Systems and methods for assessing security risk

US 10,839,065 B2
Filed: 02/28/2018
Issued: 11/17/2020
Est. Priority Date: 04/01/2008
Status: Active Grant

First Claim

Patent Images

1. A system for managing an electronic transaction, the system comprising at least one processor programmed to:

receive, during the electronic transaction, a request from a user system to access at least one resource;

cause an identification test to be administered to the user system;

analyze information relating to the identification test to determine whether the electronic transaction is associated with an elevated level of risk, wherein the information relating to the identification test indicates a manner in which a response is submitted by the user system; and

in response to determining that the electronic transaction is not associated with an elevated level of risk, grant access to the at least one resource even if the response is incorrect,wherein the at least one processor is programmed to determine the electronic transaction is associated with the elevated level of risk based at least in part on how rapidly the user system submits the response and when an amount of time taken by the user system to submit the response indicates the response is from a software robot.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for providing identification tests. In some embodiments, a system and a method are provided for generating and serving to a user an animated challenge graphic comprising a challenge character set whose appearance may change over time. In some embodiments, marketing content may be incorporated into a challenge message for use in an identification test. The marketing content may be accompanied by randomly selected content to increase a level of security of the identification test, in some embodiments, a challenge message for use in an identification test may be provided based on information regarding a transaction for which the identification test is administered. For example, the transaction information may include a user identifier such as an IP address. In some embodiments, identification test results may be tracked and analyzed to identify a pattern of behavior associated with a user identifier. A score indicative of a level of trustworthiness may be computed for the user identifier.

174 Citations

18 Claims

1. A system for managing an electronic transaction, the system comprising at least one processor programmed to:
- receive, during the electronic transaction, a request from a user system to access at least one resource;
  
  cause an identification test to be administered to the user system;
  
  analyze information relating to the identification test to determine whether the electronic transaction is associated with an elevated level of risk, wherein the information relating to the identification test indicates a manner in which a response is submitted by the user system; and
  
  in response to determining that the electronic transaction is not associated with an elevated level of risk, grant access to the at least one resource even if the response is incorrect,wherein the at least one processor is programmed to determine the electronic transaction is associated with the elevated level of risk based at least in part on how rapidly the user system submits the response and when an amount of time taken by the user system to submit the response indicates the response is from a software robot.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the at least one processor is programmed to determine whether the electronic transaction is associated with an elevated level of risk based at least in part on a total number of responses submitted by the user system within a selected time period.
  - 3. The system of claim 1, wherein the at least one processor is programmed to determine whether the electronic transaction is associated with an elevated level of risk based at least in part on how a plurality of responses submitted by the user system were distributed over time.
  - 4. The system of claim 1, wherein the at least one processor is programmed to determine whether the electronic transaction is associated with an elevated level of risk based at least in part on a time of day at which the response was submitted by the user system.
  - 5. The system of claim 1, wherein the at least one processor is programmed to determine whether the electronic transaction is associated with an elevated level of risk based at least in part on a number of times the user system requested a new challenge graphic via a refresh button.
  - 6. The system of claim 1, wherein the at least one processor is further programmed to impose one or more security measures during the electronic transaction.

7. A method for managing an electronic transaction, the method comprising acts of:
- receiving, during the electronic transaction, a request from a user system to access at least one resource;
  
  causing an identification test to be administered to the user system;
  
  analyzing information relating to the identification test to determine whether the electronic transaction is associated with an elevated level of risk, wherein the information relating to the identification test indicates a manner in which a response is submitted by the user system; and
  
  in response to determining that the electronic transaction is not associated with an elevated level of risk, granting access to the at least one resource even if the response is incorrect,wherein determining the electronic transaction is associated with the elevated level of risk is based at least in part on how rapidly the user system submits the response and when an amount of time taken by the user system to submit the response indicates the response is from a software robot.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the act of analyzing comprises determining whether the electronic transaction is associated with an elevated level of risk based at least in part on a total number of responses submitted by the user system within a selected time period.
  - 9. The method of claim 7, wherein the act of analyzing comprises determining whether the electronic transaction is associated with an elevated level of risk based at least in part on how a plurality of responses submitted by the user system were distributed over time.
  - 10. The method of claim 7, wherein the act of analyzing comprises determining whether the electronic transaction is associated with an elevated level of risk based at least in part on a time of day at which the response was submitted by the user system.
  - 11. The method of claim 7, wherein the act of analyzing comprises determining whether the electronic transaction is associated with an elevated level of risk based at least in part on a number of times the user system requested a new challenge graphic via a refresh button.
  - 12. The method of claim 7, further comprising an act of imposing one or more security measures during the electronic transaction.

13. At least one non-transitory computer-readable storage medium having encoded thereon instructions which, when executed by at least one processor, cause the at least one processor to perform a method for managing an electronic transaction, the method comprising acts of:
- receiving, during the electronic transaction, a request from a user system to access at least one resource;
  
  causing an identification test to be administered to the user system;
  
  analyzing information relating to the identification test to determine whether the electronic transaction is associated with an elevated level of risk, wherein the information relating to the identification test indicates a manner in which a response is submitted by the user system; and
  
  in response to determining that the electronic transaction is not associated with an elevated level of risk, granting access to the at least one resource even if the response is incorrect,wherein determining the electronic transaction is associated with the elevated level of risk is based at least in part on how rapidly the user system submits the response and when an amount of time taken by the user system to submit the response indicates the response is from a software robot.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The at least one computer-readable storage medium of claim 13, wherein the act of analyzing comprises determining whether the electronic transaction is associated with an elevated level of risk based at least in part on a total number of responses submitted by the user system within a selected time period.
  - 15. The at least one computer-readable storage medium of claim 13, wherein the act of analyzing comprises determining whether the electronic transaction is associated with an elevated level of risk based at least in part on how a plurality of responses submitted by the user system were distributed over time.
  - 16. The at least one computer-readable storage medium of claim 13, wherein the act of analyzing comprises determining whether the electronic transaction is associated with an elevated level of risk based at least in part on a time of day at which the response was submitted by the user system.
  - 17. The at least one computer-readable storage medium of claim 13, wherein the act of analyzing comprises determining whether the electronic transaction is associated with an elevated level of risk based at least in part on a number of times the user system requested a new challenge graphic via a refresh button.
  - 18. The at least one computer-readable storage medium of claim 13, further comprising an act of imposing one or more security measures during the electronic transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NuData Security Inc. (MasterCard Incorporated)
Original Assignee
Mastercard Technologies Canada ULC (MasterCard Incorporated)
Inventors
Bailey, Christopher Everett
Primary Examiner(s)
Samwel, Daniel

Application Number

US15/908,548
Publication Number

US 20180189475A1
Time in Patent Office

993 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/36   by graphic or iconic repres...

G06F 2221/2103   Challenge-response

G06F 2221/2133   Verifying human interaction...

G06Q 30/02   Marketing; Price estimation...

G06Q 30/0277   Online advertisement

G06T 13/80   2D [Two Dimensional] animat...

H04L 63/1433   Vulnerability analysis

Systems and methods for assessing security risk

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

174 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for assessing security risk

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

174 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links