Systems and methods for detection of session tampering and fraud prevention
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
G06F-021/00
G06Q-030/06
G06Q-020/38
G06Q-020/40
H04L-029/08
출원번호
US-0931799
(2015-11-03)
등록번호
US-9754311
(2017-09-05)
발명자
/ 주소
Eisen, Ori
출원인 / 주소
The 41st Parameter, Inc.
대리인 / 주소
Knobbe, Martens, Olson & Bear, LLP
인용정보
피인용 횟수 :
8인용 특허 :
123
초록▼
The invention provides methods and apparatus for detecting when an online session is compromised. A plurality of device fingerprints may be collected from a user computer that is associated with a designated Session ID. A server may include pages that are delivered to a user for viewing in a browser
The invention provides methods and apparatus for detecting when an online session is compromised. A plurality of device fingerprints may be collected from a user computer that is associated with a designated Session ID. A server may include pages that are delivered to a user for viewing in a browser at which time device fingerprints and Session ID information are collected. By collecting device fingerprints and session information at several locations among the pages delivered by the server throughout an online session, and not only one time or at log-in, a comparison between the fingerprints in association with a Session ID can identify the likelihood of session tampering and man-in-the middle attacks.
대표청구항▼
1. A method for detecting a potential session hijacking of an online session, the method comprising: establishing an online session regarding a transaction between a computer and a user device over a network, the online session comprising a session identifier generated at least partly based on infor
1. A method for detecting a potential session hijacking of an online session, the method comprising: establishing an online session regarding a transaction between a computer and a user device over a network, the online session comprising a session identifier generated at least partly based on information received about the user device;initiating a request to collect at the user device a set of device fingerprints associated with the session ID during the online session, the set of device fingerprints comprising a first device fingerprint collected when the user device interacts with a first location of the website and a second device fingerprint collected when the user device interacts with a second location of the website;receiving the set of device fingerprints over the network in response to the request;analyzing the set of device fingerprints for indications of non-matched data;extracting device information associated with the set of device fingerprints;determining that the extracted device information and the received information about the user device indicate that the more than one user device is associated with the session ID and that an unauthorized device has likely gained access to the online session;detecting session hijacking in response to a determination that the extracted device information and the received information about the user device indicates more than one user device is associated with the session ID; andin response to detecting the session hijacking, providing session hijacking alert data comprising information that the online session is hijacked, the session hijacking alert data being used to flag the online session as an instance of the session hijacking or to flag the transaction based on the session hijacking. 2. The method of claim 1, further comprising: determining a transaction type for the online session; anddetermining a level of suspected fraud based at least partly on the transaction type. 3. The method of claim 2, wherein one or more device fingerprints in the set of device fingerprints are collected more frequently when the level of suspected fraud is high. 4. The method of claim 2, wherein the set of device fingerprints comprises more fingerprints when the level of suspected fraud is high. 5. The method of claim 2, wherein one or more device fingerprints in the set of device fingerprints are collected less frequently when the level of suspected fraud is low. 6. The method of claim 1, wherein the information received about the user device is unique to the user device. 7. The method of claim 1, wherein the information received about the user device comprises one or more of the following: IP address of the user device, browser identifier of the user device, a clock skew of the user device, or a time difference between the user device and the computer. 8. A computer system for detecting online session tampering, the computer system comprising: a network interface which establishes a connection with a user device over a network;a processor configured to execute software instructions to cause the computer system to: establish an online session regarding a transaction with the user device over a network, the online session comprising a session identifier (ID) generated at least partly based on information received about the user device;initiate a request to collect at the user device a set of device fingerprints associated with the session ID during the online session, the set of device fingerprints comprising a first device fingerprint collected when the user device interacts with a first location of the website and a second device fingerprint collected when the user device interacts a second location of the website;receive the set of device fingerprints over the network in response to the request;analyze the set of device fingerprints for indications of non-matched data;extract device information associated with the set of device fingerprints;determine that the extracted device information and the received information about the user device indicate that the more than one user device is associated with the session ID and that an unauthorized device has likely gained access to the online session;detect session hijacking in response to a determination that the extracted device information and the received information about the user device indicates more than one user device is associated with the session ID; andin response to detecting the session hijacking, provide session hijacking alert data comprising information that the online session is hijacked, the session hijacking alert data being used to flag the online session as an instance of the session hijacking or to flag the transaction based on the session hijacking; anda non-transitory data storage configured to: communicate with the processor; andstore information comprising at least one of the following: the session ID, information received about the user device, or the set of device fingerprints. 9. The system of claim 8, wherein the processor is further configured to execute software instructions to: determine a transaction type for the online session; anddetermine a level of suspected fraud based at least partly on the transaction type. 10. The system of claim 9, wherein the processor configured to execute software instructions to cause device fingerprints to be collected more frequently when the level of suspected fraud is high. 11. The system of claim 9, wherein the processor configured to execute software instructions to cause more device fingerprints for the set of device fingerprints to be collected when the level of suspected fraud is high. 12. The system of claim 9, wherein the processor configured to execute software instructions to cause device fingerprints to be collected less frequently when the level of suspected fraud is low. 13. The system of claim 8, wherein the information received about the user device is unique to the user device. 14. The system of claim 8, wherein the information received about the user device comprises one or more of the following: IP address of the user device, browser identifier of the user device, a clock skew of the user device, or a time difference between the user device and the computer system. 15. Non-transitory computer storage having stored thereon a computer program, the computer program including executable instructions that instruct a computer system to at least: establish an online session regarding a transaction between a computer and a user device over a network, the online session comprising a session identifier (ID) generated at least partly based on information received about the user device;initiate a request to collect at the user device a set of device fingerprints associated with the session ID during the online session, the set of device fingerprints comprising a first device fingerprint collected when the user device interacts with a first location of the website and a second device fingerprint collected when the user device interacts with a second location of the website;receive the set of device fingerprints over the network in response to the request;analyze the set of device fingerprints for indications of non-matched data;extract device information associated with the set of device fingerprints;determine that the extracted device information and the received information about the user device indicate that the more than one user device is associated with the session ID and that an unauthorized device has likely gained access to the online session;detect session hijacking in response to a determination that the extracted device information and the received information about the user device indicates more than one user device is associated with the session ID; andin response to detecting the session hijacking, provide session hijacking alert data comprising information that the online session is hijacked, the session hijacking alert data being used to flag the online session as an instance of the session hijacking or to flag the transaction based on the session hijacking. 16. The non-transitory computer storage of claim 15, wherein the executable instructions further instruct the computer system to: determine a transaction type for the online session; anddetermine a level of suspected fraud based at least partly on the transaction type. 17. The non-transitory computer storage of claim 16, wherein one or more device fingerprints in the set of device fingerprints are collected more frequently when the level of suspected fraud is high. 18. The non-transitory computer storage of claim 16, wherein the set of device fingerprints comprises more fingerprints when the level of suspected fraud is high. 19. The non-transitory computer storage of claim 15, wherein the information received about the user device is unique to the user device. 20. The non-transitory computer storage of claim 15, wherein the information received about the user device comprises one or more of the following: IP address of the user device, browser identifier of the user device, a clock skew of the user device, or a time difference between the user device and the computer.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (123)
Eisen, Ori; Pandich, Steve; Yalov, Raz, 2D web trilateration.
Lappington John P. ; Marshall Susan K. ; Yamamoto Wayne Y. ; Wilson Cameron A. ; Berkobin Eric C. ; Simons Richard S., Interactive television security through transaction time stamping.
Schweig,Marc E., Keyboard, mouse, and video (KVM) session capture system that stores and can playback portions of live KVM session via forensic capture module.
Mizushima Hiroshi (Yokohama JPX), Method and apparatus for changing screen image data based on cursor movement relative to a preset mark on the screen.
Ennis ; Jr. James D. (Gaithersburg MD) Hasselkus John E. (Germantown MD) Nisbet Thomas R. (Ellicott City MD) Troutman Robert (Gaithersburg MD), Method and apparatus for non-intrusive measurement of round trip delay in communications networks.
Brown Marcus E. (Tuscaloosa AL) Rogers Samuel J. (Breckenridge TX), Method and apparatus for verification of a computer user\s identification, based on keystroke characteristics.
Kowalchyk, Eric F.; Mo, See Yew; Lu, Jimmy M.; Buddhavarapu, Satish; Power, Michael J.; Mako, Janos Z., Method and system for assessing merchant risk during payment transaction.
Barrett,Michael Richard; Armes,David; Bishop,Fred; Shelby,James; Glazer,Elliott; Steitz,Philip W.; Gibbons,Stephen P., Method and system for implementing and managing an enterprise identity management for distributed security.
Dujari,Rajeev; Wang,Biao; Hawkins,John M.; Rouskov,Yordan; Erdogan,Samim, Method and system of integrating third party authentication into internet browser code.
Southard,David A.; Bell,Lowell F.; Aucoin,Michael A.; Gouin,Fr챕d챕ric; Cannaday, Jr.,Theodore H., Method for digital transmission and display of weather imagery.
Boulware, Van W., Method of conducting anti-fraud electronic bank security transactions having price-date-time variables and calculating apparatus thereof.
Tan Jeanette C. (21600 Cleardale St. Santa Clarita CA) Iggulden Jerry R. (21600 Cleardale St. Santa Clarita CA 91321) Streck Donald A. (832 Country Dr. Ojai CA 93023), Security facsimile systems.
Wood, David L.; Norton, Derk; Weschler, Paul; Ferris, Chris; Wilson, Yvonne, Single sign-on framework with trust-level mapping to authentication requirements.
Varghese, Thomas Emmanual; Fisher, Jon Bryan; Harris, Steven Lucas; Durai, Don Bosco, System and method for fraud monitoring, detection, and tiered user authentication.
Tedesco,Daniel E.; Jorasch,James A.; Gelman,Geoffrey M.; Walker,Jay S.; Tulley,Stephen C.; O'Neil,Vincent M.; Alderucci,Dean P., System for image analysis in a network that is structured with multiple layers and differentially weighted neurons.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Abraham,Magid; Brown,Michael; Heyman,Steve, Systems and methods for user identification, user demographic reporting and collecting usage data usage biometrics.
Rosen Sholom S., Trusted agents for open electronic commerce where the transfer of electronic merchandise or electronic money is provisional until the transaction is finalized.
Guo, Hui; Srinivasan, Venkatachary; Rajam, Surendra Sadanand; Jiang, Zhaowei Charlie; Zhou, Min, Universal device identifier for globally identifying and binding disparate device identifiers to the same mobile device.
Khanwalkar, Manoj; Camacho, Adler; Van Lare, Stephen; Winkler, Omer; Tuttle, Luke David; Patel, Surag I., Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.