Browse Prior Art Database

A Method or System to Block Auto-Submission

IP.com Disclosure Number: IPCOM000235759D
Publication Date: 2014-Mar-25
Document File: 7 page(s) / 772K

Publishing Venue

The IP.com Prior Art Database

Abstract

Network security is a serious issue. network intrusion occurring every day. One of them is simulating human’s submission.how to tell computer and human apart, currently CAPTCHA is used in largely scope. but CAPCHA also bring some other issues, such as bad user experinces, in this disclosure, we use eye movement to tell computer and human apart with better user experience and more security.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 7

A Method or System to Block Auto

A Method or System to Block Auto-

Currently, Network security is a serious issue. There are many network deception occurs every day. One of them is simulating human's submission. For example, hackers submit a payment request to your bank by controlling your computer or auto fill forms in by simulating operating system messages or end-user submit many dirty data using robot.

For these simulations, it is very difficult for service provider to judge the request is submitted from human or from robot. Then most of website blocks the auto submission by the following solution, but all of them can not solve core issue completely.


- Verification Code


Many website provide verification code to prove the submission from human not from robot. If end-user submits the form with the answer predefined in server, the system will think the request comes from human, or else, it will be thought as from robot. For example:


- Questions


Some services providers also use the questions to verify the submission from human or from robot. If end-user submits the form with correct answer, the system will think the request comes from human, or else, it will be thought as from robot. For example:

1

--Submission

Submission



Page 02 of 7


- Client App


To make the system more security, some services providers uses c/s architect to collect request from end-user, in those client apps, all data are encrypted and all submit are trusted, but service providers often received many dirty data if the end-user uses automation tools.

For verification code and questions, as graphical recognition and natural language processing improve, these methods will become less relevant. On the other hand, if hacker controls your computer, he knows everything in the forms, including verification code or questions, and then he can submit from your computer as you.

When end-user fills form in and submit his/here requests to services provider, s/he has to sit before her/his computer, and her/his eyes will move from one textbox to another textbox or button. Then here is the core innovation idea, we will use human's eye movement trail to judge submission is done by human or by simulation or robot.

When we use an application GUI, we know the position of textbox or checkbox which is needed to entry. Then we can define characteristic tracking points to describe the movement trail of eyes. When end-user entry the data in the required field, we can use tool to collect the movement trail of eyes, the movement trail of mouse and the characters from keyboard, if it the predefined characteristic tracking points exist in the collected detail completely or partly, then we can say it's from the human's submission, or else, it comes from simulation or robot.

Currently, there are some tools/apps to collect eye's movement trail accurately, based on these tools/apps, we can implement above innovation ideas as below, here are the main steps to implement this innova...