Trustware: A Device-based Protocol for Verifying Client Legitimacy
This addresses the issue of annoying and insecure CAPTCHAs for online service users, offering a more secure and user-friendly alternative.
The paper tackles the problem of verifying user legitimacy online by proposing a device-based protocol that replaces CAPTCHAs, using physical access to trusted devices to generate one-time passcodes verified by manufacturers.
Online services commonly attempt to verify the legitimacy of users with CAPTCHAs. However, CAPTCHAs are annoying for users, often difficult for users to solve, and can be defeated using cheap labor or, increasingly, with improved algorithms. We propose a new protocol for clients to prove their legitimacy, allowing the client's devices to vouch for the client. The client's devices, and those in close proximity, provide a one-time passcode that is verified by the device manufacturer. This verification proves that the client has physical access to expensive and trusted devices, vouching for the client's legitimacy.