Systems and methods for detection of session tampering and fraud prevention

US 10,535,093 B2
Filed: 08/28/2018
Issued: 01/14/2020
Est. Priority Date: 03/31/2006
Status: Active Grant

First Claim

Patent Images

1. A method of detecting an online transaction tampering, the method comprising:

establishing a first online session regarding a first transaction between a computer and a first user device over a network;

establishing a first session ID for the first online session;

determining a type of transaction for the first transaction;

collecting a first set of device fingerprints during the first online session for the corresponding first session ID, a size of the first set of device fingerprints based at least on the type of transaction for the first transaction;

selecting a first device fingerprint from within the first set of device fingerprints, the first device fingerprint associated with a first location of a first electronic web page accessed during the first online session;

comparing the first device fingerprint to a subset of the first set of device fingerprints, the subset of device fingerprints collected at locations different from the first electronic web page; and

upon determination that the first device fingerprint is not identical to any of the subset of device fingerprints, generating an electronic indicator that the first online session has been compromised.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides methods and apparatus for detecting when an online session is compromised. A plurality of device fingerprints may be collected from a user computer that is associated with a designated Session ID. A server may include pages that are delivered to a user for viewing in a browser at which time device fingerprints and Session ID information are collected. By collecting device fingerprints and session information at several locations among the pages delivered by the server throughout an online session, and not only one time or at log-in, a comparison between the fingerprints in association with a Session ID can identify the likelihood of session tampering and man-in-the middle attacks.

738 Citations

20 Claims

1. A method of detecting an online transaction tampering, the method comprising:
- establishing a first online session regarding a first transaction between a computer and a first user device over a network;
  
  establishing a first session ID for the first online session;
  
  determining a type of transaction for the first transaction;
  
  collecting a first set of device fingerprints during the first online session for the corresponding first session ID, a size of the first set of device fingerprints based at least on the type of transaction for the first transaction;
  
  selecting a first device fingerprint from within the first set of device fingerprints, the first device fingerprint associated with a first location of a first electronic web page accessed during the first online session;
  
  comparing the first device fingerprint to a subset of the first set of device fingerprints, the subset of device fingerprints collected at locations different from the first electronic web page; and
  
  upon determination that the first device fingerprint is not identical to any of the subset of device fingerprints, generating an electronic indicator that the first online session has been compromised.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first set of device fingerprints is collected at a first frequency during the first online session, the first frequency based at least in part of the type of transaction.
  - 3. The method of claim 1, wherein the size of the first set of device fingerprints vary based at least on a level of risk of fraud associated with the first online session.
  - 4. The method of claim 1, wherein the electronic indicator indicates at least one of:
    - a session tampering by another user device, or a session hijacking by another user device.
  - 5. The method of claim 1, wherein the subset of the first set of device fingerprints comprises the first device fingerprint.
  - 6. The method of claim 1, wherein the first device fingerprint of the first set of device fingerprints comprises at least one of:
    - an IP address of the first user device, a browser identifier of the first user device, a clock skew of the first user device, or a time difference between the first user device and the computer.
  - 7. The method of claim 1, wherein the first user device is associated with a user client and the computer is associated with an online merchant.

8. A computer system for detecting that online session is compromised, the computer system comprising:
- a network interface which establishes a connection with a first user device over a network;
  
  a hardware processor programmed to execute software instructions to cause a computer system to;
  
  establish a first online session regarding a first transaction between the computer system and the first user device;
  
  establish a first session ID for the first online session;
  
  determine a type of transaction for the first transaction;
  
  collect a first set of device fingerprints during the first online session for the corresponding first session ID, a size of the first set of device fingerprints based at least on the type of transaction for the first transaction;
  
  select a first device fingerprint from within the first set of device fingerprints, the first device fingerprint associated with a first location of a first electronic web page accessed during the first online session;
  
  compare the first device fingerprint to a subset of the first set of device fingerprints, the subset of device fingerprints collected at locations different from the first electronic web page; and
  
  upon determination that the first plurality of device fingerprints is not identical to any of the remainder of device fingerprints, generate an electronic indicator that the first online session has been compromised.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the first set of device fingerprints is collected at a first frequency during the first online session, the first frequency based at least in part of the type of transaction.
  - 10. The method of claim 8, wherein the size of the first set of device fingerprints vary based at least on a level of risk of fraud associated with the first online session.
  - 11. The system of claim 8, wherein the electronic indicator indicates at least one of a session tempering or a session hijacking by another user device.
  - 12. The system of claim 8, wherein the subset of the first set of device fingerprints comprise the first device fingerprint.
  - 13. The system of claim 8, wherein a device fingerprint of a first set of device fingerprints comprises at least one of:
    - an IP address of the first user device, a browser identifier of the first user device, a clock skew of the first user device, or a time different between the first user device and the computer.
  - 14. The system of claim 8, wherein the first user device is associated with a user client while the computer is associated with an online merchant.

15. A non-transitory computer storage having stored thereon a computer program, the computer program including executable instructions that instruct a computer system to at least:
- establish a first online session regarding a first transaction between a computer system and a first user device over a network;
  
  establish a first session ID for the first online session;
  
  determine a type of transaction for the first transaction;
  
  collect a first set of device fingerprints during the first online session for the corresponding first session ID, a size of the first set of device fingerprints based at least on the type of transaction for the first transaction;
  
  select a first device fingerprint from within the first set of device fingerprints, the first device fingerprint associated with a first location of a first electronic web page accessed during the first online session;
  
  compare the first device fingerprint to a subset of the first set of device fingerprints, the subset of device fingerprints collected at locations different from the first electronic web page; and
  
  upon determination that the first plurality of device fingerprints is not identical to any of the remainder of device fingerprints, generate an electronic indicator that the first online session has been compromised.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer storage of claim 15, wherein the first set of device fingerprints is collected at a first frequency during the first online session, the first frequency based at least in part of the type of transaction.
  - 17. The non-transitory computer storage of claim 15, wherein the electronic indicator indicates at least one of a session tempering or a session hijacking by another user device.
  - 18. The non-transitory computer storage of claim 15, wherein the subset of the first set of device fingerprints comprise the first device fingerprint.
  - 19. The non-transitory computer storage of claim 15, wherein a device fingerprint of a first set of device fingerprints comprises at least one of:
    - an IP address of the first user device, a browser identifier of the first user device, a clock skew of the first user device, or a time different between the first user device and the computer.
  - 20. The non-transitory computer storage of claim 15, wherein the first user device is associated with a user client while the computer is associated with an online merchant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The 41st Parameter, Inc. (Experian plc)
Original Assignee
The 41st Parameter, Inc. (Experian plc)
Inventors
Eisen, Ori
Primary Examiner(s)
Lewis, Lisa C

Application Number

US16/115,411
Publication Number

US 20190066192A1
Time in Patent Office

504 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/3825   Use of electronic signatures

G06Q 20/4016   involving fraud or risk lev...

G06Q 30/0635   Processing of requisition o...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/1466   Active attacks involving in...

H04L 67/02   based on web technology, e....

Systems and methods for detection of session tampering and fraud prevention

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

738 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for detection of session tampering and fraud prevention

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

738 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links