Systems and methods for performing network counter measures

US 9,237,167 B1
Filed: 07/31/2008
Issued: 01/12/2016
Est. Priority Date: 01/18/2008
Status: Active Grant

First Claim

Patent Images

1. A method that detects fraud in an electronic communication session performed over a network, the session including data transmissions between a purported customer and a bank operating system, the data transmissions from the purported customer including headers from, and generated by, a purported customer user device of the purported customer, the method performed by at least one computer processor of the bank operating system, the method including:

with a first communication from the purported customer user device during the session, inputting a first header by the computer processor, the first header including first header attributes;

with a second communication from the purported customer user device during the session, inputting a second header by the computer processor, the second header including second header attributes;

comparing the first header attributes with the second header attributes from the different data transmissions with the purported customer user device of the purported customer during the same session, wherein the comparing of header attributes from different data transmissions during the session includes;

comparing the first header that is associated with the data transmission from the user device of the purported customer at login with the second header that is associated with a later data transmission from the user device of the purported customer in the same session;

determining that the first header attributes are different from the second header attributes; and

flagging, based on the determining that the header attributes are different, the session as suspect of fraud; and

outputting a communication indicative of such flagging.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for detecting fraud in an electronic session performed over a network, the session including communications between a purported customer and a bank operating system, the communications from the customer including headers. The method including inputting the headers, including header attributes, from the purported customer during the session; comparing the header attributes from different communications during the session; determining that the comparison of the header attributes are irregular; and flagging, based on the determining that the comparison of the header attributes are irregular, the session as suspect.

Citations

18 Claims

1. A method that detects fraud in an electronic communication session performed over a network, the session including data transmissions between a purported customer and a bank operating system, the data transmissions from the purported customer including headers from, and generated by, a purported customer user device of the purported customer, the method performed by at least one computer processor of the bank operating system, the method including:
- with a first communication from the purported customer user device during the session, inputting a first header by the computer processor, the first header including first header attributes;
  
  with a second communication from the purported customer user device during the session, inputting a second header by the computer processor, the second header including second header attributes;
  
  comparing the first header attributes with the second header attributes from the different data transmissions with the purported customer user device of the purported customer during the same session, wherein the comparing of header attributes from different data transmissions during the session includes;
  
  comparing the first header that is associated with the data transmission from the user device of the purported customer at login with the second header that is associated with a later data transmission from the user device of the purported customer in the same session;
  
  determining that the first header attributes are different from the second header attributes; and
  
  flagging, based on the determining that the header attributes are different, the session as suspect of fraud; and
  
  outputting a communication indicative of such flagging.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the headers are in the form of https:
    - headers.
  - 3. The method of claim 1, wherein the network is the Internet.
  - 4. The method of claim 1, wherein the session includes the purported customer using a web page of the bank operating system.
  - 5. The method of claim 1, wherein the comparing header attributes from different data transmissions during the session includes:
    - comparing multiple headers from the purported customer user device input during the session.
  - 6. The method of claim 5, wherein headers of sequential data transmissions are compared during the session.
  - 7. The method of claim 6, wherein time attributes of the sequential headers are compared.
  - 8. The method of claim 6, wherein headers of sequential data transmissions are compared so as to generate an observed pace of the session, the method including comparing the observed pace with known pace information.
  - 9. The method of claim 8, wherein the known pace information was previously secured based on sessions with the purported customer, who was at such time legitimized.
  - 10. The method of claim 8, wherein the known pace information was previously secured based on sessions with other customers.
  - 11. The method of claim 8, wherein the known pace information was previously secured based on capabilities of the legitimate technologies involved and human traits.
  - 12. The method of claim 1, further including comparing header between communications of different customers to detect fraud.

13. A computer processing system that detects fraud in an electronic session performed over a network, the session including communications between a purported customer and a bank operating system, the communications from the purported customer including headers from, and generated by, a purported customer user device of the purported customer, the system comprising:
- a header processor, that;
  
  with a first communication from the purported customer user device during the session, inputs a first header that includes first header attributes, the first header attributes comprising a first device signature of the purported customer user device;
  
  with a second communication from the purported customer user device during the session, inputs a second header that includes second header attributes, the second header attributes comprising a second device signature of the purported customer user device;
  
  compares the first device signature with the second device signature from the different communications with the purported customer user device of the purported customer during the session;
  
  determines that the comparison of the first device signature with the second device signature is irregular; and
  
  flags, based on the determining that the device signatures are irregular, the session as suspect of fraud; and
  
  a flagged session processor that performs processing on the flagged session so as to investigate fraud; and
  
  wherein the comparison of the device signatures from different communications with the user device of the purported customer during the session includes;
  
  comparing the first header that is associated with a communication from the user device of the purported customer at login with the second header that is associated with a later communication from the user device of the purported customer in the same session.
- View Dependent Claims (14, 15, 16)
- - 14. The computer processing system of claim 13, wherein the headers are in the form of https:
    - headers.
  - 15. The computer processing system of claim 13, wherein the flagged session processor terminates the session with the customer based on the flagging of the session.
  - 16. The computer processing system of claim 13, wherein the flagged session processor performs an out of band challenge based on the flagging of the session.

17. A non-transitory computer readable medium that detects fraud in an electronic session performed over a network, the session including communications between a purported customer and a bank operating system, the communications from the purported customer including headers from a purported customer user device of the purported customer, the computer readable medium comprising:
- a first computer readable medium portion that when executed causes at least one processor to;
  
  with a first communication from the purported customer user device during the session, input a first header that includes first header attributes, the first header attributes comprising a first device signature of the purported customer user device;
  
  with a second communication from the purported customer user device during the session, input a second header that includes second header attributes, the second header attributes comprising a second device signature of the purported customer user device;
  
  compare the first device signature with the second device signature from the different communications with the purported customer user device of the purported customer during the session;
  
  determine that the comparison of the first device signature with the second device signature is irregular; and
  
  flag, based on the determining that the device signatures are irregular, the session as suspect of fraud; and
  
  a second computer readable medium portion that when executed cause the at least one processor to perform processing on the flagged session so as to investigate fraud; and
  
  wherein the comparison of the device signatures from different communications with the user device of the purported customer during the session includes;
  
  comparing the first header associated with a communication from the user device of the purported customer at login with the second header associated with a later communication from the user device of the purported customer in the same session.

18. A method that detects fraud in an electronic session performed over a network, the session including different communications between a purported customer user device of a purported customer and a bank operating system, the different communications from, and generated by, the purported customer user device of the customer each including a header, the method performed by at least one computer processor of the bank operating system, the method including:
- with a first communication from the purported customer user device during the session, inputting a first header by the computer processor, the first header including first header attributes;
  
  with a second communication from the purported customer user device during the session, inputting a second header by the computer processor, the second header including second header attributes;
  
  comparing the first header attributes with the second header attributes from the different communications with the purported customer user device during the session;
  
  determining that the first header attributes are different from the second header attributes; and
  
  flagging, based on the determining that the header attributes are different, the session as suspect of fraud; and
  
  the session includes the purported customer using a web site of the bank operating system comprised of a plurality of web pages, the purported customer effecting a login to gain access to the web site;
  
  the comparing header attributes from different communications during the session includes;
  
  comparing the first header associated with the communication from the purported customer at login to the second header used later in the session; and
  
  comparing headers of sequential communications including comparing time attributes of the sequential headers; and
  
  wherein time attributes of the sequential headers are compared so as to generate an observed pace of the session, the pace constituted by a time line of the purported customer'"'"'s actions as represented in the data of the header; and
  
  comparing the observed pace with known pace information, the known pace information previously secured based on sessions with the purported customer, who was at such time legitimized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Szwalbenest, Stanley A., Manion, Amanda Marie
Primary Examiner(s)
Wong, Xavier S.

Application Number

US12/183,872
Time in Patent Office

2,721 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 63/1466   Active attacks involving in...

H04L 67/02   based on web technology, e....

H04L 67/14   Session management for real...

H04L 67/146   Markers for unambiguous ide...

H04L 67/535   Tracking the activity of th...

H04L 69/22   Parsing or analysis of headers

Systems and methods for performing network counter measures

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for performing network counter measures

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links