A New Dynamic Authentication Captcha Based on Negotiation Between Host and Mobile Terminal for Electronic Commerce

摘要

In electronic commerce, the supply of peculiar commodity is not adequate to users' requirements. Many users are inclined to use malicious software to order scarce commodities instead of legal purchasing processes. To solve this problem, designers of E-commerce websites use CAPTCHA to distinguish if the purchase request is applied by human rather than software. It does not work because malicious software (malware) can identify various CAPTCHA by specific function. So websites attempt to use more complex CAPTCHA to resist malware, however, users cannot identify it either. As a result, using CAPTCHA is not a perfect method to deal with distinguishing problems. In this paper, we propose a novel dynamic authentication CAPTCHA to enhance security and overcome limitations existing in static scheme. Our system can distinguish human from software by the negotiation between host and mobile terminal. The security analysis shows that the method we proposed can resist known types of attacks efficiently.