Systems and methods for matching and scoring sameness

US 9,813,446 B2
Filed: 09/04/2016
Issued: 11/07/2017
Est. Priority Date: 09/05/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for analyzing a first web site or mobile device app interaction, the method comprising acts of:

identifying a plurality of first-degree anchor values from the first web site or mobile device app interaction, wherein the plurality of first-degree anchor values comprise a first-degree network address X and a first degree anchor value Y, wherein the first-degree anchor value Y is of an anchor type selected from a group consisting of;

account identifier, email address, phone number, credit card number, location, device characteristic, and device identifier;

accessing a profile of the first-degree network address X, wherein;

the profile of the first-degree network address X comprises a plurality of sets of second-degree anchor values; and

the plurality of sets of second-degree anchor values comprises a set of one or more second-degree anchor values of the same anchor type as the first-degree anchor value Y;

generating an association score indicative of an association among the plurality of first-degree anchor values identified from the first web site or mobile device app interaction, based at least in part on an association between the first-degree network address X and the first-degree anchor value Y, wherein the association between the first-degree network address X and the first-degree anchor value Y is analyzed at least in part by;

determining whether the first-degree anchor value Y appears as a second-degree anchor value in the set of second-degree anchor values in the profile of the first-degree network address X; and

using information stored in the profile of the first-degree network address X to determine how frequently the first-degree anchor value Y was previously observed from a same digital interaction as the first-degree network address X;

determining, based on the association score, whether to perform additional analysis; and

in response to determining that additional analysis is to be performed;

collecting additional data from the web site or mobile device app interaction; and

displaying, via a backend user interface, a risk assessment report to an operator of a web site or mobile device app via which the web site or mobile device app interaction is conducted, wherein the risk assessment report is based on a result of analyzing the additional data collected from the web site or mobile device app interaction.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for matching and scoring sameness. In some embodiments, a computer-implemented method is provided, comprising acts of: identifying a plurality of first-degree anchor values from the first digital interaction, wherein the plurality of first-degree anchor values comprise first-degree anchor values X and Y; accessing a profile of the first-degree anchor value X, wherein: the profile of the first-degree anchor value X comprises a plurality of sets of second-degree anchor values; and each set of the plurality of sets of second-degree anchor values corresponds to a respective anchor type and comprises one or more second-degree anchor values of that anchor type; determining how closely the first-degree anchor values X and Y are associated; and generating an association score indicative of how closely the plurality of first-degree anchors are associated, based at least in part on how closely the first-degree anchor values X and Y are associated.

Citations

21 Claims

1. A computer-implemented method for analyzing a first web site or mobile device app interaction, the method comprising acts of:
- identifying a plurality of first-degree anchor values from the first web site or mobile device app interaction, wherein the plurality of first-degree anchor values comprise a first-degree network address X and a first degree anchor value Y, wherein the first-degree anchor value Y is of an anchor type selected from a group consisting of;
  
  account identifier, email address, phone number, credit card number, location, device characteristic, and device identifier;
  
  accessing a profile of the first-degree network address X, wherein;
  
  the profile of the first-degree network address X comprises a plurality of sets of second-degree anchor values; and
  
  the plurality of sets of second-degree anchor values comprises a set of one or more second-degree anchor values of the same anchor type as the first-degree anchor value Y;
  
  generating an association score indicative of an association among the plurality of first-degree anchor values identified from the first web site or mobile device app interaction, based at least in part on an association between the first-degree network address X and the first-degree anchor value Y, wherein the association between the first-degree network address X and the first-degree anchor value Y is analyzed at least in part by;
  
  determining whether the first-degree anchor value Y appears as a second-degree anchor value in the set of second-degree anchor values in the profile of the first-degree network address X; and
  
  using information stored in the profile of the first-degree network address X to determine how frequently the first-degree anchor value Y was previously observed from a same digital interaction as the first-degree network address X;
  
  determining, based on the association score, whether to perform additional analysis; and
  
  in response to determining that additional analysis is to be performed;
  
  collecting additional data from the web site or mobile device app interaction; and
  
  displaying, via a backend user interface, a risk assessment report to an operator of a web site or mobile device app via which the web site or mobile device app interaction is conducted, wherein the risk assessment report is based on a result of analyzing the additional data collected from the web site or mobile device app interaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, further comprising an act of:
    - accessing a profile of the first-degree anchor value Y, wherein;
      
      the profile of the first-degree anchor value Y comprises a plurality of sets of second-degree anchor values;
      
      the plurality of sets of second-degree anchor values comprises a set of one or more second-degree network addresses; and
      
      analyzing the association between the first-degree network address X and the first-degree anchor value Y further comprises;
      
      determining whether the first-degree network address X appears as a second-degree network address in the set of second-degree network addresses in the profile of the first-degree anchor value Y; and
      
      using information stored in the profile of the first-degree anchor value Y to determine how frequently the first-degree network address X was previously observed from a same digital interaction as the first-degree anchor value Y.
  - 3. The computer-implemented method of claim 1, wherein the association score indicative of the association among the plurality of first-degree anchor values is generated based on an association between every pair of first-degree anchor values of the plurality of first-degree anchor values.
  - 4. The computer-implemented method of claim 1, wherein, for at least one set of second-degree anchor values in the profile of the first-degree network address X:
    - the profile of the first-degree network address X stores a counter C[Z] for each second-degree anchor value Z in the at least one set of second-degree anchor values, the counter C[Z] being indicative of a number of times the second-degree anchor Z was observed from a same digital interaction as the first-degree network address X over a selected interval of time.
  - 5. The computer-implemented method of claim 4, wherein:
    - the first-degree anchor value Y appears as a second-degree anchor value in the at least one set of second-degree anchor values in the profile of the first-degree network address X; and
      
      determining how frequently the first-degree anchor Y was previously observed from a same digital interaction as the first-degree network address X comprises comparing the counter C[Y] against a maximum of the counters C[Z] over all second-degree anchor values Z in the at least one set of second-degree anchor values.
  - 6. The computer-implemented method of claim 4, wherein the counter C[Z] comprises a first counter C₁[Z] and the selected interval of time comprises a first interval of time, and wherein:
    - the profile of the first-degree network address X further stores a second counter C₂[Z] for each second-degree anchor value Z in the at least one set of second-degree anchor values, the second counter C₂[Z] being indicative of a number of times the second-degree anchor Z was observed from a same digital interaction as the first-degree network address X over a second interval of time, the second interval of time being different from the first interval of time.
  - 7. The computer-implemented method of claim 6, wherein the first and second intervals of time are non-overlapping intervals of a same length.

8. A system comprising at least one processor and at least one computer-readable storage medium having stored thereon instructions which, when executed, program the at least one processor to perform a method for analyzing a first web site or mobile device app interaction, the method comprising acts of:
- identifying a plurality of first-degree anchor values from the first web site or mobile device app interaction, wherein the plurality of first-degree anchor values comprise a first-degree network address X and a first-degree anchor value Y, wherein the first-degree anchor value Y is of an anchor type selected from a group consisting of;
  
  account identifier, email address, phone number, credit card number, location, device characteristic, and device identifier;
  
  accessing a profile of the first-degree network address X, wherein;
  
  the profile of the first-degree network address X comprises a plurality of sets of second-degree anchor values; and
  
  the plurality of sets of second-degree anchor values comprises a set of one or more second-degree anchor values of the same anchor type as the first-degree anchor value Y;
  
  generating an association score indicative of an association among the plurality of first-degree anchor values identified from the first web site or mobile device app interaction, based at least in part on an association between the first-degree network address X and the first-degree anchor value Y, wherein the association between the first-degree network address X and the first-degree anchor value Y is analyzed at least in part by;
  
  determining whether the first-degree anchor value Y appears as a second-degree anchor value in the set of second-degree anchor values in the profile of the first-degree network address X; and
  
  using information stored in the profile of the first-degree network address X to determine how frequently the first-degree anchor Y was previously observed from a same digital interaction as the first-degree network address X;
  
  determining, based on the association score, whether to perform additional analysis; and
  
  in response to determining that additional analysis is to be performed;
  
  collecting additional data from the web site or mobile device app interaction; and
  
  displaying, via a backend user interface, a risk assessment report to an operator of a web site or mobile device app via which the web site or mobile device app interaction is conducted, wherein the risk assessment report is based on a result of analyzing the additional data collected from the web site or mobile device app interaction.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the method further comprises an act of:
    - accessing a profile of the first-degree anchor value Y, wherein;
      
      the profile of the first-degree anchor value Y comprises a plurality of sets of second-degree anchor values;
      
      the plurality of sets of second-degree anchor values comprises a set of one or more second-degree network addresses; and
      
      analyzing the association between the first-degree network address X and the first-degree anchor value Y further comprises;
      
      determining whether the first-degree network address X appears as a second-degree network address in the set of second-degree network addresses in the profile of the first-degree anchor value Y; and
      
      using information stored in the profile of the first-degree anchor value Y to determine how frequently the first-degree network address X was previously observed from a same digital interaction as the first-degree anchor value Y.
  - 10. The system of claim 8, wherein the association score indicative of the association among the plurality of first-degree anchor values is generated based on an association between every pair of first-degree anchor values of the plurality of first-degree anchor values.
  - 11. The system of claim 8, wherein, for at least one set of second-degree anchor values in the profile of the first-degree network address X:
    - the profile of the first-degree network address X stores a counter C[Z] for each second-degree anchor value Z in the at least one set of second-degree anchor values, the counter C[Z] being indicative of a number of times the second-degree anchor Z was observed from a same digital interaction as the first-degree network address X over a selected interval of time.
  - 12. The system of claim 11, wherein:
    - the first-degree anchor value Y appears as a second-degree anchor value in the at least one set of second-degree anchor values in the profile of the first-degree network address X; and
      
      determining how frequently the first-degree anchor Y was previously observed from a same digital interaction as the first-degree network address X comprises comparing the counter C[Y] against a maximum of the counters C[Z] over all second-degree anchor values Z in the at least one set of second-degree anchor values.
  - 13. The system of claim 11, wherein the counter C[Z] comprises a first counter C₁[Z] and the selected interval of time comprises a first interval of time, and wherein:
    - the profile of the first-degree network address X further stores a second counter C₂[Z] for each second-degree anchor value Z in the at least one set of second-degree anchor values, the second counter C₂[Z] being indicative of a number of times the second-degree anchor Z was observed from a same digital interaction as the first-degree network address X over a second interval of time, the second interval of time being different from the first interval of time.
  - 14. The system of claim 13, wherein the first and second intervals of time are non-overlapping intervals of a same length.

15. At least one non-transitory computer-readable medium having stored thereon instructions which, when executed, program at least one processor to perform a method for analyzing a first web site or mobile device app interaction, the method comprising acts of:
- identifying a plurality of first-degree anchor values from the first web site or mobile device app interaction, wherein the plurality of first-degree anchor values comprise a first-degree network address X and a first-degree anchor value Y, wherein the first-degree anchor value Y is of an anchor type selected from a group consisting of;
  
  account identifier, email address, phone number, credit card number, location, device characteristic, and device identifier;
  
  accessing a profile of the first-degree network address X, wherein;
  
  the profile of the first-degree network address X comprises a plurality of sets of second-degree anchor values; and
  
  the plurality of sets of second-degree anchor values comprises a set of one or more second-degree anchor values of the same anchor type as the first-degree anchor value Y;
  
  generating an association score indicative of an association among the plurality of first-degree anchor values identified from the first web site or mobile device app interaction, based at least in part on an association between the first-degree network address X and the first-degree anchor value Y, wherein the association between the first-degree network address X and the first-degree anchor value Y is analyzed at least in part by;
  
  determining whether the first-degree anchor value Y appears as a second-degree anchor value in the set of second-degree anchor values in the profile of the first-degree network address X; and
  
  using information stored in the profile of the first-degree network address X to determine how frequently the first-degree anchor Y was previously observed from a same digital interaction as the first-degree network address X;
  
  determining, based on the association score, whether to perform additional analysis; and
  
  in response to determining that additional analysis is to be performed;
  
  collecting additional data from the web site or mobile device app interaction; and
  
  displaying, via a backend user interface, a risk assessment report to an operator of a web site or mobile device app via which the web site or mobile device app interaction is conducted, wherein the risk assessment report is based on a result of analyzing the additional data collected from the web site or mobile device app interaction.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The at least one non-transitory computer-readable medium of claim 15, wherein the method further comprises an act of:
    - accessing a profile of the first-degree anchor value Y, wherein;
      
      the profile of the first-degree anchor value Y comprises a plurality of sets of second-degree anchor values;
      
      the plurality of sets of second-degree anchor values comprises a set of one or more second-degree network addresses; and
      
      analyzing the association between the first-degree network address X and the first-degree anchor value Y further comprises;
      
      determining whether the first-degree network address X appears as a second-degree network address in the set of second-degree network addresses in the profile of the first-degree anchor value Y; and
      
      using information stored in the profile of the first-degree anchor value Y to determine how frequently the first-degree network address X was previously observed from a same digital interaction as the first-degree anchor value Y.
  - 17. The at least one non-transitory computer-readable medium of claim 15, wherein the association score indicative of the association among the plurality of first-degree anchor values is generated based on an association between every pair of first-degree anchor values of the plurality of first-degree anchor values.
  - 18. The at least one non-transitory computer-readable medium of claim 15, wherein, for at least one set of second-degree anchor values in the profile of the first-degree network address X:
    - the profile of the first-degree network address X stores a counter C[Z] for each second-degree anchor value Z in the at least one set of second-degree anchor values, the counter C[Z] being indicative of a number of times the second-degree anchor Z was observed from a same digital interaction as the first-degree network address X over a selected interval of time.
  - 19. The at least one non-transitory computer-readable medium of claim 18, wherein:
    - the first-degree anchor value Y appears as a second-degree anchor value in the at least one set of second-degree anchor values in the profile of the first-degree network address X; and
      
      determining how frequently the first-degree anchor Y was previously observed from a same digital interaction as the first-degree network address X comprises comparing the counter C[Y] against a maximum of the counters C[Z] over all second-degree anchor values Z in the at least one set of second-degree anchor values.
  - 20. The at least one non-transitory computer-readable medium of claim 18, wherein the counter C[Z] comprises a first counter C₁[Z] and the selected interval of time comprises a first interval of time, and wherein:
    - the profile of the first-degree network address X further stores a second counter C₂[Z] for each second-degree anchor value Z in the at least one set of second-degree anchor values, the second counter C₂[Z] being indicative of a number of times the second-degree anchor Z was observed from a same digital interaction as the first-degree network address X over a second interval of time, the second interval of time being different from the first interval of time.
  - 21. The at least one non-transitory computer-readable medium of claim 20, wherein the first and second intervals of time are non-overlapping intervals of a same length.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NuData Security Inc. (MasterCard Incorporated)
Original Assignee
NuData Security Inc. (MasterCard Incorporated)
Inventors
Bailey, Christopher Everett, Lukashuk, Randy, Richardson, Gary Wayne
Primary Examiner(s)
TRAN, ELLEN C

Application Number

US15/256,612
Publication Number

US 20170070524A1
Time in Patent Office

429 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 16/2255   Hash tables

G06F 16/24578   using ranking

G06F 16/285   Clustering or classification

G06F 16/9535   Search customisation based ...

G06F 21/316   by observing the pattern of...

G06F 21/32   using biometric data, e.g. ...

G06F 21/44   Program or device authentic...

G06F 21/552   involving long-term monitor...

G06F 21/602   Providing cryptographic fac...

G06F 2221/033   Test or assess software

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2145   Inheriting rights or proper...

G06F 7/08   Sorting, i.e. grouping reco...

H04L 2463/144   Detection or countermeasure...

H04L 41/20   Network management software...

H04L 43/12   Network monitoring probes

H04L 43/16   Threshold monitoring

H04L 63/0861   using biometrical features,...

H04L 63/1408   by monitoring network traff...

H04L 63/1416 : Event detection, e.g. attac...

H04L 63/1425 : Traffic logging, e.g. anoma...

H04L 63/1466 : Active attacks involving in...

H04L 63/20 : for managing network securi...

H04L 67/02 : based on web technology, e....

H04L 67/30 : Profiles

H04L 67/303 : Terminal profiles

H04L 67/535 : Tracking the activity of th...

View All

Systems and methods for matching and scoring sameness

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for matching and scoring sameness

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links