Enhanced responses to online fraud

US 20070107053A1
Filed: 11/23/2004
Published: 05/10/2007
Est. Priority Date: 05/02/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of combating online fraud, the method comprising:

interrogating a world wide web server to determine whether the server is engaged in a fraudulent activity;

if the server is engaged in a fraudulent activity, submitting with at least one computer a plurality of substantially simultaneous hypertext transfer protocol (“

HTTP”

) requests for reception by the server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention provide enhanced responses to an identified instance of online fraud. Such enhanced responses can incorporate one or more of a variety of strategies for defeating an attempt by a server to filter and/or otherwise avoid responses to its fraudulent activity. Merely by way of example, responses may be disguised (e.g., by transmitting the responses from a variety of computers, by transmitting responses that appear to originate from a computer different than the actual source of the responses, etc.). In accordance with various embodiments of the invention, a variety of responsive strategies may be implemented. Merely by way of example, a plurality of substantially simultaneous HTTP requests may be transmitted to a server engaged in fraud. This plurality of responses may be effective to impair the server'"'"'s ability to respond to requests for other users. In some cases, a plurality of computers (each having one of a plurality of IP addresses) may be used to transmit responses to a server.

250 Citations

48 Claims

1. A method of combating online fraud, the method comprising:
- interrogating a world wide web server to determine whether the server is engaged in a fraudulent activity;
  
  if the server is engaged in a fraudulent activity, submitting with at least one computer a plurality of substantially simultaneous hypertext transfer protocol (“
  
  HTTP”
  
  ) requests for reception by the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. A method of combating online fraud as recited in claim 1, the method further comprising:
    - generating a plurality of HTTP requests for submission to the world wide web server.
  - 3. A method of combating online fraud as recited in claim 2, wherein generating at least one of the plurality of HTTP requests comprises:
    - accessing a web page hosted by the world wide web server;
      
      parsing the web page to identify an online form comprising at least one field;
      
      analyzing the at least one field; and
      
      generating a set of safe data, the set of safe date comprising at least one data element corresponding to the at least one field.
  - 4. A method of combating online fraud as recited in claim 1, wherein each of the HTTP requests comprises a response to a request from the server for personal information.
  - 5. A method of combating online fraud as recited in claim 4, wherein the request from the server comprises an HTML form.
  - 6. A method of combating online fraud as recited in claim 4, wherein each of the substantially simultaneous HTTP requests comprises a set of safe data associated with a fictitious identity, and wherein each set of safe data appears to comprise a valid response to the online form.
  - 7. A method of combating online fraud as recited in claim 6, wherein at least one of the sets of safe data is associated with an account at a financial institution.
  - 8. A method of combating online fraud as recited in claim 1, wherein submitting a plurality of substantially simultaneous HTTP requests comprises submitting sufficient HTTP responses to confuse a perpetrator of the fraudulent activity, such that the HTTP requests have the effect of introducing uncertainty about an overall quality of responses received by the world wide web server.
  - 9. A method of combating online fraud as recited in claim 1, wherein submitting a plurality of substantially simultaneous HTTP requests comprises submitting sufficient HTTP responses to impede a perpetrator of the fraudulent activity, such that the HTTP requests have the effect of notifying a perpetrator of the fraudulent activity that the fraudulent activity has been discovered.
  - 10. A method of combating online fraud as recited in claim 1, wherein the plurality of substantially simultaneous HTTP requests is sufficient to substantially prevent the server from responding to an HTTP request submitted by a third party.
  - 11. A method of combating online fraud as recited in claim 1, the method further comprising:
    - implementing at least one countermeasure to defeat an attempt by to filter the HTTP requests.
  - 12. A method of combating online fraud as recited in claim 1, wherein the plurality of substantially simultaneous HTTP requests exceed a threshold for simultaneous HTTP connections, the threshold being established by a connection table maintained by the server.
  - 13. A method of combating online fraud as recited in claim 1, further comprising:
    - determining, based on a response from the server, whether the plurality of substantially simultaneous HITP requests has exceeded the threshold for simultaneous HTTP connections.
  - 15. A method of combating online fraud as recited in claim 1, further comprising:
    - continually submitting the plurality of substantially simultaneous HTTP requests over a certain period of time, such that the server is substantially unable to respond, for the certain period of time, to HTIP requests submitted by a third party.
  - 16. A method of combating online fraud as recited in claim 1, wherein the at least one computer is a plurality of computers.
  - 17. A method of combating online fraud as recited in claim 16, wherein each of the plurality of distributed computers is associated with one of a diverse plurality of IP addresses, such that each of the plurality of distributed computers is associated with an IP address dissimilar to the rest of the diverse plurality of IP addresses.
  - 18. A method of combating online fraud as recited in claim 17, wherein each of the diverse plurality of IP addresses is associated with one of a plurality of retail Internet service providers.
  - 19. A method of combating online fraud as recited in claim 16, wherein the plurality of computers are distributed geographically.
  - 20. A method of combating online fraud as recited in claim 16, wherein the plurality of computers are distributed among at least two separate Internet Protocol blocks.
  - 21. A method of combating online fraud as recited in claim 1, wherein submitting the plurality of HTTP requests comprises submitting the plurality of HTTP requests through at least one proxy server.
  - 22. A method of combating online fraud as recited in claim 21, wherein the at least one proxy server is a plurality of proxy servers
  - 23. A method of combating online fraud as recited in claim 22, wherein submitting the plurality of HTTP requests comprises submitting each of the plurality of HTTP requests through one of the plurality of proxy servers.
  - 24. A method of combating online fraud as recited in claim 22, wherein submitting the plurality of HTTP requests comprises submitting at least one of the plurality of HTTP requests through each of the plurality of proxy servers via proxy chaining.
  - 25. A method of combating online fraud as recited in claim 1, wherein the plurality of substantially simultaneous HTTP requests are not sufficient to impair any functions of the server other than the server'"'"'s ability to respond to HTTP requests.
  - 26. A method of combating online fraud as recited in claim 1, wherein the plurality of substantially simultaneous HTTP requests are not sufficient to impair a network infrastructure providing communication with the server.

14. A method of combating online fraud as recited in claim 14, wherein, if it is determined that the plurality of substantially simultaneous HTTP requests has not exceeded the threshold for simultaneous HTTP connections, the method further comprises:
- submitting an additional plurality of substantially simultaneous HTTP requests.

27. A method of combating online fraud, the method comprising:
- determining that a web server is involved in online fraud;
  
  acquiring a plurality of Internet Protocol (“
  
  IP”
  
  ) addresses sufficiently diverse to impair an attempt to correlate the plurality of IP addresses;
  
  assigning each of the plurality of IP addresses to one of a plurality of computers; and
  
  transmitting from each of the plurality of computers at least one HTTP request for reception by the web server.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 28. A method of combating online fraud as recited in claim 27, wherein at least one of the plurality of IP addresses is associated with a retail Internet service provider.
  - 29. A method of combating online fraud as recited in claim 28, wherein a computer to which the at least one of the plurality of IP addresses is assigned transmits the at least one HTTP request via the retail Internet service provider.
  - 30. A method of combating online fraud as recited in claim 27, wherein each of the HTTP requests comprises a response to a request from the server.
  - 31. A method of combating online fraud as recited in claim 30, wherein the request from the server comprises an HTML form.
  - 32. A method of combating online fraud as recited in claim 27, wherein the HTTP requests submitted by the plurality of computers collectively are sufficient to confuise a perpetrator of the online fraud, such that the HTTP requests have the effect of introducing uncertainty about an overall quality of responses received by the world wide web server.
  - 33. A method of combating online fraud as recited in claim 27, wherein the HTTP requests submitted by the plurality of computers collectively are sufficient to impede a perpetrator of the online fraud, such that the HTTP requests have the effect of notifying a perpetrator of the online fraud that the online fraud has been discovered.
  - 34. A method of combating online fraud as recited in claim 27, wherein the HTTP requests submitted by the plurality of computers collectively are sufficient to substantially prevent the server from responding to an HTTP request submitted by a third party.
  - 35. A method of combating online fraud as recited in claim 27, the method further comprising:
    - implementing at least one countermeasure to defeat an attempt to filter the HTTP requests.
  - 36. A method of combating online fraud as recited in claim 27, wherein transmitting from each of the plurality of computers at least one HTTP request for receipt by the web server comprises transmitting a plurality of substantially simultaneous HTTP requests.
  - 37. A method of combating online fraud as recited in claim 36, wherein the plurality of substantially simultaneous HTTP requests exceed a threshold for simultaneous HTTP connections, the threshold being established by a connection table maintained by the server.
  - 38. A method of combating online fraud as recited in claim 27, wherein at least one of the HTTP requests comprises a set of safe data associated with a fictitious identity, and wherein the of safe data appears to comprise a valid response to the online form.

39. A computer system for combating online fraud, the computer system comprising a processor and a computer readable medium having instructions executable by the processor to:
- interrogate a world wide web server to determine whether the server is engaged in a fraudulent activity;
  
  if the server is engaged in a fraudulent activity, submit a plurality of substantially simultaneous hypertext transfer protocol (“
  
  HTTP”
  
  ) requests to the server.
- View Dependent Claims (40, 41)
- - 40. A computer system for combating online fraud as recited in claim 39, wherein the instructions executable by the processor to submit a plurality of substantially simultaneous HTTP requests to the server comprise instructions executable by the processor to:
    - interface with a plurality of distributed computers; and
      
      instruct the plurality of distributed computers to submit at least one HTTP request for reception by the server.
  - 41. A computer system for combating online fraud as recited in claim 40, wherein each of the plurality of distributed computers is assigned one of a plurality of IP addresses, the plurality of IP addresses being sufficiently diverse to impair an attempt to correlate the plurality of distributed computers.

42. A computer system for combating online fraud, the computer system comprising a processor and a computer readable medium having instructions executable by the processor to:
- determine that a world wide web server is involved in online fraud;
  
  acquire a plurality of IP addresses sufficiently diverse to impair an attempt to correlate the plurality of IP addresses;
  
  assign each of the plurality of IP addresses to one of a plurality of computers; and
  
  instruct each of the plurality of computers to transmit at least one HTTP request for reception by the web server.

43. A system for combating online fraud, the system comprising a plurality of computers, wherein each of the plurality of computers is assigned one of a plurality of IP addresses, the plurality of IP addresses being sufficiently diverse to impair an attempt to correlate the plurality of computers, and wherein each of the computers comprises a processor and a computer readable medium having instructions executable by the processor to:
- receive instructions from a master computer to submit at least one hypertext transfer protocol (“
  
  HTTP”
  
  ) request to a particular world wide web server; and
  
  based on the instructions from the master computer, submit at least one HTTP request to the particular world wide web server.

44. A system for combating online fraud, the system comprising:
- means for interrogating a world wide web server to determine whether the server is engaged in a fraudulent activity; and
  
  means for submitting a plurality of substantially simultaneous hypertext transfer protocol (“
  
  HTTP”
  
  ) requests to the server, wherein the plurality of substantially simultaneous HTTP requests is sufficient to substantially prevent the server from responding to an HTTP request submitted by a third party.

45. A system for combating online fraud, the system comprising:
- means for determining that a web server is involved in online fraud;
  
  means for acquiring a plurality of IP addresses sufficiently diverse to impair an attempt to correlate the plurality of IP addresses;
  
  means for assigning each of the plurality of IP addresses to one of a plurality of computers; and
  
  means for transmitting from each of the plurality of computers at least one HTTP request for receipt by the web server.

46. A software program embodied on a computer-readable medium, the software program comprising instructions executable by a computer to:
- interrogate a world wide web server to determine whether the server is engaged in a fraudulent activity; and
  
  submit with at least one computer a plurality of substantially simultaneous hypertext transfer protocol (“
  
  HTTP”
  
  ) requests to the server, wherein the plurality of substantially simultaneous HTTP requests is sufficient to substantially prevent the server from responding to an HTTP request submitted by a third party.

47. A software program embodied on a computer-readable medium, the software program comprising instructions executable by a computer to:
- determine that a world wide web server is involved in online fraud;
  
  acquire a plurality of IP addresses sufficiently diverse to impair an attempt to correlate the plurality of IP addresses;
  
  assign each of the plurality of IP addresses to one of a plurality of computers; and
  
  instruct each of the plurality of computers to transmit at least one HTTP request for reception by the web server.

48. In a system for combating online fraud, the system comprising a plurality of computers, wherein each of the plurality of computers is assigned one of a plurality of IP addresses, the plurality of IP addresses being sufficiently diverse to impair an attempt to correlate the plurality of computers, a software program embodied on a computer-readable medium, the software program comprising instructions executable by a computer to:
- receive instructions from a master computer to submit at least one hypertext transfer protocol (“
  
  HTTP”
  
  ) request to a particular world wide web server; and
  
  based on the instructions from the master computer, submit at least one HTTP request to the particular world wide web server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
MarkMonitor Inc.
Original Assignee
MarkMonitor Inc.
Inventors
Shull, Mark, Shraim, Ihab

Application Number

US10/996,646
Publication Number

US 20070107053A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06Q 10/107   Computer-aided management o...

H04L 51/212   using filtering or selectiv...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

H04L 63/1491   using deception as counterm...

Enhanced responses to online fraud

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

250 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced responses to online fraud

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

250 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links