How Websites Use Distorted Text Riddles to Stop Bots

This patent describes the original method for creating CAPTCHAs, using distorted text or audio riddles to distinguish human users from automated bots.

What it covers

The patent outlines a security process where a server challenges a user to solve a simple puzzle before granting access to a system. When a client requests access, the server generates random characters and modifies them—for example, by changing fonts, rotating letters, or adding background noise—to create a riddle that is easy for a human to read but difficult for a computer program to interpret. The server then checks if the user's answer matches the original string within a set time limit. If the answer is correct, the connection is allowed; if not, or if time runs out, the server assumes the requester is a bot and terminates the connection.

What it doesn't cover

• —Does not cover non-riddle based bot detection, such as behavioral mouse tracking or IP reputation analysis.
• —Does not cover biometric authentication methods like fingerprint or facial recognition.
• —Does not cover systems that rely on pre-existing user accounts or passwords for verification.
• —Does not cover challenges that require solving logic puzzles or identifying objects in photos (like modern image-based reCAPTCHA).

The clever bit

The innovation lies in using the computer's own weakness—its difficulty with pattern recognition in noisy, distorted visual or audio data—as a security gate to verify human presence.

Why it matters

This patent is the foundation of the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) technology that became standard across the early web. It was essential for preventing automated spam, bulk account registration, and brute-force attacks on web services during the late 90s and early 2000s.

Real-world examples

• 1.Early Yahoo! account registration forms
• 2.Classic text-based CAPTCHAs on web forums
• 3.Automated spam prevention on email sign-up pages