Detection of fraudulent attempts to initiate transactions using modified display objects

US 7,599,856 B2
Filed: 11/19/2002
Issued: 10/06/2009
Est. Priority Date: 11/19/2002
Status: Active Grant

First Claim

Patent Images

1. A method of detecting fraudulent associate-based transactions, the method comprising:

receiving a request for a display object from a browser of a user, said request identifying an item, an associate, and the user, and corresponding to a reference contained in an associate web page loaded by the browser;

responding to the request for the display object by at least (1) generating a token that corresponds to the associate, the user, and the item, wherein the correspondence between the token and said associate, user and item is not ascertainable by viewing the token, (2) generating an instance of the display object that provides a user-selectable link for performing a transaction associated with the item, wherein selection of the link causes a transaction request to be transmitted with the token and with identifiers of the item, the associate, and the user, and (3) sending the instance of the display object to the browser of the user for display within, or in conjunction with, the associate web page, said instance of the display object including said token, wherein generating a token that corresponds to the associate, user and item comprises at least one of the following;

(a) applying a one-way hash algorithm to identifiers of the item, user, and associate;

(b) encoding identifiers of the item, user, and associate within the token using a two-way encryption algorithm; and

(c) creating a lookup table entry that mares the token to the associate, item and user specified by the request for the display object;

receiving, from the browser of the user, a transaction request that includes a token and that identifies a user, item and associate; and

in response to receiving the transaction request from the browser of the user, determining whether the transaction request is valid at least in-part by determining, via execution of instructions by a computing device, whether the token received with the transaction request corresponds to the user, item and associate identified within the transaction request, said determination of whether the received token corresponds to the identified user, item and associate reflecting whether the instance of the display object has been fraudulently modified by changing the associate identifier, user identifier and/or item identifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network-based payment service provides various features for facilitating online, user-to-user payments and item purchases. One feature involves methods for validating transaction requests initiated during browsing of third party web sites, including web sites of associates.

105 Citations

View as Search Results

33 Claims

1. A method of detecting fraudulent associate-based transactions, the method comprising:
- receiving a request for a display object from a browser of a user, said request identifying an item, an associate, and the user, and corresponding to a reference contained in an associate web page loaded by the browser;
  
  responding to the request for the display object by at least (1) generating a token that corresponds to the associate, the user, and the item, wherein the correspondence between the token and said associate, user and item is not ascertainable by viewing the token, (2) generating an instance of the display object that provides a user-selectable link for performing a transaction associated with the item, wherein selection of the link causes a transaction request to be transmitted with the token and with identifiers of the item, the associate, and the user, and (3) sending the instance of the display object to the browser of the user for display within, or in conjunction with, the associate web page, said instance of the display object including said token, wherein generating a token that corresponds to the associate, user and item comprises at least one of the following;
  
  (a) applying a one-way hash algorithm to identifiers of the item, user, and associate;
  
  (b) encoding identifiers of the item, user, and associate within the token using a two-way encryption algorithm; and
  
  (c) creating a lookup table entry that mares the token to the associate, item and user specified by the request for the display object;
  
  receiving, from the browser of the user, a transaction request that includes a token and that identifies a user, item and associate; and
  
  in response to receiving the transaction request from the browser of the user, determining whether the transaction request is valid at least in-part by determining, via execution of instructions by a computing device, whether the token received with the transaction request corresponds to the user, item and associate identified within the transaction request, said determination of whether the received token corresponds to the identified user, item and associate reflecting whether the instance of the display object has been fraudulently modified by changing the associate identifier, user identifier and/or item identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein generating the token comprises applying a one-way hash algorithm to identifiers of the item, user, and associate.
  - 3. The method of claim 1, wherein generating the token comprises encoding identifiers of the item, user, and associate within the token using a two-way encryption algorithm.
  - 4. The method of claim 1, wherein generating the token comprises creating a lookup table entry that maps the token to the associate, item and user specified by the request for the display object.
  - 5. The method of claim 1, wherein the display object is adapted to be displayed in a pop-up browser window when a user selects said reference while viewing the associate web page.
  - 6. The method of claim 1, wherein the reference causes the browser to request the display object when the browser loads the associate web page.
  - 7. The method of claim 6, wherein the display object is an image that is displayed within the associate web page.
  - 8. The method of claim 1, wherein the transaction is a single-action purchase transaction.
  - 9. The method of claim 1, wherein the transaction is a request to add the item to a shopping cart.
  - 10. The method of claim 1, wherein the transaction is a request to add the item to a wish list.
  - 11. A server system that performs the method of claim 1.
  - 12. The method of claim 1, wherein the method, including receiving the request for a display object, responding to the request, receiving the transaction request, and determining whether the transaction request is valid, is performed by a server system that comprises one or more computers.
  - 13. The method of claim 1, wherein the transaction is a purchase transaction, and the method comprises executing the transaction without requiring the user to enter a username, password, or other authentication information.
  - 14. The method of claim 13, wherein the method is performed by a merchant web site that is separate from the associate web site, said merchant web site and associate web site operated by different respective entities.
  - 15. The method of claim 14, wherein the purchase transaction is executed by the merchant web site in response to a single action performed by the user on the instance of the display object as displayed within the associate web page.

16. A system for enabling a user to conduct a transaction with a first web site operated by a first entity during browsing of a second web site operated by a second entity, said transaction being specific to an item, the system comprising:
- an object generation system that is responsive to an object request from a computing device of the user by generating, and sending to the computing device, a display object for presentation to the user within, or in conjunction with, a web page of the second web site, said display object including encrypted information that corresponds to the second entity, the user, and the item, said display object being selectable by the user to cause a transaction request containing said encrypted information to be transmitted from the computing device of the user to the first web site, said object generation system comprising computer hardware; and
  
  a transaction request processing system that is responsive to the transaction request by using at least the encrypted information corresponding to the second entity, the user, and the item to determine whether the transaction request is valid, said transaction request processing system being part of the first web site;
  
  wherein the object generation system is operative to generate the encrypted information, at least in part, by applying a one-way hash function or a two-way encryption algorithm to identifiers of the second entity, user, and item, and the transaction request processing system is operative to perform a comparison to determine whether the encrypted information corresponds to said identifiers of the second entity, user, and item, said transaction request processing system thereby capable of detecting attempts by users to generate fraudulent transaction requests using modified versions of the display object.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 17. The system of claim 16, wherein the transaction request processing system is operative to determine whether the encrypted information included in the transaction request matches unencrypted transaction information included in the transaction request.
  - 18. The system of claim 16, wherein the transaction request processing system is operative to use the encrypted information to determine whether the transaction request corresponds to the same second entity, user, and item for which the display object was generated by the object generation system, and is thereby capable of detecting attempts to use fraudulently modified versions of the display object.
  - 19. The system of claim 16, wherein the object generation system comprises a physical server system that responds to requests received over a network.
  - 20. The system of claim 16, wherein the object generation system is operative to generate the encrypted information at least in part by applying a one-way hash function to identifiers of the second entity, user, and item, and the transaction request processing system is operative to use the one-way hash function to determine whether the transaction request is valid.
  - 21. The system of claim 20, wherein the object generation system is operative to generate the display object such that the transaction request additionally includes the identifiers of the second entity, user, and item in an unencrypted form, and wherein the transaction request processing system is operative to apply the one-way hash function to said unencrypted identifiers, and to compare a result thereof to the encrypted information to determine whether the transaction request is valid.
  - 22. The system of claim 16, wherein the object generation system is operative to generate the encrypted information at least in part by applying a two-way encryption algorithm to identifiers of the second entity, user, and item.
  - 23. The system of claim 22, wherein the transaction processing system is operative to respond differently to the transaction request being found invalid depending upon which of said identifiers has been changed.
  - 24. The system of claim 16, wherein the transaction processing system is responsive to the transaction request, when said transaction request is determined to be valid, by executing the transaction to completion without requiring any further user action.
  - 25. The system of claim 24, wherein the transaction is a single-action purchase transaction.
  - 26. The system of claim 25, wherein the system is operative to execute the transaction request without requiring the user to enter a username, password, or other authentication information.
  - 27. The system of claim 24, wherein the transaction comprises an addition of the item to a shopping cart hosted by the first web site.
  - 28. The system of claim 16, wherein the object generation system and the transaction request processing system collectively enable the user to perform the transaction during browsing of the second web site without having to navigate away from the second web site.
  - 29. The system of claim 16, wherein the object generation system and the transaction request processing system collectively enable the user to perform the transaction during browsing of the second web site without having to load a web page of the first web site.
  - 30. The system of claim 16, wherein the object generation system is operative to personalize the display object for the user, at least in part, by incorporating into the display object functionality for the user to select a particular shipping address from a set of pre-specified shipping addresses.
  - 31. The system of claim 16, wherein the transaction processing system is operative to cause a commission amount to be credited to an account of the second entity when the transaction is completed.
  - 32. The system of claim 16, wherein the system causes the display object to be presented to the user as part of the web page.
  - 33. The system of claim 16, further comprising an interactive link generation tool that generates customized link coding that is adapted to be added to the web page by the second entity to enable said display object to be requested by computing devices that load the web page.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Frederick, Robert, Agrawal, Ashish
Primary Examiner(s)
AN, IG TAI
Assistant Examiner(s)
AN, IG TAI

Application Number

US10/299,963
Publication Number

US 20040098313A1
Time in Patent Office

2,513 Days
Field of Search

None
US Class Current

705/51
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 20/12   specially adapted for elect...

G06Q 20/3821   Electronic credentials

G06Q 20/401   Transaction verification

G06Q 20/403   Solvency checks

G06Q 30/0633   Lists, e.g. purchase orders...

G06Q 30/0641   Shopping interfaces

H04L 2463/102   applying security measure f...

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 67/02   based on web technology, e....

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Detection of fraudulent attempts to initiate transactions using modified display objects

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

105 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Detection of fraudulent attempts to initiate transactions using modified display objects

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

105 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links