Challenge response authentication is a type of test where one party presents a question (“challenge”) and another party must provide a valid answer (“response”) to be authenticated. Challenge response tests may be used in computing in an attempt to ensure that a response is generated by a human. For example, a Completely Automated Public Turing test to tell Computers and Humans Apart (“CAPTCHA”) test is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a human and not an automated computer program. The process usually involves one computer (e.g., a server computer) asking a user device to complete a simple test which the computer is able to generate and grade. Because other computers are assumed to be unable to solve the challenge response test, any user entering a correct solution is presumed to be human.
Challenge response tests attempting to ensure that a response is generated by a human (hereinafter, “human challenge response tests”) can generate challenges either randomly or using information from a data source. Random human challenge response tests generate challenges using random combinations of letters, numbers, and other data. However, random human challenge response tests can be difficult for humans to interpret because challenges are strange collections of numbers and letters that makes no sense to the human user. For example, a challenge message including the string, “wd243xe!asd” may be more difficult for a user to understand, identify, and replicate than a word or information they are familiar with. Furthermore, human challenge response tests typically include a distorted image of the underlying challenge, and the distortion combined with the unfamiliar nature of the random challenges make the challenges very difficult for humans to interpret accurately. This difficulty results in less accuracy by the system for determining which request is generated by a human and which is generated by an automated computer program. Accordingly, the unfamiliar or random human challenge response tests may lead to a less effective system because humans may be inaccurately identified as automated computer programs due to overly complex challenge messages comprising unfamiliar information.
Human challenge response tests generated from a data source generate a challenge using words or other data from a database. The source generated challenges can be easier to interpret for humans because humans can relate the collections of words or other existing data in the challenges to words or other data that they have likely seen before or are familiar with. However, human challenge response tests generated from a source must have a sufficiently large source database to provide nearly infinite variations of challenges in order to ensure that the system cannot be solved by an automated computer program designed to circumvent the human challenge response test system. Additionally, if a hacker or other malicious third party gains access to a source database, the hacker or third party may map the database to possible answers and may be able to circumvent or solve the human challenge response test data. Accordingly, there is a need for a sufficiently large and dynamic amount of data that may be large enough and refreshed frequently enough to circumvent any attempts by hackers to map or solve the human challenge response test delivery service.
Additionally, previous source derived human challenge response test systems may generate challenges from various data sources that a user may not be familiar with. Accordingly, it may be difficult for a user to solve the challenge even though they are human. As such, the accuracy and effectiveness of the system may be limited because the system may reject responses from humans, believing them to be automated computer programs. Therefore, it may be desirable to provide familiar challenge messages that a user may recognize from their past experiences.
Furthermore, some service providers may use human challenge response tests as part of an authentication procedure to ensure users that are attempting to gain access to account information or other secure information or are requesting a service are human as well as being the particular human associated with an account or user. However, in prior systems, multiple communication messages may be sent between a service provider and a human challenge response test delivery system. Accordingly, the authentication and human challenge response test processes may use more system resources and time, and may delay authorized users from accessing information and services. Accordingly, there is a need to provide a fast, efficient, and secure method of mutual authentication of a user and a system that additionally identifies a requestor or user as being human.
Embodiments of the present invention address these problems and other problems individually and collectively.