1. Field of the Invention
One or more embodiments of the invention are related to the field of computer systems and security. More particularly, but not by way of limitation, one or more embodiments of the invention enable a system for providing trusted user access of computer systems for example that verifies trusted users and may allow trusted users to bypass challenge-response tests, while limiting access by automated processes and unwanted human challenge-response test solvers.
2. Description of the Related Art
Challenge-response tests are typically used to distinguish humans from computers to help combat automated access of computer systems. For example, current challenge-response tests are utilized to prevent spam by limiting automated access to online webmail accounts, as well as limiting automated postings to blogs, and other malicious automated online activities.
One type of challenge-response test is known as a CAPTCHA. The term CAPTCHA is an acronym that stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. Common forms of CAPTCHAs include images having distorted letters and numbers and require users to visually discern and enter the letters and numbers into a computer to gain access.
Spammers currently utilize computer systems with sophisticated algorithms in an attempt to defeat these types of CAPTCHAs. For example spammers have been known to utilize advanced optical character recognition (OCR) technology, specifically with respect to the “segmentation” of images into areas having one character and subsequent identification of each character.
More distortion has been used in the images to make it more difficult to OCR the images. The resulting images are unfortunately harder to read by humans.
In response, spammers and other malicious entities have been known to hire human challenge-response solvers, for example human CAPTCHA solvers for low wages in third world countries to solve the CAPTCHAs. Human based attacks are more costly than a fully automated attack. A hybrid attack is also used by spammers and other malicious entities that combines human CAPTCHA solvers and an automated attack. A hybrid attack is more costly than a fully automated attack, but less costly than a human based attack.
In an attempt to combat these human CAPTCHA solvers it has been attempted to require users to register for an account before using a particular computer service. Then, when accounts perform activity deemed malicious or otherwise undesired the account is temporarily or permanently locked. The problem with this solution is that creating subsequent accounts only requires the malicious user to solve a CAPTCHA and/or have a valid email address (which typically also only requires solving a CAPTCHA). So, the cost to the user to create subsequent accounts is the same as it was to create the initial account. As a result, if it were cost effective to create the initial account and perform the malicious activity then it will be cost effective to continue the process of creating subsequent accounts and performing the malicious activity. As such, the solution does not stop the malicious activity
There are no known solutions for bypassing challenge-response tests for trusted users that are cost effective and easy to create once, but costly and difficult to create multiple times. For at least the limitations described above there is a need for a system for providing trusted user access of computer systems that is cost effective and easy to create once, but costly and difficult to create multiple times and for example that verifies trusted users and may allow trusted users to bypass challenge-response tests, while limiting access by automated processes and unwanted human challenge-response test solvers.