Fraud analyst smart cookie
First Claim
Patent Images
1. A method for authenticating a transaction, the method comprising the steps of:
- a. storing on a server a behavior profile associated with a user, the behavior profile including one or more factors associated with the user, the behavior profile also including an encryption key associated with the user;
b. encrypting the one or more factors using the encryption key to create one or more encrypted factors;
c. storing a cookie on a client device, the cookie including the one or more encrypted factors;
d. initiating by the user the transaction using the client device;
e. deriving one or more factors from the transaction;
f. decrypting the one or more factors stored in the cookie using the encryption key to create one or more decrypted factors; and
g. authenticating the transaction by comparing the one or more factors in the behavior profile with the one or more decrypted factors.
1 Assignment
0 Petitions
Accused Products
Abstract
A fraudulent business transaction application (FBTA) is provided in embodiments of the present invention for monitoring fraudulent transactions. When a consumer supplies account access information in order to carry out an Internet business transaction, the FBTA uses an online fraud mitigation engine to detect phishing intrusions and identity theft. Embodiments are also provided for calculating travel velocity and transaction frequency, which are useful for determining a fraudulent transaction. Further embodiments are provided for authenticating a transaction using a cookie stored on a client device and a behavior profile stored on a server.
175 Citations
10 Claims
-
1. A method for authenticating a transaction, the method comprising the steps of:
-
a. storing on a server a behavior profile associated with a user, the behavior profile including one or more factors associated with the user, the behavior profile also including an encryption key associated with the user; b. encrypting the one or more factors using the encryption key to create one or more encrypted factors; c. storing a cookie on a client device, the cookie including the one or more encrypted factors; d. initiating by the user the transaction using the client device; e. deriving one or more factors from the transaction; f. decrypting the one or more factors stored in the cookie using the encryption key to create one or more decrypted factors; and g. authenticating the transaction by comparing the one or more factors in the behavior profile with the one or more decrypted factors. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for authenticating a transaction, the method comprising the steps of:
-
a. storing on a server a behavior profile associated with a user, the behavior profile including behavior profile factors comprising a connection type and a host type associated with the user, the behavior profile also including an encryption key associated with the user; b. encrypting the behavior profile factors comprising the connection type and the host type using the encryption key to create encrypted factors; c. storing a cookie on a client device, the cookie including the encrypted factors; d. deriving a connection type and a host type from the transaction to create transaction factors; e. decrypting the connection type and the host type stored in the cookie to create decrypted factors; and f. authenticating the transaction by comparing the behavior profile factors, the transaction factors, and the decrypted factors. - View Dependent Claims (8, 9)
-
-
10. A method for authenticating a transaction, the method comprising the steps of:
-
a. storing on a server a behavior profile associated with a user, the behavior profile including behavior profile factors comprising a host type and an IP address associated with the user, the behavior profile also including an encryption key associated with the user, and wherein host type is one or more of network end point, network proxy, or network firewall; b. encrypting the behavior profile factors comprising the host type and the IP address using the encryption key to create encrypted factors; c. storing a cookie on a client device, the cookie including the encrypted factors; d. deriving a host type and an IP address from the transaction to create transaction factors; e. decrypting the host type and the IP address stored in the cookie to create decrypted factors; and f. authenticating the transaction by comparing the behavior profile factors, the transaction factors, and the decrypted factors.
-
Specification