Systems and methods for detecting and preventing spoofing

US 10,212,180 B2
Filed: 09/04/2016
Issued: 02/19/2019
Est. Priority Date: 09/05/2015
Status: Active Grant

First Claim

Patent Images

1. A method, performed by at least one computer, for ascertaining legitimacy of communications received by the at least one computer during a digital interaction between the at least one computer and a client device, the method comprising:

receiving a communication;

identifying from the communication a first secured token and a request to access a web page;

processing the first secured token by;

obtaining, from the first secured token, information indicating a state of the digital interaction, wherein the information indicating the state of the digital interaction comprises a first value of a counter, the counter indicating a number of times the information indicating the state of the digital interaction has been changed by the at least one computer during the digital interaction; and

using the information indicating the state of the digital interaction to determine whether the communication is from the client device at least in part by determining whether the first value of the counter matches a value of the counter provided to the client device by the at least one computer prior to receiving the communication;

when it is determined that the communication is not from the client device, denying access to the requested web page; and

when it is determined that the communication is from the client device,providing the client device access to the web page;

updating the information indicating the state of the digital interaction to obtain updated information indicating the state of the digital interaction, the updating comprising increasing the counter from the first value to a second value;

including the updated information indicating the state of the digital interaction in a second secure token, wherein the updated information indicating the state of the digital interaction comprises the second value of the counter; and

providing the second secured token to the client device for use in a subsequent communication during the digital interaction.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for ascertaining legitimacy of communications received during a digital interaction with a client device. The techniques include: receiving a communication; identifying from the communication a first secured token; processing the first secured token by: obtaining, from the first secured token, information indicating a state of the digital interaction; and using the information indicating the state to determine whether the communication is from the client device; and when it is determined that the communication is from the client device, causing at least one action responsive to the communication to be performed; updating the information indicating the state of the digital interaction to obtain updated information indicating the state of the digital interaction; and providing a second secured token to the client device for use in a subsequent communication during the digital interaction, the second secured token comprising the updated information indicating the state of the digital interaction.

110 Citations

17 Claims

1. A method, performed by at least one computer, for ascertaining legitimacy of communications received by the at least one computer during a digital interaction between the at least one computer and a client device, the method comprising:
- receiving a communication;
  
  identifying from the communication a first secured token and a request to access a web page;
  
  processing the first secured token by;
  
  obtaining, from the first secured token, information indicating a state of the digital interaction, wherein the information indicating the state of the digital interaction comprises a first value of a counter, the counter indicating a number of times the information indicating the state of the digital interaction has been changed by the at least one computer during the digital interaction; and
  
  using the information indicating the state of the digital interaction to determine whether the communication is from the client device at least in part by determining whether the first value of the counter matches a value of the counter provided to the client device by the at least one computer prior to receiving the communication;
  
  when it is determined that the communication is not from the client device, denying access to the requested web page; and
  
  when it is determined that the communication is from the client device,providing the client device access to the web page;
  
  updating the information indicating the state of the digital interaction to obtain updated information indicating the state of the digital interaction, the updating comprising increasing the counter from the first value to a second value;
  
  including the updated information indicating the state of the digital interaction in a second secure token, wherein the updated information indicating the state of the digital interaction comprises the second value of the counter; and
  
  providing the second secured token to the client device for use in a subsequent communication during the digital interaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - after providing the second secured token to the client device, receiving a second communication;
      
      identifying from the second communication a third secured token;
      
      processing the third secured token to obtain a third value of the counter indicating the number of times the information indicating the state of the digital interaction was changed by the at least one computer; and
      
      determining that the second communication is from the client device when the third value matches the second value.
  - 3. The method of claim 1, wherein processing the first secured token to determine whether the communication is from the client device comprises:
    - comparing the information indicating the state of the digital interaction with information about the state of the digital interaction maintained by the at least one computer.
  - 4. The method of claim 1,wherein the first secured token comprises an encrypted token,wherein processing the first secured token comprises decrypting the encrypted token to obtain a decrypted token, andwherein providing the second secured token comprises encrypting a token comprising the updated information indicating the state of the digital interaction.
  - 5. The method of claim 1, further comprising generating the second secured token.
  - 6. The method of claim 2, further comprising:
    - identifying from the second communication a request to update information,when it is determined that the second communication is not from the client device, denying the request to update the information, andwhen it is determined that the second communication is from the client device, updating or causing another computer to update the information.
  - 7. The method of claim 2, further comprising:
    - identifying from the second communication a request for a user-specified action to be committed,when it is determined that the second communication is not from the client device, denying the request to commit the user-specified action, andwhen it is determined that the second communication is from the client device, committing or causing another computer to commit the user-specified action.

8. A system for ascertaining legitimacy of communications received by the at least one computer during a communication digital interaction between at least one computer and a client device, the system comprising:
- the at least one computer; and
  
  at least one non-transitory computer-readable storage medium that storing processor-executable instructions that, when executed by the at least one computer, cause the at least one computer to perform;
  
  receiving a communication;
  
  identifying from the communication a first secured token and a request to access a web page;
  
  processing the first secured token by;
  
  obtaining, from the first secured token, information indicating a state of the digital interaction, wherein the information indicating the state of the digital interaction comprises a first value of a counter, the counter indicating a number of times the information indicating the state of the digital interaction has been changed by the at least one computer during the digital interaction; and
  
  using the information indicating the state of the digital interaction to determine whether the communication is from the client device at least in part by determining whether the first value of the counter matches a value of the counter provided to the client device by the at least one computer prior to receiving the communication;
  
  when it is determined that the communication is not from the client device, denying access to the requested web page; and
  
  when it is determined that the communication is from the client device,providing the client device access to the web page;
  
  updating the information indicating the state of the digital interaction to obtain updated information indicating the state of the digital interaction, the updating comprising increasing the counter from the first value to a second value;
  
  including the updated information indicating the state of the digital interaction in a second secure token, wherein the updated information indicating the state of the digital interaction comprises the second value of the counter; and
  
  providing the second secured token to the client device for use in a subsequent communication during the digital interaction.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system of claim 8, wherein the processor-executable instructions further cause the at least one computer to perform:
    - after providing the second secured token to the client device, receiving a second communication;
      
      identifying from the second communication a third secured token;
      
      processing the third secured token to obtain a third value of the counter indicating the number of times the information indicating the state of the digital interaction was changed by the at least one computer; and
      
      determining that the second communication is a communication from the client device when the third value matches the second value.
  - 10. The system of claim 8, wherein the first secured token comprises an encrypted token, wherein processing the first secured token comprises decrypting the encrypted token to obtain a decrypted token, and wherein providing the second secured token comprises encrypting a token comprising the updated information indicating the state of the digital interaction.
  - 11. The system of claim 9, wherein the processor-executable instructions further cause the at least one computer to perform:
    - identifying from the second communication a request to update information,when it is determined that the second communication is not from the client device, denying the request to update the information; and
      
      when it is determined that the second communication is from the client device, updating or causing another computer to update the information.
  - 12. The system of claim 9, wherein the processor-executable instructions further cause the at least one computer to perform:
    - identifying from the second communication a request for a user-specified action to be committed,when it is determined that the second communication is not from the client device, denying the request to commit the user-specified action, andwhen it is determined that the second communication is from the client device, committing or causing another computer to commit the user-specified action.

13. At least one non-transitory computer-readable storage medium that storing processor-executable instructions that, when executed by at least one computer, cause the at least one computer to perform a method for ascertaining legitimacy of communications received by the at least one computer during a communication digital interaction between at least one computer and a client device, the method comprising:
- receiving a communication;
  
  identifying from the communication a first secured token and a request to access a web page;
  
  processing the first secured token by;
  
  obtaining, from the first secured token, information indicating a state of the digital interaction, wherein the information indicating the state of the digital interaction comprises a first value of a counter, the counter indicating a number of times the information indicating the state of the digital interaction has been changed by the at least one computer during the digital interaction; and
  
  using the information indicating the state of the digital interaction to determine whether the communication is from the client device at least in part by determining whether the first value of the counter matches a value of the counter provided to the client device by the at least one computer prior to receiving the communication;
  
  when it is determined that the communication is not from the client device, denying access to the requested web page; and
  
  when it is determined that the communication is from the client device,providing the client device access to the web page;
  
  updating the information indicating the state of the digital interaction to obtain updated information indicating the state of the digital interaction, the updating comprising increasing the counter from the first value to a second value;
  
  including the updated information indicating the state of the digital interaction in a second secure token, wherein the updated information indicating the state of the digital interaction comprises the second value of the counter; and
  
  providing a second secured token to the client device for use in a subsequent communication during the digital interaction.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The at least one non-transitory computer-readable storage medium of claim 13, wherein method further comprises:
    - after providing the second secured token to the client device, receiving a second communication;
      
      identifying from the second communication a third secured token;
      
      processing the third secured token to obtain a third value of the counter indicating the number of times the information indicating the state of the digital interaction was updated by the at least one computer; and
      
      determining that the second communication is a communication from the client device when the third value matches the second value.
  - 15. The at least one non-transitory computer-readable storage medium of claim 13,wherein the first secured token comprises an encrypted token,wherein processing the first secured token comprises decrypting the encrypted token to obtain a decrypted token, andwherein providing the second secured token comprises encrypting a token comprising the updated information indicating the state of the digital interaction.
  - 16. The at least one non-transitory computer-readable storage medium of claim 14, wherein the method further comprises:
    - identifying from the second communication a request to update information,when it is determined that the second communication is not from the client device, denying the request to update the information, andwhen it is determined that the second communication is from the client device, updating or causing another computer to update the information.
  - 17. The at least one non-transitory computer-readable storage medium of claim 14, wherein the method further comprises:
    - identifying from the second communication a request for a user-specified action to be committed,when it is determined that the second communication is not from the client device, denying the request to commit the user-specified action, andwhen it is determined that the second communication is from the client device, committing or causing another computer to commit the user-specified action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NuData Security Inc. (MasterCard Incorporated)
Original Assignee
Mastercard Technologies Canada ULC (MasterCard Incorporated)
Inventors
Bailey, Christopher Everett, Lukashuk, Randy, Richardson, Gary Wayne
Primary Examiner(s)
Tran, Ellen

Application Number

US15/256,611
Publication Number

US 20170070534A1
Time in Patent Office

898 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2255   Hash tables

G06F 16/24578   using ranking

G06F 16/285   Clustering or classification

G06F 16/9535   Search customisation based ...

G06F 21/316   by observing the pattern of...

G06F 21/32   using biometric data, e.g. ...

G06F 21/44   Program or device authentic...

G06F 21/552   involving long-term monitor...

G06F 21/602   Providing cryptographic fac...

G06F 2221/033   Test or assess software

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2145   Inheriting rights or proper...

G06F 7/08   Sorting, i.e. grouping reco...

H04L 2463/144   Detection or countermeasure...

H04L 41/20   Network management software...

H04L 43/12   Network monitoring probes

H04L 43/16   Threshold monitoring

H04L 63/0861   using biometrical features,...

H04L 63/1408   by monitoring network traff...

H04L 63/1416 : Event detection, e.g. attac...

H04L 63/1425 : Traffic logging, e.g. anoma...

H04L 63/1466 : Active attacks involving in...

H04L 63/20 : for managing network securi...

H04L 67/02 : based on web technology, e....

H04L 67/30 : Profiles

H04L 67/303 : Terminal profiles

H04L 67/535 : Tracking the activity of th...

View All

Systems and methods for detecting and preventing spoofing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

110 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for detecting and preventing spoofing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links