Keystroke analysis

US 10,453,066 B2
Filed: 07/07/2016
Issued: 10/22/2019
Est. Priority Date: 07/01/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for authenticating an online session, the method comprising:

establishing, by a computer processor of a fraud detection server, a first online session with a remote computing device, the remote computing device configured to establish a second online session for an online transaction, wherein the online transaction involves an electronic form with a plurality of user input fields;

receiving, by the computer processor of the fraud detection server, a plurality of field data strings from the remote computing device via the first online session, the plurality of field data strings comprising user inputs for the plurality of user input fields;

for each field data string of the plurality of field data strings;

identifying, by the computer processor of the fraud detection server, a plurality of ordered alpha-numeric characters in the field data string;

determining, by the computer processor of the fraud detection server, whether one or more of alpha-numeric characters in the plurality of the alpha-numeric characters are entered with a shift key; and

calculating, by the computer processor of the fraud detection server, a field data string score based on the determination of whether the one or more of alpha-numeric characters in the plurality of the alpha-numeric characters are entered with the shift key, wherein the field data string score is adjusted to reflect less risk in response to a determination that the one or more alpha-numeric characters are entered with the shift key; and

calculating, by the computer processor of the fraud detection server, a transaction risk score associated with the online transaction, the transaction risk score calculated using the field data string scores;

determining, by the computer processor of the fraud detection server, whether the online transaction is potentially fraudulent based on the transactional score; and

in response to a determination that the online transaction is potentially fraudulent, providing, by the computer processor of the fraud detection server, an indication to the remote computing device that the online transaction is potentially fraudulent.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and device for detecting keystroke entries in a field entered by keyboard in connection with an online transaction that may be fraudulent or erroneous. A score can be assigned to a keystroke based upon its distance from another keystroke. The scores of keystrokes in a string can be summed to obtain a string score. The string score can be normalized by dividing the string score by the number of keystrokes summed to obtain the normalized string score. A risk of fraud or error can be determined based upon the value of the normalized string score in comparison to a predetermined value.

Citations

18 Claims

1. A computer-implemented method for authenticating an online session, the method comprising:
- establishing, by a computer processor of a fraud detection server, a first online session with a remote computing device, the remote computing device configured to establish a second online session for an online transaction, wherein the online transaction involves an electronic form with a plurality of user input fields;
  
  receiving, by the computer processor of the fraud detection server, a plurality of field data strings from the remote computing device via the first online session, the plurality of field data strings comprising user inputs for the plurality of user input fields;
  
  for each field data string of the plurality of field data strings;
  
  identifying, by the computer processor of the fraud detection server, a plurality of ordered alpha-numeric characters in the field data string;
  
  determining, by the computer processor of the fraud detection server, whether one or more of alpha-numeric characters in the plurality of the alpha-numeric characters are entered with a shift key; and
  
  calculating, by the computer processor of the fraud detection server, a field data string score based on the determination of whether the one or more of alpha-numeric characters in the plurality of the alpha-numeric characters are entered with the shift key, wherein the field data string score is adjusted to reflect less risk in response to a determination that the one or more alpha-numeric characters are entered with the shift key; and
  
  calculating, by the computer processor of the fraud detection server, a transaction risk score associated with the online transaction, the transaction risk score calculated using the field data string scores;
  
  determining, by the computer processor of the fraud detection server, whether the online transaction is potentially fraudulent based on the transactional score; and
  
  in response to a determination that the online transaction is potentially fraudulent, providing, by the computer processor of the fraud detection server, an indication to the remote computing device that the online transaction is potentially fraudulent.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, the method further comprises:
    - for each field data string, calculating a normalized field data string score using a length of the field data string and the field data string score; and
      
      for each field data string, calculating the transaction risk score using the normalized field data string scores in the electronic form.
  - 3. The computer-implemented method of claim 1, wherein the indication comprises a likelihood of fraud.
  - 4. The computer-implemented method of claim 1, further comprising resuming the online transaction in response to a determination that the online transaction is not fraudulent.
  - 5. The computer-implemented method of claim 1, wherein calculating the transaction risk score comprising:
    - summing each field data string score for the plurality of data field strings to generate a summed field data string score;
      
      determining a count of the plurality of user input fields; and
      
      calculating the transaction risk score based on the summed field data string score and the count.
  - 6. The computer-implemented method of claim 1, wherein determining, based on the transactional score, whether the online transaction is potentially fraudulent comprising:
    - accessing a threshold score from the fraud detection server; and
      
      comparing the transactional score with the threshold score; and
      
      determining the online transaction as potentially fraudulent based on at least the comparison between the transaction score and the threshold score.

7. A system for authenticating an online session, the system comprising:
- a fraud detection server configured to establish an online session with a remote computing device;
  
  a memory configured to store computer-executable instructions; and
  
  one or more processors of the fraud detection server in communication with the memory, the processor, when executing the computer-executable instructions, configured to;
  
  establish a first online session with the remote computing device, the remote computing device configured to establish a second online session for an online transaction, wherein the online transaction involves an electronic form with a plurality of user input fields;
  
  receive a plurality of field data strings from the remote computing device via the first online session, the plurality of field data strings comprising user inputs for the plurality of user input fields;
  
  for each field data string of the plurality field data strings;
  
  identify a plurality of ordered alpha-numeric characters in the field data string;
  
  determine whether one or more of alpha-numeric characters in the plurality of the alpha-numeric characters are entered with a shift key; and
  
  calculate a field data string score based on the determination of whether the one or more of alpha-numeric characters in the plurality of the alpha-numeric characters are entered with the shift key, wherein the field data string score is adjusted to reflect less risk in response to a determination that the one or more alpha-numeric characters are entered with the shift key;
  
  calculate a transaction risk score associated with the online transaction, the transaction risk score calculated using the field data string scores;
  
  determine, based on the transactional score, whether the online transaction is potentially fraudulent; and
  
  in response to a determination that the online transaction is potentially fraudulent, provide an indication to the remote computing device that the online transaction is potentially fraudulent.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the computer-executable instructions further cause the one or more processors of the fraud detection server to:
    - for each field data string, calculate a normalized field data string score using a length of the field data string and the field data string score; and
      
      for each field data string, calculate the transaction risk score using the normalized field data string scores in the electronic form.
  - 9. The system of claim 7, wherein the indication comprises a likelihood of fraud.
  - 10. The system of claim 7, wherein the computer-executable instructions further cause the one or more processors of the fraud detection server system to resume the online transaction in response to a determination that the online transaction is not fraudulent.
  - 11. The system of claim 7, wherein to calculate the transaction risk score, the computer-executable instructions cause the one or more processors of the fraud detection server system to:
    - sum each field data string score for the plurality of data field strings to generate a summed field data string score;
      
      determine a count of the plurality of user input fields; and
      
      calculate the transaction risk score based on the summed field data string score and the count.
  - 12. The system of claim 7, wherein to determine, based on the transactional score, whether the online transaction is potentially fraudulent, the computer-executable instructions cause the processor of the fraud detection server system to:
    - access a threshold score from the fraud detection server; and
      
      compare the transactional score with the threshold score; and
      
      determine the online transaction as potentially fraudulent based at least one the comparison between the transaction score and the threshold score.

13. Non-transitory computer storage having stored thereon a computer program, the computer program including computer-executable instructions that instruct a computer system to at least:
- establish a first online session with a remote computing device, the remote computing device configured to establish a second online session for an online transaction, wherein the online transaction involves an electronic form with a plurality of user input fields;
  
  receive, via the first online session, a plurality of field data strings from the remote computing device comprising user inputs for the plurality of user input fields;
  
  for each field data string of the plurality field data strings;
  
  identify a plurality of ordered alpha-numeric characters in the field data string;
  
  determine whether one or more of alpha-numeric characters in the plurality of the alpha-numeric characters are entered with a shift key; and
  
  calculate a field data string score based on the determination of whether the one or more of alpha-numeric characters in the plurality of the alpha-numeric characters are entered with the shift key, wherein the field data string score is adjusted to reflect less risk in response to a determination that the one or more alpha-numeric characters are entered with the shift key;
  
  calculate a transaction risk score associated with the online transaction, the transaction risk score calculated using the field data string scores;
  
  determine, based on the transactional score, whether the online transaction is potentially fraudulent; and
  
  in response to a determination that the online transaction is potentially fraudulent, provide an indication to the remote computing device that the online transaction is potentially fraudulent.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer storage of claim 13, wherein the computer-executable instructions further instruct the computer system to:
    - for each field data string, calculate a normalized field data string score using a length of the field data string and the field data string score; and
      
      for each field data string, calculate the transaction risk score using the normalized field data string scores in the electronic form.
  - 15. The non-transitory computer storage of claim 13, wherein the indication comprises a likelihood of fraud.
  - 16. The non-transitory computer storage of claim 13, wherein the computer-executable instructions further instruct the computer system to:
    - resume the online transaction in response to a determination that the online transaction is not fraudulent.
  - 17. The non-transitory computer storage of claim 13, wherein to calculate the transaction risk score, the computer-executable instructions instruct the computer system to:
    - sum each field data string score for the plurality of data field strings to generate a summed field data string score;
      
      determine a count of the plurality of user input fields; and
      
      calculate the transaction risk score based on the summed field data string score and the count.
  - 18. The non-transitory computer storage of claim 13, wherein to determine, based on the transactional score, whether the online transaction is potentially fraudulent, the computer-executable instructions instruct the computer system to:
    - access a threshold score from the fraud detection server; and
      
      compare the transactional score with the threshold score; and
      
      determine the online transaction as potentially fraudulent based at least on the comparison between the transaction score and the threshold score.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The 41st Parameter, Inc. (Experian plc)
Original Assignee
The 41st Parameter, Inc. (Experian plc)
Inventors
Eisen, Ori
Primary Examiner(s)
Reagan, James A

Application Number

US15/204,654
Publication Number

US 20170039571A1
Time in Patent Office

1,202 Days
Field of Search

705 50- 79
US Class Current
CPC Class Codes

G06F 3/0233   Character input methods

G06Q 20/4016   involving fraud or risk lev...

G06Q 30/06   Buying, selling or leasing ...

G06Q 40/00   Finance; Insurance; Tax str...

Keystroke analysis

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Keystroke analysis

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links