Systems and methods for detection of session tampering and fraud prevention
First Claim
1. A method for detecting that an online session is compromised, the method comprising:
- determining a session identifier for an online session between a first device and a second device over a network, wherein the session identifier is associated with a plurality of device fingerprints collected during the online session;
receiving a first device fingerprint collected during the online session, wherein the first device fingerprint is collected at a first location of a first page;
receiving a second device fingerprint collected during the online session, wherein the second device fingerprint is collected at a second location of a second page, where the first page and the second page comprise different content;
determining, based at least in part on a comparison between the first device fingerprint and the second device fingerprint, a presence of a third device during the online session which indicates an interference of the online session between the first device and the second device by the third device; and
providing an alert indicating the interference of the online session based at least in part on a determination of the presence of the third device during the online session.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides methods and apparatus for detecting when an online session is compromised. A plurality of device fingerprints may be collected from a user computer that is associated with a designated Session ID. A server may include pages that are delivered to a user for viewing in a browser at which time device fingerprints and Session ID information are collected. By collecting device fingerprints and session information at several locations among the pages delivered by the server throughout an online session, and not only one time or at log-in, a comparison between the fingerprints in association with a Session ID can identify the likelihood of session tampering and man-in-the middle attacks.
-
Citations
17 Claims
-
1. A method for detecting that an online session is compromised, the method comprising:
-
determining a session identifier for an online session between a first device and a second device over a network, wherein the session identifier is associated with a plurality of device fingerprints collected during the online session; receiving a first device fingerprint collected during the online session, wherein the first device fingerprint is collected at a first location of a first page; receiving a second device fingerprint collected during the online session, wherein the second device fingerprint is collected at a second location of a second page, where the first page and the second page comprise different content; determining, based at least in part on a comparison between the first device fingerprint and the second device fingerprint, a presence of a third device during the online session which indicates an interference of the online session between the first device and the second device by the third device; and providing an alert indicating the interference of the online session based at least in part on a determination of the presence of the third device during the online session. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer system for detecting that an online session is compromised, the computer system comprising:
-
a network interface which establishes a connection with a user device over a network; a hardware processor programmed to execute software instructions to cause the computer system to; determine a session identifier for an online session with the user device over the network, wherein the session identifier is associated with a plurality of device fingerprints collected during the online session; receive a first device fingerprint collected during the online session, wherein the first device fingerprint is collected at a first location of a first page; receive a second device fingerprint collected during the online session, wherein the second device fingerprint is collected at a second location of a second page, where the first page and the second page comprise different content; determine, based at least in part on a comparison between the first device fingerprint and the second device fingerprint, a presence of an attacker device during the online session which indicates an interference of the online session by the attacker device; and provide an alert indicating the interference of the online session based at least in part on a determination of the presence of the attacker device during the online session; a non-transitory data storage configured to; communicate with the hardware processor; and store information comprising at least one of the following;
the session identifier and the plurality of device fingerprints associated with the session identifier. - View Dependent Claims (8, 9, 10, 11)
-
-
12. Non-transitory computer storage having stored thereon a computer program, the computer program including executable instructions that instruct a computer system to at least:
-
determine a session identifier for an online session between a first device and a second device over a network, wherein the session identifier is associated with a plurality of device fingerprints collected during the online session; receive a first device fingerprint collected during the online session, wherein the first device fingerprint is collected at a first location of a first page; receive a second device fingerprint collected during the online session, wherein the second device fingerprint is collected at a second location of a second page, where the first page and the second page comprise different content; determine, based at least in part on a comparison between the first device fingerprint and the second device fingerprint, a presence of a third device during the online session which indicates an interference of the online session between the first device and the second device by the third device; and provide an alert indicating the interference of the online session based at least in part on a determination of the presence of the third device during the online session. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification