A communications device for managing an authentication event is provided, which is configured to generate location data indicative of a geolocation associated with the communications device, retrieve, from a key that is obfuscated and stored in the communications device, the key, sign the location data with the retrieved key, and transmit request data to a communications server apparatus for requesting the authentication event, the request data comprising the signed location data. A method and a communications system for managing an authentication event are also provided.

A robotic process automation system provides a capability to deploy software robots (bots) by receiving from a deployment user a bot deployment request comprising a bot identification that identifies a specific preexisting bot and an authorized class of user to execute the specific preexisting bot. Credentials of the deployment user are checked. An execution device upon which the specific preexisting bot will execute is identified from a set of available devices. An authorization token is issued for the execution device to uniquely identify the execution device and to authorize the execution device to communicate with the robotic process automation system. In response to a request by the execution device the specific preexisting bot and credentials corresponding to the authorized class of user are provided, wherein the specific preexisting bot executes on the execution device automatically without input from any individual corresponding to the authorized class of user.

Current CAPTCHA tests are designed to be difficult for a bot and simple for a human-user to answer; however, as artificial intelligence improves, bots are more capable of using techniques such as optical character recognition to resolve current CAPTCHAs in similar manners as human-users. By providing a CAPTCHA challenge from a library or set of challenges that are designed in a manner that causes or likely causes a human-user to trivially get the answer to the challenge wrong, helps to confirm that a user is a human-user, as a bot would answer the challenge correctly.

Methods, systems and apparatus for assessing the likely status of an operator of a computing device interacting with a server as a human operator or an autonomic computer application, such as a “bot” are described herein. By monitoring at least some data, e.g., biometric data, generated at the client computing device, a comparison can be made between the monitored data and model data relating to human interaction with the computing device. The results of the comparison can lead to a value that represents the likelihood that the monitored data results from human interaction.

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, that protect analytics for resources of a publisher from traffic directed to such resources by malicious entities. An analytics server receives a first message that includes an encrypted token and analytics data for a publisher-provided resource. The token includes a portion of the analytics data and a trust score indicating a likelihood that activity on the resource is attributed to a human (rather than an automated process). The analytics server decrypts the token. The analytics server determines a trustworthiness measure for the analytics data included in the first message based on the trust score (in the decrypted token) and a comparison of the analytics data in the first message and the portion of the analytics data (in the decrypted token). Based on the measure of trustworthiness, the analytics server performs analytics operations using the analytics data.

The present disclosure provides a security verification method and a relevant device, to increase the difficulty of cracking. The method includes: receiving, from a verification requester, a request for pulling a sliding verification code; acquiring the sliding verification code which includes a slider and a second endpoint image obtained by performing filter processing on a first endpoint image; and returning the sliding verification code to the verification requester. The first endpoint image and the slider are generated from the same original image, and the slider and the second endpoint image are returned to the verification requester finally. The second endpoint image is obtained by performing image processing on the first endpoint image, and after the image processing, in an area outside the slider placement area, pixel values of pixels in the second endpoint image are different from pixel values of corresponding pixels in the original image.

A method of securing a computer resource against unauthorized access includes sending, by a processing device, a challenge data structure to a user computer system, obtaining a user response representing at least one user-selected image from the plurality of images, and providing access to the computer resource for the user computer system based on whether the at least one user-selected image is consistent with the one or more correct images. The challenge data structure defines a challenge to be presented to a user of the user computer system. The challenge involves selecting one or more correct images that conform to one or more aspects of a challenge key from a plurality of images based on a relative orientation with respect to one another of elements within the plurality of images.

Systems and methods for validating online activities through proof-of-work techniques are provided. In one example, a validating computing system receives a request for a proof-of-work instruction from a client device that has submitted an online activity request to an online server system. The validating computing system generates and transmits a proof-of-work instruction for solving a problem to the client device. The validating computing system further receives a response to the proof-of-work instruction from the client device. The validating computing system generates a validity decision based on whether the client device correctly solved the problem, and transmits, to the online server system, the validity decision for use in granting the online activity request to the online server system.

Biometrics are increasingly used to provide authentication and/or verification of a user in many security and financial applications for example. However, “spoof attacks” through presentation of biometric artefacts that are “false” allow attackers to fool these biometric verification systems. Accordingly, it would be beneficial to further differentiate the acquired biometric characteristics into feature spaces relating to live and non-living biometrics to prevent non-living biometric credentials triggering biometric verification. The inventors have established a variety of “liveness” detection methodologies which can block either low complexity spoofs or more advanced spoofs. Such techniques may provide for monitoring of responses to challenges discretely or in combination with additional aspects such as the timing of user's responses, depth detection within acquired images, comparison of other images from other cameras with database data etc.

In an approach, a processor receives a request to access an electronic resource from a device. A processor causes the device to generate a Completely Automated Public Turing test (CAPTCHA), where the CAPTCHA comprises: a virtual keyboard; an ordered string of characters required to be input; and presentation of a highlighted key of the virtual keyboard on the device, wherein (i) the highlighted key is a first key visually distinct from other keys of the virtual keyboard and (ii) the first key corresponds to a character of the ordered string of characters. A processor receives a result of the CAPTCHA from the device. A processor performs an action based on the result.