Automated agent detection using multiple factors

US 9,985,943 B1
Filed: 12/18/2013
Issued: 05/29/2018
Est. Priority Date: 12/18/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for telling humans and bots apart, comprising:

receiving, over a network, one or more requests by a requestor to access one or more resources associated with an online retailer;

calculating a score for a particular request of the one or more requests, where the score corresponds to a probability of the requestor of the particular request being an automated agent;

redirecting the particular request to a CAPTCHA service based at least in part on the calculated score for the particular request, where the calculated score is compared to a threshold value and the particular request is redirected if the calculated score is equal to or greater than the threshold value;

generating a security check based at least in part on a user and a user account associated with the particular request, where the security check is configured to distinguish human operators from automated agents;

identifying, based at least in part on the user account associated with the particular request, a device associated with the user;

transmitting the security check to the device;

receiving a response to the security check from the device; and

determining to allow access to the resource based at least in part on the received response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Online retailers may operate one or more services configured to detect request generated by automated agents. A security check may be generate and transmitted in response to requests generated by automated agents. The security checks may be transmitted to a second device registered with the online retailer. The second device may transmit the completed security check to the online retailer for verification before the online retailer processes the request.

Citations

19 Claims

1. A computer-implemented method for telling humans and bots apart, comprising:
- receiving, over a network, one or more requests by a requestor to access one or more resources associated with an online retailer;
  
  calculating a score for a particular request of the one or more requests, where the score corresponds to a probability of the requestor of the particular request being an automated agent;
  
  redirecting the particular request to a CAPTCHA service based at least in part on the calculated score for the particular request, where the calculated score is compared to a threshold value and the particular request is redirected if the calculated score is equal to or greater than the threshold value;
  
  generating a security check based at least in part on a user and a user account associated with the particular request, where the security check is configured to distinguish human operators from automated agents;
  
  identifying, based at least in part on the user account associated with the particular request, a device associated with the user;
  
  transmitting the security check to the device;
  
  receiving a response to the security check from the device; and
  
  determining to allow access to the resource based at least in part on the received response.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein the computer-implemented method further includes:
    - identifying, based at least in part on the user account associated with the particular request, a second device associated with the user, the second device having been configured to differentiate human operators from automated agents; and
      
      transmitting the security check to the second device.
  - 3. The computer-implemented method of claim 1, wherein the response to the security check includes non-textual data generated based at least in part on one or more sensors of the device.
  - 4. The computer-implemented method of claim 1, wherein the response to the security check from the device includes an override to the security check configured to verify the user such that the requested access to the resources is allowed without requiring the security check to be completed successfully.
  - 5. The computer-implemented method of claim 1, wherein the computer-implemented method further includes storing the response to the security check as market data associated with the user account.
  - 6. The computer-implemented method of claim 1, wherein generating the security check includes generating the security check based at least in part on the identified device associated with the user such that the response to the security check utilizes an image capture device connected to the device to capture movements of the user.

7. A system, comprising at least one computing device configured to implement one or more services, wherein the one or more services are configured to:
- receive at least one request from a requestor using a first device to access one or more resources associated with an online retailer;
  
  calculate a score for the at least one request, where the score corresponds to a probability of the requestor being an automated agent;
  
  compare the calculated score to a threshold value, and, as a result of the calculated score exceeding the threshold value;
  
  redirect the at least one request to a CAPTCHA service based at least in part on the calculated score;
  
  generate a CAPTCHA security check, based at least in part on a user and a user account associated with the at least one request, configured to differentiate a human from an automated agent;
  
  identify at least a second device associated with a user configured to receive the CAPTCHA security check;
  
  transmit to the second device the CAPTCHA security check; and
  
  determine, in response to receiving from the second device a response to the CAPTCHA security check, to fulfill the at least one request based at least in part on the response to the CAPTCHA security check.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, wherein receiving the response to the CAPTCHA security check includes receiving non-alphanumeric data generated based at least in part on one or more sensors of the second device.
  - 9. The system of claim 7, wherein the at least one computing device is further configured to:
    - output, in response to the CAPTCHA security check, data from one or more output devices connected to the second device;
      
      capture the outputted data by a first device responsible for transmitting the at least one request; and
      
      transmit the captured output data to an online retailer.
  - 10. The system of claim 7, wherein the at least one computing device is further configured to fulfill the at least one request such that the requested access to the one or more resources included in the at least one request is enabled without requiring a customer to submit another request.
  - 11. The system of claim 7, wherein generating the CAPTCHA security check includes generating a particular type of security check based at least in part on one or more capabilities of the identified second device.
  - 12. The system of claim 7, wherein the CAPTCHA security check specifies a figure a customer is to draw using one or more input devices connected to the second device in order to complete the CAPTCHA security check.
  - 13. The system of claim 7, wherein the at least one computing device is further configured to:
    - determine a purchase history based at least in part on a customer account; and
      
      cause a second request to be directed to a security service based at least in part on the second request being a purchase request for an item in a category not included in the purchase history.

14. A non-transitory computer-readable storage medium having collectively stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to at least:
- receive at least one request from a requestor using a first device to access one or more resources associated with an online retailer;
  
  calculate a score for the at least one request, where the score corresponds to a probability of the requestor being an automated agent;
  
  compare the calculated score to a threshold value, and, as a result of the calculated score exceeding the threshold value;
  
  redirect the at least one request to a CAPTCHA service based at least in part on the calculated score;
  
  generate a CAPTCHA security check, based at least in part on a user and a user account associated with the particular request;
  
  identify, based at least in part on the request from the first device, a second device associated with a user configured to receive the CAPTCHA security check, where the CAPTCHA security check is configured to verify the request was generated by a human operator;
  
  transmit the CAPTCHA security check to the second device;
  
  in response to receiving from the second device, cause a response to the CAPTCHA security check, the response to be persistently stored; and
  
  allow the requested access to the one or more resources based at least in part on the response to the CAPTCHA security check.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to transmit the requested one or more resources to the second device.
  - 16. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to redirect the request to a security service based at least in part on one or more conditions, defined by a customer, indicating that the request should be redirected to the security service.
  - 17. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to generate the CAPTCHA security check such that the CAPTCHA security check prompts an operator of the second device to shake the second device in order to be complete the security check.
  - 18. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to generate the CAPTCHA security check such that the CAPTCHA security check requires non-textual data generated based at least in part on one or more sensors of the second device.
  - 19. The non-transitory computer-readable storage medium of claim 14, wherein the instructions that cause the computer system to receive the response to the CAPTCHA security check further include instructions that cause the computer system to receive an override to CAPTCHA the security check such that the override enables the requested access to the one or more resources without receiving the response to the CAPTCHA security check.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Reading, William Frank, Patnaik, Rohit
Primary Examiner(s)
Armouche, Hadi S
Assistant Examiner(s)
Huang, Cheng-Feng

Application Number

US14/133,579
Time in Patent Office

1,623 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 2221/2133   Verifying human interaction...

H04L 2463/144   Detection or countermeasure...

H04L 63/08   for authentication of entit...

H04L 63/1491   using deception as counterm...

Automated agent detection using multiple factors

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Automated agent detection using multiple factors

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links