Systems and methods for detecting and preventing spoofing
First Claim
Patent Images
1. A method, performed by at least one computer, the method comprising:
- receiving a communication from a client device different from the at least one computer;
identifying from the communication an asserted type of the client device; and
determining whether the client device is of the asserted type at least in part by;
interacting with the client device to measure an amount of time it takes the client device to perform a task, the interacting comprising;
providing a software program to the client device for execution by the client device; and
measuring an amount of time it takes the client device to execute the software program;
determining whether the measured amount of time it takes the client device to perform the task is consistent with the asserted type of the client device, the determining comprising;
comparing the measured amount of time for the client device to perform the task to a range of expected performance times for devices of the asserted type;
granting the client device access to a resource in response to determining that the client device is of the asserted type; and
denying the client device access to the resource in response to determining that the client device is not of the asserted type.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for detecting device type spoofing. The techniques include: receiving a communication from a client device different from the at least one computer; identifying from the communication an asserted type of the client device; and verifying the asserted type of the client device at least in part by: interacting with the client device to obtain additional information about the client device, and determining whether the additional information about the client device is consistent with the asserted type of the client device.
-
Citations
20 Claims
-
1. A method, performed by at least one computer, the method comprising:
-
receiving a communication from a client device different from the at least one computer; identifying from the communication an asserted type of the client device; and determining whether the client device is of the asserted type at least in part by; interacting with the client device to measure an amount of time it takes the client device to perform a task, the interacting comprising; providing a software program to the client device for execution by the client device; and measuring an amount of time it takes the client device to execute the software program; determining whether the measured amount of time it takes the client device to perform the task is consistent with the asserted type of the client device, the determining comprising; comparing the measured amount of time for the client device to perform the task to a range of expected performance times for devices of the asserted type; granting the client device access to a resource in response to determining that the client device is of the asserted type; and denying the client device access to the resource in response to determining that the client device is not of the asserted type. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system, comprising:
-
at least one computer; at least one non-transitory computer-readable medium storing processor-executable instructions that, when executed by the at least one computer, cause the at least one computer to perform; receiving a communication from a client device different from the at least one computer; identifying from the communication an asserted type of the client device; and determining whether the client device is of the asserted type at least in part by; interacting with the client device to measure an amount of time it takes the client device to perform a task, the interacting comprising; providing a software program to the client device for execution by the client device; and measuring an amount of time it takes the client device to execute the software program; determining whether the measured amount of time it takes the client device to perform the task is consistent with the asserted type of the client device, the determining comprising; comparing the measured amount of time for the client device to perform the task to a range of expected performance times for devices of the asserted type; granting the client device access to a resource in response to determining that the client device is of the asserted type; and denying the client device access to the resource in response to determining that the client device is not of the asserted type. - View Dependent Claims (15, 16, 17)
-
-
18. At least one non-transitory computer-readable medium storing processor-executable instructions that, when executed by at least one computer, cause the at least one computer to perform:
-
receiving a communication from a client device different from the at least one computer; identifying from the communication an asserted type of the client device; and determining whether the client device is of the asserted type at least in part by; interacting with the client device to measure an amount of time it takes the client device to perform a task, the interacting comprising; providing a software program to the client device for execution by the client device; and measuring an amount of time it takes the client device to execute the software program; determining whether the measured amount of time it takes the client device to perform the task is consistent with the asserted type of the client device, the determining comprising; comparing the measured amount of time for the client device to perform the task to a range of expected performance times for devices of the asserted type; granting the client device access to a resource in response to determining that the client device is of the asserted type; and denying the client device access to the resource in response to determining that the client device is not of the asserted type. - View Dependent Claims (19, 20)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeNuData Security Inc. (MasterCard Incorporated)
-
Original AssigneeMastercard Technologies Canada ULC (MasterCard Incorporated)
-
InventorsBailey, Christopher Everett, Lukashuk, Randy, Richardson, Gary Wayne
-
Primary Examiner(s)TRAN, ELLEN C
-
Application NumberUS15/256,610Publication NumberTime in Patent Office625 DaysField of SearchUS Class CurrentCPC Class CodesG06F 16/2255 Hash tablesG06F 16/24578 using rankingG06F 16/285 Clustering or classificationG06F 16/9535 Search customisation based ...G06F 21/316 by observing the pattern of...G06F 21/32 using biometric data, e.g. ...G06F 21/44 Program or device authentic...G06F 21/552 involving long-term monitor...G06F 21/602 Providing cryptographic fac...G06F 2221/033 Test or assess softwareG06F 2221/2101 Auditing as a secondary aspectG06F 2221/2137 Time limited access, e.g. t...G06F 2221/2145 Inheriting rights or proper...G06F 7/08 Sorting, i.e. grouping reco...H04L 2463/144 Detection or countermeasure...H04L 41/20 Network management software...H04L 43/12 Network monitoring probesH04L 43/16 Threshold monitoringH04L 63/0861 using biometrical features,...H04L 63/1408 by monitoring network traff...View All
