Systems and methods for detection of session tampering and fraud prevention

US 10,089,679 B2
Filed: 07/20/2017
Issued: 10/02/2018
Est. Priority Date: 03/31/2006
Status: Active Grant

First Claim

Patent Images

1. A method for detecting that an online session is compromised, the method comprising:

determining a session identifier for an online session between a first device and a second device over a network, wherein the session identifier is associated with a plurality of device fingerprints collected during the online session;

receiving a first device fingerprint collected during the online session, wherein the first device fingerprint is collected at a first location of a first page;

receiving a second device fingerprint collected during the online session, wherein the second device fingerprint is collected at a second location of a second page, where the first page and the second page comprise different content;

determining, based at least in part on a comparison between the first device fingerprint and the second device fingerprint, a presence of a third device during the online session which indicates an interference of the online session between the first device and the second device by the third device; and

providing an alert indicating the interference of the online session based at least in part on a determination of the presence of the third device during the online session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides methods and apparatus for detecting when an online session is compromised. A plurality of device fingerprints may be collected from a user computer that is associated with a designated Session ID. A server may include pages that are delivered to a user for viewing in a browser at which time device fingerprints and Session ID information are collected. By collecting device fingerprints and session information at several locations among the pages delivered by the server throughout an online session, and not only one time or at log-in, a comparison between the fingerprints in association with a Session ID can identify the likelihood of session tampering and man-in-the middle attacks.

738 Citations

17 Claims

1. A method for detecting that an online session is compromised, the method comprising:
- determining a session identifier for an online session between a first device and a second device over a network, wherein the session identifier is associated with a plurality of device fingerprints collected during the online session;
  
  receiving a first device fingerprint collected during the online session, wherein the first device fingerprint is collected at a first location of a first page;
  
  receiving a second device fingerprint collected during the online session, wherein the second device fingerprint is collected at a second location of a second page, where the first page and the second page comprise different content;
  
  determining, based at least in part on a comparison between the first device fingerprint and the second device fingerprint, a presence of a third device during the online session which indicates an interference of the online session between the first device and the second device by the third device; and
  
  providing an alert indicating the interference of the online session based at least in part on a determination of the presence of the third device during the online session.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the interference of the online session comprises at least one of a session tempering or a session hijacking by the third device.
  - 3. The method of claim 1, further comprising:
    - determining a transaction type for the online session; and
      
      determining a frequency for collecting the plurality of device fingerprints or a number of device fingerprints collected during the online session based at least in part on the transaction type.
  - 4. The method of claim 1, wherein a device fingerprint of the plurality of device fingerprints comprises at least one of:
    - an IP address of the first device, a browser identifier of the first device, a clock skew of the first device, or a time difference between the first device and the second device.
  - 5. The method of claim 1, wherein the first device fingerprint comprises a device identifier associated with the first device and the second device fingerprint comprises another device identifier associated with the third device.
  - 6. The method of claim 1, wherein the first device is associated with a user client while the second device is associated with an online merchant.

7. A computer system for detecting that an online session is compromised, the computer system comprising:
- a network interface which establishes a connection with a user device over a network;
  
  a hardware processor programmed to execute software instructions to cause the computer system to;
  
  determine a session identifier for an online session with the user device over the network, wherein the session identifier is associated with a plurality of device fingerprints collected during the online session;
  
  receive a first device fingerprint collected during the online session, wherein the first device fingerprint is collected at a first location of a first page;
  
  receive a second device fingerprint collected during the online session, wherein the second device fingerprint is collected at a second location of a second page, where the first page and the second page comprise different content;
  
  determine, based at least in part on a comparison between the first device fingerprint and the second device fingerprint, a presence of an attacker device during the online session which indicates an interference of the online session by the attacker device; and
  
  provide an alert indicating the interference of the online session based at least in part on a determination of the presence of the attacker device during the online session;
  
  a non-transitory data storage configured to;
  
  communicate with the hardware processor; and
  
  store information comprising at least one of the following;
  
  the session identifier and the plurality of device fingerprints associated with the session identifier.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The computer system of claim 7, wherein the interference of the online session comprises at least one of a session tempering or a session hijacking by the attacker device.
  - 9. The computer system of claim 7, wherein the hardware processor is further programmed to:
    - determine a transaction type for the online session; and
      
      determine a frequency for collecting the plurality of device fingerprints or a number of device fingerprints collected during the online session based at least in part on the transaction type.
  - 10. The computer system of claim 7, wherein a device fingerprint of the plurality of device fingerprints comprises at least one of:
    - an IP address of the user device, a browser identifier of the user device, or a clock skew of the user device.
  - 11. The computer system of claim 7, wherein the first device fingerprint comprises a device identifier associated with the user device and the second device fingerprint comprises another device identifier associated with the attacker device.

12. Non-transitory computer storage having stored thereon a computer program, the computer program including executable instructions that instruct a computer system to at least:
- determine a session identifier for an online session between a first device and a second device over a network, wherein the session identifier is associated with a plurality of device fingerprints collected during the online session;
  
  receive a first device fingerprint collected during the online session, wherein the first device fingerprint is collected at a first location of a first page;
  
  receive a second device fingerprint collected during the online session, wherein the second device fingerprint is collected at a second location of a second page, where the first page and the second page comprise different content;
  
  determine, based at least in part on a comparison between the first device fingerprint and the second device fingerprint, a presence of a third device during the online session which indicates an interference of the online session between the first device and the second device by the third device; and
  
  provide an alert indicating the interference of the online session based at least in part on a determination of the presence of the third device during the online session.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The non-transitory computer storage of claim 12, wherein the interference of the online session comprises at least one of a session tempering or a session hijacking by the third device.
  - 14. The non-transitory computer storage of claim 12, wherein the executable instructions further instruct the computer system to:
    - determine a transaction type for the online session; and
      
      determine a frequency for collecting the plurality of device fingerprints or a number of device fingerprints collected during the online session based at least in part on the transaction type.
  - 15. The non-transitory computer storage of claim 12, wherein a device fingerprint of the plurality of device fingerprints comprises at least one of:
    - an IP address of the first device, a browser identifier of the first device, a clock skew of the first device, or a time difference between the first device and the second device.
  - 16. The non-transitory computer storage of claim 12, wherein the first device fingerprint comprises a device identifier associated with the first device and the second device fingerprint comprises another device identifier associated with the third device.
  - 17. The non-transitory computer storage of claim 12, wherein the first device is associated with a user client while the second device is associated with an online merchant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The 41st Parameter, Inc. (Experian plc)
Original Assignee
The 41st Parameter, Inc. (Experian plc)
Inventors
Eisen, Ori
Primary Examiner(s)
Lewis, Lisa C

Application Number

US15/655,045
Publication Number

US 20180101890A1
Time in Patent Office

439 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/3825   Use of electronic signatures

G06Q 20/4016   involving fraud or risk lev...

G06Q 30/0635   Processing of requisition o...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/1466   Active attacks involving in...

H04L 67/02   based on web technology, e....

Systems and methods for detection of session tampering and fraud prevention

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

738 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for detection of session tampering and fraud prevention

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

738 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links