Systems and methods for detecting and preventing spoofing
First Claim
1. A method, performed by at least one computer, for ascertaining legitimacy of communications received by the at least one computer during a digital interaction between the at least one computer and a client device, the method comprising:
- receiving a communication;
identifying from the communication a first secured token and a request to access a web page;
processing the first secured token by;
obtaining, from the first secured token, information indicating a state of the digital interaction, wherein the information indicating the state of the digital interaction comprises a first value of a counter, the counter indicating a number of times the information indicating the state of the digital interaction has been changed by the at least one computer during the digital interaction; and
using the information indicating the state of the digital interaction to determine whether the communication is from the client device at least in part by determining whether the first value of the counter matches a value of the counter provided to the client device by the at least one computer prior to receiving the communication;
when it is determined that the communication is not from the client device, denying access to the requested web page; and
when it is determined that the communication is from the client device,providing the client device access to the web page;
updating the information indicating the state of the digital interaction to obtain updated information indicating the state of the digital interaction, the updating comprising increasing the counter from the first value to a second value;
including the updated information indicating the state of the digital interaction in a second secure token, wherein the updated information indicating the state of the digital interaction comprises the second value of the counter; and
providing the second secured token to the client device for use in a subsequent communication during the digital interaction.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for ascertaining legitimacy of communications received during a digital interaction with a client device. The techniques include: receiving a communication; identifying from the communication a first secured token; processing the first secured token by: obtaining, from the first secured token, information indicating a state of the digital interaction; and using the information indicating the state to determine whether the communication is from the client device; and when it is determined that the communication is from the client device, causing at least one action responsive to the communication to be performed; updating the information indicating the state of the digital interaction to obtain updated information indicating the state of the digital interaction; and providing a second secured token to the client device for use in a subsequent communication during the digital interaction, the second secured token comprising the updated information indicating the state of the digital interaction.
110 Citations
17 Claims
-
1. A method, performed by at least one computer, for ascertaining legitimacy of communications received by the at least one computer during a digital interaction between the at least one computer and a client device, the method comprising:
-
receiving a communication; identifying from the communication a first secured token and a request to access a web page; processing the first secured token by; obtaining, from the first secured token, information indicating a state of the digital interaction, wherein the information indicating the state of the digital interaction comprises a first value of a counter, the counter indicating a number of times the information indicating the state of the digital interaction has been changed by the at least one computer during the digital interaction; and using the information indicating the state of the digital interaction to determine whether the communication is from the client device at least in part by determining whether the first value of the counter matches a value of the counter provided to the client device by the at least one computer prior to receiving the communication; when it is determined that the communication is not from the client device, denying access to the requested web page; and when it is determined that the communication is from the client device, providing the client device access to the web page; updating the information indicating the state of the digital interaction to obtain updated information indicating the state of the digital interaction, the updating comprising increasing the counter from the first value to a second value; including the updated information indicating the state of the digital interaction in a second secure token, wherein the updated information indicating the state of the digital interaction comprises the second value of the counter; and providing the second secured token to the client device for use in a subsequent communication during the digital interaction. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for ascertaining legitimacy of communications received by the at least one computer during a communication digital interaction between at least one computer and a client device, the system comprising:
-
the at least one computer; and at least one non-transitory computer-readable storage medium that storing processor-executable instructions that, when executed by the at least one computer, cause the at least one computer to perform; receiving a communication; identifying from the communication a first secured token and a request to access a web page; processing the first secured token by; obtaining, from the first secured token, information indicating a state of the digital interaction, wherein the information indicating the state of the digital interaction comprises a first value of a counter, the counter indicating a number of times the information indicating the state of the digital interaction has been changed by the at least one computer during the digital interaction; and using the information indicating the state of the digital interaction to determine whether the communication is from the client device at least in part by determining whether the first value of the counter matches a value of the counter provided to the client device by the at least one computer prior to receiving the communication; when it is determined that the communication is not from the client device, denying access to the requested web page; and when it is determined that the communication is from the client device, providing the client device access to the web page; updating the information indicating the state of the digital interaction to obtain updated information indicating the state of the digital interaction, the updating comprising increasing the counter from the first value to a second value; including the updated information indicating the state of the digital interaction in a second secure token, wherein the updated information indicating the state of the digital interaction comprises the second value of the counter; and providing the second secured token to the client device for use in a subsequent communication during the digital interaction. - View Dependent Claims (9, 10, 11, 12)
-
-
13. At least one non-transitory computer-readable storage medium that storing processor-executable instructions that, when executed by at least one computer, cause the at least one computer to perform a method for ascertaining legitimacy of communications received by the at least one computer during a communication digital interaction between at least one computer and a client device, the method comprising:
-
receiving a communication; identifying from the communication a first secured token and a request to access a web page; processing the first secured token by; obtaining, from the first secured token, information indicating a state of the digital interaction, wherein the information indicating the state of the digital interaction comprises a first value of a counter, the counter indicating a number of times the information indicating the state of the digital interaction has been changed by the at least one computer during the digital interaction; and using the information indicating the state of the digital interaction to determine whether the communication is from the client device at least in part by determining whether the first value of the counter matches a value of the counter provided to the client device by the at least one computer prior to receiving the communication; when it is determined that the communication is not from the client device, denying access to the requested web page; and when it is determined that the communication is from the client device, providing the client device access to the web page; updating the information indicating the state of the digital interaction to obtain updated information indicating the state of the digital interaction, the updating comprising increasing the counter from the first value to a second value; including the updated information indicating the state of the digital interaction in a second secure token, wherein the updated information indicating the state of the digital interaction comprises the second value of the counter; and providing a second secured token to the client device for use in a subsequent communication during the digital interaction. - View Dependent Claims (14, 15, 16, 17)
-
Specification