A method of Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) includes: recording, by a voice CAPTCHA module, a speech spoken by a user; determining, by a voice biometric service (VBS), whether a voiceprint matching the user's speech exists; and if a voiceprint matching the user's speech exists, verifying the user as a human user by the VBS. If a voiceprint matching the user's speech does not exist, the VBS i) generates a unique voiceprint for the user based on the user's speech, and/or ii) determines whether the user's speech is at least one of a synthetically generated speech and a previously recorded audio being played back. The user can perform a guest checkout without logging into the voice CAPTCHA module, in which case the VBS compares previously used voiceprints to the user's speech.

A system determines which user of multiple users provided input through a single input device. A mechanism captures images of the one or more users. When input is detected, the images may be processed to determine which user provided an input using the input device. The images may be processed to identify each users head and eyes, and determine the focus point for each user's eyes. The user which has eyes focused at the input location is identified as providing the input. When the input mechanism is a touch screen, the user having eyes focused on the touch screen portion which was touched is identified as the source of the input.

A computerized age-verification method, comprising: receiving an electronic request for verification of a user associated with a user device; opening a browser window in a browser running on the user device; attempting to open a URL listed on a directory of restricted URLs; responsive to receipt of a message denying opening of the URL, returning an indication that the user is not verified; and responsive to receipt of an indication that the URL opens, returning an indication that the user is verified.

A method, a device and a system for controlling access to a service by a user. The method is implemented by an access device. The method includes the following steps on the device to verify the human status of a user: obtaining at least one three-dimensional virtual object and associated data, referred to as resolution data; controlling playback of the at least one virtual object for the user; obtaining user interaction data with the at least one virtual object; and if the interaction data correspond to the resolution data, confirming the human status of the user.

A method for determining whether a user is a human is disclosed. The method includes receiving a request to determine whether a user attempting to access a service provided by a host compute device is a human, obtaining an input motion that the user entered while the user solved a challenge-response test for accessing the service, extracting a noise component of the input motion, retrieving a noise model characterizing noise patterns of input motions previously entered into graphical user interfaces by humans, comparing the noise component with the noise model, calculating a human likeness score of the user based on the comparison, determining whether the user is a human based on the human likeness score, and sending a result of the determination to the host compute device such that the host compute device can allow or restrict access to the service by the user depending on the result.

When a security authentication request sent by a terminal is received, an identity authentication solution includes acquiring network environment information and user behavior data according to the security authentication request, then determining, according to the network environment information and the user behavior data, whether a current operation is a machine attack, and acquiring a CAPTCHA of a predetermined type according to a predetermined policy and delivering the CAPTCHA to the terminal if the current operation is a machine attack, to perform identity authentication, or determining that security authentication succeeds if the current operation is not a machine attack.

A gateway or other network device may be configured to monitor endpoint behavior, and to request a verification of user presence at the endpoint under certain conditions suggesting, e.g., malware or other endpoint compromise. For example, when a network request is directed to a low-reputation or unknown network address, user presence may be verified to ensure that this action was initiated by a human user rather than automatically by malware or the like. User verification may be implicit, based on local behavior such as keyboard or mouse activity, or the user verification may be explicit, such as where a notification is presented on a display of the endpoint requesting user confirmation to proceed.

A trained machine learning model distinguishes between human-driven accounts and machine-driven accounts by performing anomaly detection based on sign-in data and optionally also based on directory data. This machine versus human distinction supports security improvements that apply security controls and other risk management tools and techniques which are specifically tailored to the kind of account being secured. Formulation heuristics can improve account classification accuracy by supplementing a machine learning model anomaly detection result, e.g., based on directory information, kind of IP address, kind of authentication, or various sign-in source characteristics. Machine-driven accounts masquerading as human-driven may be identified as machine-driven. Reviewed classifications may serve as feedback to improve the model's accuracy. A precursor machine learning model may generate training data for training a production account classification machine learning model.

Systems and methods for providing identification tests. In some embodiments, a system and a method are provided for generating and serving to a user an animated challenge graphic comprising a challenge character set whose appearance may change over time. In some embodiments, marketing content may be incorporated into a challenge message for use in an identification test. The marketing content may be accompanied by randomly selected content to increase a level of security of the identification test. In some embodiments, a challenge message for use in an identification test may be provided based on information regarding a transaction for which the identification test is administered. For example, the transaction information may include a user identifier such as an IP address. In some embodiments, identification test results may be tracked and analyzed to identify a pattern of behavior associated with a user identifier. A score indicative of a level of trustworthiness may be computed for the user identifier.

A human challenge can be presented in an augmented reality user interface. A user can use a camera of a smart device to capture a video stream of the user's surroundings, and the smart device can superimpose a representation of an object on the image or video stream being captured by the smart device. The smart device can display in the user interface the image or video stream and the object superimposed thereon. The user will be prompted to perform a task with respect to one or more of these augmented reality objects displayed in the user interface. If the user properly performs the task, e.g., selects the correct augmented reality objects, the application will validate the user as a person.