Systems and methods for detection of session tampering and fraud prevention
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
G06F-021/00
G06Q-030/06
H04L-029/08
G06Q-020/40
출원번호
US-0473818
(2014-08-29)
등록번호
US-9196004
(2015-11-24)
발명자
/ 주소
Eisen, Ori
출원인 / 주소
The 41st Parameter, Inc.
대리인 / 주소
Wilson Sonsini Goodrich & Rosati
인용정보
피인용 횟수 :
15인용 특허 :
32
초록▼
The invention provides methods and apparatus for detecting when an online session is compromised. A plurality of device fingerprints may be collected from a user computer that is associated with a designated Session ID. A server may include pages that are delivered to a user for viewing in a browser
The invention provides methods and apparatus for detecting when an online session is compromised. A plurality of device fingerprints may be collected from a user computer that is associated with a designated Session ID. A server may include pages that are delivered to a user for viewing in a browser at which time device fingerprints and Session ID information are collected. By collecting device fingerprints and session information at several locations among the pages delivered by the server throughout an online session, and not only one time or at log-in, a comparison between the fingerprints in association with a Session ID can identify the likelihood of session tampering and man-in-the middle attacks.
대표청구항▼
1. A method for detecting an online transaction tampering, the method comprising: establishing a Session ID for activity between a computer and a user device over a network, wherein the Session ID is associated with at least two device fingerprints collected while an article is in a virtual shopping
1. A method for detecting an online transaction tampering, the method comprising: establishing a Session ID for activity between a computer and a user device over a network, wherein the Session ID is associated with at least two device fingerprints collected while an article is in a virtual shopping cart;instructing the computer to collect the at least two device fingerprints, while the article is in the virtual shopping cart, from the user device for the corresponding Session ID, wherein the at least two device fingerprints are collected from at least two different pre-selected pages displaying different content that are configured for an online transaction tampering comparison; andcomparing the at least two device fingerprints, and if the at least two device fingerprints collected from the at least two different pre-selected pages are not identical, detecting the online transaction tampering and providing an alert. 2. The method as recited in claim 1 wherein each of the at least two device fingerprints include IP address information for the user device. 3. The method as recited in claim 1 wherein each of the at least two device fingerprints include a time differential between an internal clock of the user device and another reference clock. 4. The method as recited in claim 1 further comprising the step of collecting Session ID information corresponding to the two device fingerprints at the same times as collecting the two device fingerprints. 5. The method as recited in claim 1 wherein the network is the Internet. 6. The method as recited in claim 1 wherein the computer is a server for an online merchant. 7. The method as recited in claim 1 wherein the user device is a desktop computer, laptop computer, personal digital assistant or phone. 8. The method as recited in claim 1 wherein the two different pre-selected pages are HTML pages. 9. The method as recited in claim 1 wherein the two device fingerprints are compared after an order of the article in the virtual shopping cart is finalized. 10. The method as recited in claim 9 wherein the order of the article in the virtual shopping cart is finalized after the user goes to a site checkout page to effect payment. 11. The method as recited in claim 1 wherein at least one of the two device fingerprints is collected when an order of the article in the virtual shopping cart is finalized. 12. A non-transitory computer system loaded with machine readable instructions for carrying out a method of detecting an online transaction tampering, the method comprising: establishing a Session ID for activity between a computer and a user device over a network, wherein the Session ID is associated with at least two device fingerprints collected while an article is in a virtual shopping cart;instructing the computer to collect the at least two device fingerprints, while the article is in the virtual shopping cart, from the user device for the corresponding Session ID, wherein the at least two device fingerprints are collected from at least two different pre-selected pages displaying different content that are configured for an online transaction tampering comparison; andcomparing the at least two device fingerprints, and if the at least two device fingerprints collected from the at least two different pre-selected pages are not identical, detecting the online transaction tampering and providing an alert. 13. A network security system for an online merchant that detects when an online transaction is compromised comprising: a server within an online merchant network for conducting an online transaction with a customer device, wherein the Session ID is associated with device fingerprints collected while an article is in a virtual shopping cart;a fingerprint collector within the online merchant network for collecting the device fingerprints at predetermined intervals during the online transaction from the customer device, wherein the device fingerprints are collected while the article is in the virtual shopping cart, from at least two different pre-selected pages displaying different content that are configured for an online transaction tampering comparison;a session collector within the online merchant network for collecting Session ID information at the predetermined intervals from the customer device; anda memory for storing information collected from the fingerprint collector including the pages where the device fingerprints are obtained in order to enable a comparison between the device fingerprints collected from the at least two different pre-selected pages and the Session ID information that suggests that the online transaction is compromised if the device fingerprints are not identical. 14. The network security system as recited in claim 13, wherein the online transaction occurs after authentication with a one-time password (OTP). 15. The network security system as recited in claim 13, wherein each of the device fingerprints include IP address information for the user device. 16. The network security system as recited in claim 13, wherein each of the device fingerprints include a time differential between an internal clock of the user device and another reference clock. 17. The network security system as recited in claim 13, wherein the customer device is a desktop computer, laptop computer, personal digital assistant or phone. 18. The network security system as recited in claim 13, wherein the two different pre-selected pages are HTML pages. 19. The network security system as recited in claim 13, wherein the device fingerprints are compared after an order of the article in the virtual shopping cart is finalized. 20. The network security system as recited in claim 13, wherein at least one of the at least two different pre-selected pages includes a page that concludes the online transaction.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (32)
Ronning,Joel A.; Wical,Kelly J., Electronic commerce system and method for detecting fraud.
Lappington John P. ; Marshall Susan K. ; Yamamoto Wayne Y. ; Wilson Cameron A. ; Berkobin Eric C. ; Simons Richard S., Interactive television security through transaction time stamping.
Dujari,Rajeev; Wang,Biao; Hawkins,John M.; Rouskov,Yordan; Erdogan,Samim, Method and system of integrating third party authentication into internet browser code.
Boulware, Van W., Method of conducting anti-fraud electronic bank security transactions having price-date-time variables and calculating apparatus thereof.
Wood, David L.; Norton, Derk; Weschler, Paul; Ferris, Chris; Wilson, Yvonne, Single sign-on framework with trust-level mapping to authentication requirements.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Abraham,Magid; Brown,Michael; Heyman,Steve, Systems and methods for user identification, user demographic reporting and collecting usage data usage biometrics.
Rosen Sholom S., Trusted agents for open electronic commerce where the transfer of electronic merchandise or electronic money is provisional until the transaction is finalized.
Khanwalkar, Manoj; Camacho, Adler; Van Lare, Stephen; Winkler, Omer; Tuttle, Luke David; Patel, Surag I., Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups.
McMillan, Helen; Skurtovich, John Lawrence; Kress, Anita; Sumida, Timothy; McVey, Michael Charles, Systems and methods for providing an integrated identifier.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.