A method and apparatus are provided to enable a server to determine if a client connecting to the server is doing so by means of human user interaction, as opposed to an automated process. In order to authorize access to services, the option of determining user identity, such as by means of a graphical shared secret, is also provided. Three aspects are described: (i) image formation from an object model; (ii) presentation of image choices to a user, and (iii) user action. Image formation includes the creation of one or more categorized 2-dimensional images with object regions for each image automatically qualified. These one or more categorized images can be created by means of a Randomizable Image Generation Object for Human Recognition, comprised of (i) a 3-dimensional object model, (ii) a plurality of rendering threshold and constraint parameters, and (iii) categorization and qualitative metadata. The one or more 2-dimensional images are preferably transmitted to the user for authentication without the image metadata, which may be retained on the server. Related inquiry text can be sent when human user interaction is being determined and not user identity authentication.