two accounts are shut down from time to time.
The Radicati Group, Inc., a consulting and market research firm, estimates that as of August 2002, two billion junk email messages are sent each day—this number is expected to triple every two years. Individuals and entities (e.g., businesses, government agencies) are becoming increasingly inconvenienced and oftentimes offended by spam (junk messages). As such, spam is now or soon will become a major threat to trustworthy computing.
Moreover, the rapid growth and development of the Internet has introduced new avenues for fraudulent, disruptive, and/or damaging activities to occur. As a means to thwart spam and automated script attacks, some online businesses as well as messaging services have implemented the use of computational challenges or human interactive proofs (HIPs). Such techniques allow computers to distinguish human users from computer users.
Work on distinguishing between computers and humans traces back to the original Turing Test which asks that a human distinguish between another human and a machine by asking questions of both. Recent interest has turned to developing systems that allow a computer to distinguish between another computer and a human to enable the construction of automatic filters to prevent automated scripts from utilizing services intended for humans. Such systems have been termed Human Interactive Proofs (HIPs) or Completely Automated Public Turing Tests to Tell Computers and Humans Apart (CAPTCHAs). For example, HIPs can rely on recognizing characters that are placed along with noise and/or background wherein the challenge is to correctly identify all presented characters.
Unfortunately, the current HIP systems can be faulty in that characters placed together with random arcs may be arranged in such a way that the arcs interfere with human perception. Thus, it can be very difficult for humans to distinguish the characters. Hence, the conventional HIP can be rather ineffective at barring access to computers and granting access to humans.