Systems and methods for detecting and preventing spoofing

US 10,129,279 B2
Filed: 09/04/2016
Issued: 11/13/2018
Est. Priority Date: 09/05/2015
Status: Active Grant

First Claim

Patent Images

1. A method, performed by at least one computer, the method comprising:

receiving a communication from an application program executing on a client device different from the at least one computer;

identifying from the communication an asserted identity of the application program;

determining whether the application program has the asserted identity at least in part by;

interacting with the client device to obtain additional information about at least one capability of the application program, the interacting comprising;

transmitting, via at least one network to the client device, a software program that, when executed by the client device, collects the additional information about the at least one capability of the application program at least in part by programmatically testing the application program to determine whether the application program is able to recognize an object; and

receiving, from the client device, the additional information about the at least one capability of the application program; and

determining whether the additional information about the at least one capability of the application program indicates that the application program is able to recognize the object, the determining comprising;

comparing the additional information about the at least one capability of the application program to information about one or more application programs having the asserted identity;

determining whether the application program has the asserted identity based at least in part on whether the application program is able to recognize the object;

granting the client device access to a resource responsive to determining that the application program has the asserted identity; and

denying the client device access to the resource responsive to determining that the application program does not have the asserted identity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for detecting application program spoofing. The techniques include: receiving a communication from an application program executing on a client device different from the at least one computer; identifying from the communication an asserted identity of the application program; and verifying the asserted identity of the application program at least in part by: interacting with the client device to obtain additional information about the application program, and determining whether the additional information about the application program is consistent with the asserted identity of the application program.

112 Citations

19 Claims

1. A method, performed by at least one computer, the method comprising:
- receiving a communication from an application program executing on a client device different from the at least one computer;
  
  identifying from the communication an asserted identity of the application program;
  
  determining whether the application program has the asserted identity at least in part by;
  
  interacting with the client device to obtain additional information about at least one capability of the application program, the interacting comprising;
  
  transmitting, via at least one network to the client device, a software program that, when executed by the client device, collects the additional information about the at least one capability of the application program at least in part by programmatically testing the application program to determine whether the application program is able to recognize an object; and
  
  receiving, from the client device, the additional information about the at least one capability of the application program; and
  
  determining whether the additional information about the at least one capability of the application program indicates that the application program is able to recognize the object, the determining comprising;
  
  comparing the additional information about the at least one capability of the application program to information about one or more application programs having the asserted identity;
  
  determining whether the application program has the asserted identity based at least in part on whether the application program is able to recognize the object;
  
  granting the client device access to a resource responsive to determining that the application program has the asserted identity; and
  
  denying the client device access to the resource responsive to determining that the application program does not have the asserted identity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1,wherein determining whether the additional information indicates that the application program is able to recognize the object comprises:
    - obtaining information about the at least one capability of the one or more application programs having the asserted identity; and
      
      comparing the collected information about the at least one capability of the application program with the information about at least one corresponding capability of application programs having the asserted identity.
  - 3. The method of claim 1, wherein the software program, when executed by the client device, is configured to programmatically test the at least one capability of the application program at least in part by determining whether the application program is able to recognize an object that the one or more application programs having the asserted identity are able to recognize.
  - 4. The method of claim 1, wherein the software program comprises a JAVASCRIPT program.
  - 5. The method of claim 1, wherein transmitting the software program to the client device is performed based on the asserted identity of the application program identified in the communication.
  - 6. The method of claim 1, wherein the asserted identity of the application program comprises an identity of a web browser application program.
  - 7. The method of claim 1, wherein granting the client device access to the resource comprises granting the client device access to a webpage.
  - 8. The method of claim 1, wherein granting the client device access to the resource comprises granting the client device access to a service.

9. A system, comprising:
- at least one computer;
  
  at least one non-transitory computer-readable storage medium storing processor-executable instructions that, when executed by the at least one computer, causes the at least one computer to perform;
  
  receiving a communication from an application program executing on a client device different from the at least one computer;
  
  identifying from the received communication an asserted identity of the application program;
  
  determining whether the application program has the asserted identity at least in part by;
  
  interacting with the client device to obtain additional information about s at least one capability of the application program, the interacting comprising;
  
  transmitting, via at least one network to the client device, a software program that, when executed by the client device, collects the additional information about the at least one capability of the application program at least in part by programmatically testing the application program to determine whether the application program is able to recognize an object; and
  
  receiving, from the client device, the additional information about the at least one capability of the application program; and
  
  determining whether the additional information about the at least one capability of the application program indicates that the application program is able to recognize the object, the determining comprising;
  
  comparing the additional information about the at least one capability of the application program to information about one or more application programs having the asserted identity;
  
  determining whether the application program has the asserted identity based at least in part on whether the application program is able to recognize the object;
  
  granting the client device access to a resource responsive to determining that the application program has the asserted identity; and
  
  denying the client device access to the resource responsive to determining that the application program does not have the asserted identity.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9,wherein determining whether the additional information about the at least one capability of the application program indicates that the application program is able to recognize the object comprises comparing the collected information about the at least one capability of the application program with information about the at least one capability of one or more application programs having the asserted identity.
  - 11. The system of claim 9, wherein the software program, when executed by the client device, is configured to programmatically test the at least one capability of the application program at least in part by determining whether the application program is able to recognize an object that the one or more application programs having the asserted identity are able to recognize.
  - 12. The system of claim 9, wherein the software program comprises a JAVASCRIPT program.
  - 13. The system of claim 9, wherein transmitting the software program to the client device is performed based on the asserted identity of the application program identified in the communication.
  - 14. The system of claim 9, wherein the asserted identity of the application program comprises an identity of a web browser application program.

15. At least one non-transitory computer-readable storage medium storing processor-executable instructions that, when executed by at least one computer, causes the at least one computer to perform:
- receiving a communication from an application program executing on a client device different from the at least one computer;
  
  identifying from the received communication an asserted identity of the application program; and
  
  determining whether the application program has the asserted identity at least in part by;
  
  interacting with the client device to obtain additional information about at least one capability of the application program, the interacting comprising;
  
  transmitting, via at least one network to the client device, a software program that, when executed by the client device, collects the additional information about the at least one capability of the application program at least in part by programmatically testing the application program to determine whether the application program is able to recognize an object; and
  
  receiving, from the client device, the additional information about the at least one capability of the application program; and
  
  determining whether the additional information indicates that the application program is able to recognize the object, the determining comprising;
  
  comparing the additional information about the at least one capability of the application program to information about one or more application programs having the asserted identity;
  
  determining whether the application program has the asserted identity based at least in part on whether the application program is able to recognize the object;
  
  granting the client device access to a resource responsive to determining that the application program has the asserted identity; and
  
  denying the client device access to the resource responsive to determining that the application program does not have the asserted identity.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The at least one non-transitory computer-readable storage medium of claim 15,wherein determining whether the additional information about the at least one capability of the application program indicates that the application program is able to recognize the object comprises comparing the collected information about the at least one capability of the application program with information about the at least one capability of application programs having the asserted identity.
  - 17. The at least one non-transitory computer-readable storage medium of claim 15, wherein the software program, when executed by the client device, is configured to programmatically test the at least one capability of the application program at least in part by determining whether the application program is able to recognize an object that the one or more application programs having the asserted identity are able to recognize.
  - 18. The at least one non-transitory computer-readable storage medium of claim 15, wherein transmitting the software program to the client device is performed based on the asserted identity of the application program identified in the communication.
  - 19. The at least one non-transitory computer-readable storage medium of claim 15, wherein the asserted identity of the application program comprises an identity of a web browser application program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NuData Security Inc. (MasterCard Incorporated)
Original Assignee
Mastercard Technologies Canada ULC (MasterCard Incorporated)
Inventors
Bailey, Christopher Everett, Lukashuk, Randy, Richardson, Gary Wayne
Primary Examiner(s)
Tran, Ellen

Application Number

US15/256,607
Publication Number

US 20170070517A1
Time in Patent Office

800 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2255   Hash tables

G06F 16/24578   using ranking

G06F 16/285   Clustering or classification

G06F 16/9535   Search customisation based ...

G06F 21/316   by observing the pattern of...

G06F 21/32   using biometric data, e.g. ...

G06F 21/44   Program or device authentic...

G06F 21/552   involving long-term monitor...

G06F 21/602   Providing cryptographic fac...

G06F 2221/033   Test or assess software

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2145   Inheriting rights or proper...

G06F 7/08   Sorting, i.e. grouping reco...

H04L 2463/144   Detection or countermeasure...

H04L 41/20   Network management software...

H04L 43/12   Network monitoring probes

H04L 43/16   Threshold monitoring

H04L 63/0861   using biometrical features,...

H04L 63/1408   by monitoring network traff...

H04L 63/1416 : Event detection, e.g. attac...

H04L 63/1425 : Traffic logging, e.g. anoma...

H04L 63/1466 : Active attacks involving in...

H04L 63/20 : for managing network securi...

H04L 67/02 : based on web technology, e....

H04L 67/30 : Profiles

H04L 67/303 : Terminal profiles

H04L 67/535 : Tracking the activity of th...

View All

Systems and methods for detecting and preventing spoofing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

112 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for detecting and preventing spoofing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others