A smart system resistant to attacks
The system addresses vulnerabilities in CAPTCHA and IVR systems by generating deceptive visual and auditory challenges, ensuring security and user experience through hostile attack techniques, applicable to e-commerce, banking, and social media platforms.
Patent Information
- Authority / Receiving Office
- WO · WO
- Patent Type
- Applications
- Current Assignee / Owner
- TURKCELL TEKNOLOJI ARASTIRMA & GELISTIRME AS
- Filing Date
- 2024-12-24
- Publication Date
- 2026-06-18
AI Technical Summary
Existing security mechanisms, such as CAPTCHA and IVR systems, are vulnerable to automated attacks, compromising user security and experience, particularly for platforms like e-commerce, banking, and social media.
A system that generates CAPTCHAs using hostile attack techniques, integrating a database and server to create misleading visual and auditory challenges, employing noise and distortion to thwart optical character recognition and speech-to-text algorithms.
Enhances security by creating CAPTCHAs that are human-friendly but deceptive to automated systems, maintaining user experience while bolstering platform security.
Smart Images
Figure TR2024051708_18062026_PF_FP_ABST
Abstract
Description
[0001] A SMART SYSTEM RESISTANT TO ATTACKS
[0002] Technical Field
[0003] The present invention relates to a system for developing methods which are understandable to humans but misleading to algorithms, by implementing hostile attack techniques to visual and auditory verifications.
[0004] Background of the Invention
[0005] Today, when logging into websites and various digital systems, various security mechanisms are used to distinguish between human users and artificial entities (for example, bots). This distinction is critical, particularly in cases where automated systems may cause damage. Tests such as CAPTCHA (Completely Automated General Turing Test to Tell Computers and Humans Apart) are commonly used in order to verify the identity of human users. CAPTCHA offers various question-and- answer tests to understand whether a user is human or not. These tests usually comprise visuals or analysis tasks that are designed to be complicating for bots to solve. However, interactive voice response (IVR) systems are also affected by bots and some bots attempt to reach live agents by crossing the existing security measures and this imposes extra burden on agents.
[0006] For this reason, considering the studies and deficiencies included in the current technique, it is understood that there is a need for a system which ensures to increase the security of web platforms without negatively affecting the user experience and to generate attack-resistant and misleading CAPTCHAs.
[0007] The United States patent document no. US11252243B2, an application included in the state of the art, discloses a system which develops misleading, human- understandable verification techniques for algorithms by visual and auditory CAPTCHA. The said invention enables users to be identified as human or nonhuman (for example, a software bot). The system comprises an interactive audio component and an audio verification component. The interactive audio component is configured to receive an auditory input from the user and to provide an auditory output in response to this input. The audio verification component determines whether the user is human or non-human, by implementing a test intended for the user. This test comprises creating a challenge phrase, forming a modified challenge phrase by applying an effect to this phrase, and then transmitting this phrase to the user. The response received from the user is evaluated in terms of its relevance to the challenge phrase. The user is classified as human if the response is correct and non-human if the response is incorrect. One or more non-echo effects such as echo distortion, music, noise distribution, pure tones, compression, jitter, distorted pitch can be applied. The challenge phrases consist of symbols such as numbers, letters, phonemes, or words. The invention may also comprise an auditory CAPTCHA and the audio verification component may operate by connecting to an interactive voice response (IVR) system. The system can be designed to provide accessibility for specific user groups such as visually impaired users. In addition, it is specially configured to limit the capability of non-human users to interpret the challenge phrase. The system can operate over communication networks and it offers a security-enhanced verification mechanism by selecting from different symbol pools.
[0008] Summary of the Invention
[0009] An object of the present invention is to realize a system which is easily perceptible by humans, however, which can generate misleading CAPTCHAs for optical character recognition and speech-to-text algorithms by implementing hostile attack techniques to visual and auditory verifications.
[0010] Detailed Description of the Invention “A Smart System Resistant to Attacks” realized to fulfil the objects of the present invention is shown in the figure attached, in which:
[0011] Figure 1 is a schematic view of the inventive system.
[0012] The components illustrated in the figure are individually numbered, where the numbers refer to the following:
[0013] 1. System
[0014] 2. Database
[0015] 3. Server
[0016] The inventive system (1) for developing methods which are understandable to humans but misleading to algorithms, by implementing hostile attack techniques to visual and auditory verifications; comprises at least one database (2) which is configured to keep a record of random character strings used for the generation of CAPTCHA (Completely Automated Public Turing Test To Tell Computers And Humans Apart), visual and audio files of these strings, parameters used in the generation of hostile attack CAPTCHAs, user responses and verification results; and at least one server (3) which is configured to generate visual and audio CAPTCHA files by generating random characters strings, to compare the user responses with the correct responses in the database (2), and to optimize the difficulty level of CAPTCHAs.
[0017] The database (2) included in the inventive system (1) is configured to establish communication and to exchange data with the server (3) by using any communication protocol. The database (2) is configured to be managed by the server (3). The database (2) is configured to store original versions of visual and audio CAPTCHAs, their versions processed with hostile attack techniques, and user responses. The database (2) is configured to record the visual and audio files of each CAPTCHA, the difficulty level and the resolution success rates of these files. The database (2) is configured to store the parameters related to the attack type such as Projected Gradient Descent (PGD); hostile attacks such as attack strength, corrupted versions of visual and audio CAPTCHAs, resolution success rates and user responses.
[0018] The server (3) included in the inventive system (1) is configured to establish communication and to exchange data with the database (2) by using any communication protocol. The server (3) is configured to convert visual CAPTCHA images and audio CAPTCHA files by generating random character strings. The server (3) is configured to evaluate the user responses by means of optical character recognition (OCR) and speech-to-text algorithms and then to analyze whether they are correct or incorrect. The server (3) is configured to deactivate the analysis capacity of the machines by adding a specific noise to CAPTCHAs by means of hostile attack techniques and to limit their ability to make correct predictions. The server (3) is configured to transmit the new audio and video files created to the user and to receive the responses from the user and then to evaluate their accuracy or inaccuracy.
[0019] Industrial Application of the Invention
[0020] In the inventive system (1), it is ensured that a broad industrial application potential is provided by strengthening visual and audible CAPTCHAs by means of hostile attack techniques and by meeting the security needs of online platforms such as e- commerce, banking, social media and public services.
[0021] Within these basic concepts; it is possible to develop various embodiments of the inventive “A Smart System (1) Resistant to Attack”; the invention cannot be limited to examples disclosed herein and it is essentially according to claims.
Claims
CLAIMS1. A system (1) for developing methods which are understandable to humans but misleading to algorithms, by implementing hostile attack techniques to visual and auditory verifications; comprising at least one database (2) which is configured to keep a record of random character strings used for the generation of CAPTCHA (Completely Automated Public Turing Test To Tell Computers And Humans Apart), visual and audio files of these strings, parameters used in the generation of hostile attack CAPTCHAs, user responses and verification results; and characterized by at least one server (3) which is configured to generate visual and audio CAPTCHA files by generating random characters strings, to compare the user responses with the correct responses in the database (2), and to optimize the difficulty level of CAPTCHAs.
2. A system ( 1 ) according to Claim 1 ; characterized by the database (2) which is configured to establish communication and to exchange data with the server (3) by using any communication protocol.
3. A system (1) according to Claim 1 or 2; characterized by the database (2) which is configured to be managed by the server (3).
4. A system (1) according to any one of the preceding claims; characterized by the database (2) which is configured to store original versions of visual and audio CAPTCHAs, their versions processed with hostile attack techniques, and user responses.
5. A system (1) according to any one of the preceding claims; characterized by the database (2) which is configured to record the visual and audio filesof each CAPTCHA, the difficulty level and the resolution success rates of these files.
6. A system (1) according to any one of the preceding claims; characterized by the database (2) which is configured to store the parameters related to the attack type such as Projected Gradient Descent (PGD); hostile attacks such as attack strength, corrupted versions of visual and audio CAPTCHAs, resolution success rates and user responses.
7. A system (1) according to any one of the preceding claims; characterized by the server (3) which is configured to establish communication and to exchange data with the database (2) by using any communication protocol.
8. A system (1) according to any one of the preceding claims; characterized by the server (3) which is configured to convert visual CAPTCHA images and audio CAPTCHA files by generating random character strings.
9. A system (1) according to any one of the preceding claims; characterized by the server (3) which is configured to evaluate the user responses by means of optical character recognition (OCR) and speech-to-text algorithms and then to analyze whether they are correct or incorrect.
10. A system (1) according to any one of the preceding claims; characterized by the server (3) which is configured to deactivate the analysis capacity of the machines by adding a specific noise to CAPTCHAs by means of hostile attack techniques and to limit their ability to make correct predictions.
11. A system (1) according to any one of the preceding claims; characterized by the server (3) which is configured to transmit the new audio and video files created to the user and to receive the responses from the user and then to evaluate their accuracy or inaccuracy.