Detection of fraudulent account usage in distributed computing systems
First Claim
1. A method performed by a computing device in a distributed computing system having a plurality of servers interconnected by a computer network to provide a computing service, the method comprising:
- receiving, via the computer network, data representing a report indicating fraudulent account usage related to an account of the computing service, the account having associated one or more content items accessible to users of other accounts of the same computing service; and
in response to the received data representing the report indicating occurrence of fraudulent account usage of the account,disallowing access to any of the one or more content items associated with the account while maintaining the account as active such that the one or more content items are shown as present in the account but access by the users of the other accounts to view or download the one or more content items is disallowed, including;
receiving, from a user, an access request to access the disallowed one or more content items associated with the account; and
in response to receiving the access request,indicating, to the user, that the account is a valid account;
providing, to the user, a list of the one or more content items associated with the account; and
preventing any of the one or more content items in the list from being viewed or downloaded by the user;
collecting usage data related to the account or the content items associated with the account while the content items are shown as present in the account but the access to view or download the one or more content items in the account is disallowed;
developing a model representing an activity profile of accessing the account or the content items associated with the account based on, at least in part, the collected usage data while access to view or download the one or more content items is disallowed while the account is maintained as active; and
detecting and deactivating one or more additional accounts of the computing service that are related to the reported fraudulent account usage based on the developed model without scanning one or more content items in the one or more additional accounts.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for detecting fraudulent account usage without accessing user content associated with user accounts are disclosed herein. In one embodiment, a method includes receiving a report indicating fraudulent account usage related to an account of the computing service and in response to the received report, disallowing access to any content items associated with the account without disabling access to the account. While access to the content items is disallowed, collecting usage data related to the account or the content items and developing a model representing an activity profile of accessing the account or the content items. The method further includes detecting additional fraudulent account usage based on the developed model without scanning content items in the additional accounts.
-
Citations
19 Claims
-
1. A method performed by a computing device in a distributed computing system having a plurality of servers interconnected by a computer network to provide a computing service, the method comprising:
-
receiving, via the computer network, data representing a report indicating fraudulent account usage related to an account of the computing service, the account having associated one or more content items accessible to users of other accounts of the same computing service; and in response to the received data representing the report indicating occurrence of fraudulent account usage of the account, disallowing access to any of the one or more content items associated with the account while maintaining the account as active such that the one or more content items are shown as present in the account but access by the users of the other accounts to view or download the one or more content items is disallowed, including; receiving, from a user, an access request to access the disallowed one or more content items associated with the account; and in response to receiving the access request, indicating, to the user, that the account is a valid account; providing, to the user, a list of the one or more content items associated with the account; and preventing any of the one or more content items in the list from being viewed or downloaded by the user; collecting usage data related to the account or the content items associated with the account while the content items are shown as present in the account but the access to view or download the one or more content items in the account is disallowed; developing a model representing an activity profile of accessing the account or the content items associated with the account based on, at least in part, the collected usage data while access to view or download the one or more content items is disallowed while the account is maintained as active; and detecting and deactivating one or more additional accounts of the computing service that are related to the reported fraudulent account usage based on the developed model without scanning one or more content items in the one or more additional accounts. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computing device in a distributed computing system having a plurality of servers interconnected by a computer network for providing a computing service to users, comprising:
a processor and a memory operatively coupled to the processor, the memory containing instructions executable by the processor to cause the computing device to; receive, via the computer network, an indication that usage of an account of the computing service violates a usage restriction imposed by a provider of the computing service or a government entity, the account having one or more content items accessible to users of other accounts of the same computing service; and in response to the received indication, disallow access to any of the one or more content items associated with the account while maintaining the account as being a valid account of the computing service such that the one or more content items are shown as present in the account but access to view or download the one or more content items by the users of the other accounts is disallowed, including to; upon receiving, from a user, an access request to access the disallowed one or more content items associated with the account, indicate, to the user, that the account is a valid account; provide, to the user, a list of the one or more content items associated with the account; and prevent any of the one or more content items in the list from being viewed or downloaded by the user; collect usage data related to the account or the one or more content items associated with the account before and/or after disallowing access to the one or more content items associated with the account; determine that another account of the computing service also violates the same usage restriction imposed by the provider of the computing service or the government entity by comparing the collected usage data related to the account having access to the one or more content items disallowed and usage data related to the additional account; and deactivate the another account determined to violate the same usage restriction imposed by the provider of the computing service or the government entity. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
16. A method performed by a computing device in a distributed computing system having a plurality of servers interconnected by a computer network to provide a computing service to users, the method comprising:
-
receiving indications that usage of multiple accounts of the computing service violates a usage restriction imposed by a provider of the computing service or a government entity, the multiple accounts individually having a content item accessible to users of other accounts of the same computing service; in response to receiving the indications, continuing to present the multiple accounts as valid accounts of the computing service while preventing access to view or download any content items associated with the multiple accounts such that the content items are shown as present in the multiple accounts but cannot be viewed or downloaded by the users of the other accounts, including; receiving, from a user, an access request to access the disallowed one or more content items associated with one of the multiple accounts; and in response to receiving the access request, indicating, to the user, that the one of the multiple accounts is a valid account; providing, to the user, a list of the one or more content items associated with the one of the multiple accounts; and preventing any of the one or more content items in the list from being viewed or downloaded by the user; collecting usage data related to the multiple accounts or to the content items associated with the multiple accounts while the content items are shown as present in the multiple accounts but access to view or download the content items in the multiple accounts is disallowed; aggregating the collected usage data to identify a commonality of the multiple accounts; determining whether usage of an additional account of the computing service also has the identified commonality; and in response to determining that the usage of the additional account also has the commonality, indicating that the additional account also violates the usage restriction and deactivating the additional account without accessing any content items in the additional account. - View Dependent Claims (17, 18, 19)
-
Specification