Browse Prior Art Database

Security adaptation based on accessibility specifications

IP.com Disclosure Number: IPCOM000177762D
Original Publication Date: 2008-Dec-30
Included in the Prior Art Database: 2008-Dec-30
Document File: 2 page(s) / 29K

Publishing Venue

IBM

Abstract

Security mechanisms such as CAPTCHA (Computer Automated Public Turing test to tell Computers and Humans Apart) are frequently employed on various e-commerce websites to prevent misuse of the site's services by automated software. However, it is well known that CAPTCHA security solutions have accessibility issues for people with disabilities. A typical method of handling this shortcoming is to include a link on the page which directs the disabled user to use other mechanisms such as telephone calls, etc. to complete the intended transaction. Thus, CAPTCHA solutions prevent people with disabilities from exploiting the services of a website, thereby excluding a whole class of users from experiencing the provided services. This disclosure proposes a method that automatically presents different CAPTCHAs such as audio, text, graphical, etc. based on the accessibility requirements of the end user.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Security adaptation based on accessibility specifications

Security mechanisms such as CAPTCHA (Computer Automated Public Turing test to tell Computers and Humans Apart) are frequently employed on various e-commerce websites to prevent misuse of the site's services by automated software. For example, ticketmaster.com uses a graphic-based CAPTCHA to ensure that malicious programs don't hold up reservations. Bank of America uses an image as the SiteKey for its customers to verify the site before any passcode is entered to prevent phishing scams.

However, it is well known that CAPTCHA security solutions have accessibility issues for people with disabilities. See "Inaccessibility of CAPTCHA" - http://www.w3.org/TR/turingtest. A typical method of handling this shortcoming is to include a link on the page which directs the disabled user to use other mechanisms such as telephone calls, etc. to complete the intended transaction. Thus, CAPTCHA solutions prevent people with disabilities from exploiting the services of a website, thereby excluding a whole class of users from experiencing the provided services.

This disclosure proposes a method that automatically presents different CAPTCHAs such as audio, text, graphical, etc. based on the accessibility requirements of the end user. In one embodiment of the method, the system could use the accessibility settings specified in the HTTP (Hypertext Transfer Protocol) header to automatically determine the type of CAPTCHA presented to the user. For example, if the user is visually impaired and the request from the client has accessibility attributes set (see for e.g., http://apache.webthing.com/mod

_accessibility/), the security system on the server will

choose a more appropriate type of CAPTCHA such as an audio-based or text-based CAPTCHA instead of a graphical one. Several different CAPTCHA associated solutions e...