It can be necessary to verify that a user of a computer system is a person, as opposed to an entity mimicking a person such as a software agent. For example, this verification is required to detect and/or prevent abuse of resource such as free services available on the internet including: electronic mail services; forum databases; data lookup facilities; and commercial ticketing or quotation systems. Such services are prone to abuse since there may be no financial charge associated with use of the services (and therefore no payment information is required) and access to the services is typically via internet web pages including web forms which are easily navigated by automated agents. Such abuse can take the form of an automated agent consuming vast quantities of resource, misappropriating resources, abusing resources (such in the case of an internet email system used to generate many email addresses for the distribution of SPAM messages), or an automated website offering consolidated commercial quotations from multiple vendors by automatically obtaining quotations from individual vendor quotation systems.
One way to achieve the required verification is to request that a user interpret an obfuscated image of an alphanumerical code. For example, FIG. 1 illustrates an alphanumeric code which has been obfuscated in an attempt to verify that a user of a computer system is a person. The user is requested to interpret and input the alphanumeric code (which is “9R8Kmc” in this example, though such a code could equally consist solely of numeric or alphabetic characters). The drawback of this approach is that the alphanumeric code must always be legible enough for a person to interpret. As long as the code is legible in this sense, it is always going to be possible to provide a software system which is also able to decipher the code. For example, a software application which applies filters to aspects of the obfuscated image to reverse obfuscation of the code along with known approaches to character recognition, is conceivably able to interpret the code. Consequently, it has become necessary to increase a degree of obfuscation such that the alphanumeric code becomes increasingly distorted in order to reduce the risk of interpretation by a software agent. However, as the alphanumeric code is increasingly distorted, a risk that a human user is unable to interpret the code increases. A compromise must therefore be reached using this conventional approach between a satisfactory level of distortion of the alphanumeric code to avoid being cracked by a software agent versus a sufficiently low level of distortion to be interpretable by a human user. This balance represents a compromise in the effectiveness of the technique as a means for distinguishing human users from software agents.
US Pat. App. Pub. No. US2012/008432A1 discloses a time managed challenge-response test using a graphical pattern to reveal individual alphanumeric characters of an entry object, the pattern having an area free of graphical elements. The area free of graphical elements is moved in such a way as to reveal an entire portion of an entry object over a period of time. Approaches to human verification such as are disclosed in US2012/008432A1 in which a challenge is entirely revealed, whether momentarily or progressively over a period of time, are necessarily subject to deception by the likes of automated software agents since there is inherently a full disclosure of the challenge which is readily subjected to character recognition.
The robustness of moving-image object recognition CAPTCHAs (“Completely Automated Public Turing test to tell Computers and Humans Apart”) is considered in “Security and Usability of Moving-Object CAPTCHAs: Decoding Codewords in Motion” (Xu et al., 21st USENIX Security Symposium, 2012). Xu et al. present an automated attack to defeat moving image object recognition CAPTCHAs such as those provided by NUCaptcha (NUCaptcha is a trademark or registered trademark of Leap Companies). NUCaptcha provides human verification tests such as a streamed video containing moving text against a dynamic background. Xu et al. describe an attack involving: accessing a video stream; applying object tracking techniques to infer motion of salient feature points; extracting foreground pixels based on a measure of likelihood of a pixel belonging to a background; segmenting the foreground; and classifying candidate characters using a neural network based classifier. The classifier outputs a likelihood score that an image patch contains a character for feedback to the process.
Xu et al. further describe an approach named “Emerging CAPTCHAs” to mitigating such attacks based on the paper “Emerging Images” (Mitra et al., ACM Transactions on Graphics, 28(5), 2009). Mitra et al. describe the phenomenon of “Emergence” by which humans perceive objects in an image not by recognizing the object parts, but as a whole, all at once. Mitra et al. provide an algorithm for generating an image that remains recognizable to a human, while to a bot the image appears as a collection of meaningless patches. The algorithm of Mitra et al. involves: generating an “importance map” of importance values for each vertex in a mesh of a 3D geometry of a scene; rendering a subject using the importance map; generating “splat centers” (the centers of large dots known as “splats”) according to the importance map; perturbing or deleting patches along a silhouette of the subject; and adding clutter to the image using a cut-perturb-paste approach to hide the location of the emergence figure. Xu et al.'s Emerging CAPTCHAs are an adaptation of the approach of Mitra et al. to 2D characters instead of 3D objects. Xu et al. observes benefits of Emerging CAPTCHAs including a benefit that no single frame contains a codeword in a way that is easy to segment, and that, in each frame, there are not enough visual cues that help distinguish the characters from the background. Xu et al. conclude that the attack described in Xu et al. fails in respect of Emerging CAPTCHAs.
Despite the benefits of the approach of Xu et al. to generating Emerging CAPTCHAs, the generation process itself is a burdensome overhead. While it may be acceptable to render a moving video or animation CAPTCHA for transmission to a user over a network, as is undertaken by NUCaptcha, to undertake the full algorithm of Mitra et al. dynamically for each CAPTCHA is a considerable overhead, especially in view of a preference for CAPTCHAs to be individual, unique and/or random to prevent ready recognition. It would therefore be advantageous to provide a mechanism for verifying that a user of a computer system is a person, as opposed to an entity mimicking a person, which mechanism is not reliant upon increasing a degree of obfuscation of alphanumerics since these can potentially be interpreted by a software routine or are potentially not interpretable by a human user, and which mechanism does not suffer the burdens and disadvantages of Xu et al. and Mitra et al. including, inter alia, those disadvantages identified above.