US2012221721A1PendingUtilityA1

Detecting Fraudulent Activity

Assignee: BHATT VIJAY CPriority: Nov 14, 2006Filed: May 11, 2012Published: Aug 30, 2012
Est. expiryNov 14, 2026(~0.3 yrs left)· nominal 20-yr term from priority
H04L 67/1008H04L 67/1001H04L 67/101H04L 63/1433H04L 63/1416
43
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Described are computer-based methods and apparatuses, including computer program products, for detecting fraudulent activity. A computing device in a second network receives a plurality of interactions between data centers in a first network and one or more devices, remote from the data centers, of a user, the interactions forming an aggregate user session representing the user's activity over a period of time with the data centers via the devices. The computing device monitors data transaction requests of the interactions and is configured to respond to each request with a response that appears as if the request was executed. If the interactions are harmful, the computing device interdicts the interactions from execution by the data centers and allows the devices to submit additional interactions. If unable to determine whether the subsequent interactions are harmful, the computing device transmits the interactions to the data centers for execution and marks the interactions.

Claims

exact text as granted — not AI-modified
1 . A method for detecting fraudulent activity, the method comprising:
 receiving, by a computing device in a second network, a plurality of interactions between a plurality of data centers in a first network and one or more devices, remote from the data centers, of a user, the plurality of interactions forming an aggregate user session representing the user's activity over a period of time with the plurality of data centers via the one or more devices;   monitoring, by the computing device, data transaction requests of the plurality of interactions, the computing device configured to respond to each data transaction request with a response that appears to the user as if the request was executed by the respective data center;   if the computing device determines that the interactions are harmful:
 interdicting, by the computing device, the interactions from execution by the plurality of data centers; and 
 allowing, by the computing device, the one or more devices to submit additional interactions; 
   if the computing device is unable to determine whether the subsequent interactions are harmful:
 transmitting, by the computing device, the interactions to the plurality of data centers for execution; and 
 marking, by the computing device, the interactions for monitoring purposes. 
   
     
     
         2 . The method of  claim 1 , if the computing device determines that the interactions are harmful, the method further comprising:
 if the computing device is able to simulate the interactions, transmitting a response for each interaction to the one or more devices, the transmitted responses appearing to the user as if the plurality of data centers executed the interactions;   if the computing device is unable to simulate the interactions, transmitting a response for each interaction to the one or more devices, the transmitted responses appearing to the user as if the plurality of data centers failed to execute the interactions due to a system error; and   monitoring, by the computing device, data transaction requests of additional interactions submitted from the one or more devices.   
     
     
         3 . The method of  claim 1 , the method further comprising:
 generating, by the computing device, a signature based on the monitoring step; and   correlating, by the computing device, the signature with previous user sessions to determine whether the plurality of interactions and the previous user sessions share one or more characteristics.   
     
     
         4 . The method of  claim 3 , wherein the characteristics include at least one of: a common user, a common remote device, a common location, or a common activity pattern. 
     
     
         5 . The method of  claim 3 , wherein the signature is generated using one or more data analysis tools that have access to the plurality of interactions. 
     
     
         6 . The method of  claim 1 , wherein the method is performed in real time. 
     
     
         7 . The method of  claim 1 , wherein the response that appears to the user as if the request was executed by the respective data center includes dummy data to prevent the user from accessing data stored in the data center. 
     
     
         8 . The method of  claim 1 , if the computing device determines that the interactions are harmful, the method further comprising:
 providing, by the computing device, responses to the additional interactions that encourage the user to stay connected to the computing device until an enforcement action is executed.   
     
     
         9 . The method of  claim 8 , wherein the responses to the additional interactions extend a session between the computing device and the one or more remote devices. 
     
     
         10 . The method of  claim 1 , if the computing device determines that the interactions are harmful, the method further comprising:
 determining, by the computing device, one or more vulnerabilities associated with the plurality of data centers based on the interactions submitted by the one or more remote devices.   
     
     
         11 . A system for detecting fraudulent activity, the method comprising:
 a computing device in a second network configured to:
 receive a plurality of interactions between a plurality of data centers in a first network and one or more devices, remote from the data centers, of a user, the plurality of interactions forming an aggregate user session representing the user's activity over a period of time with the plurality of data centers via the one or more devices; 
 monitor data transaction requests of the plurality of interactions, the computing device configured to respond to each data transaction request with a response that appears to the user as if the request was executed by the respective data center; 
 if the computing device determines that the interactions are harmful:
 interdict the interactions from execution by the plurality of data centers; and 
 allow the one or more devices to submit additional interactions; 
 
 if the computing device is unable to determine whether the subsequent interactions are harmful:
 transmit the interactions to the plurality of data centers for execution; and 
 mark the interactions for monitoring purposes. 
 
   
     
     
         12 . The system of  claim 11 , if the computing device determines that the interactions are harmful, the computing device further configured to:
 transmit a response for each interaction to the one or more devices if the computing device is able to simulate the interactions, the transmitted responses appearing to the user as if the plurality of data centers executed the interactions;   transmit a response for each interaction to the one or more devices if the computing device is unable to simulate the interactions, the transmitted responses appearing   to the user as if the plurality of data centers failed to execute the interactions due to a system error; and   monitor data transaction requests of additional interactions submitted from the one or more devices.   
     
     
         13 . A computer program product, tangibly embodied in a non-transitory computer readable storage medium, for detecting fraudulent activity, the computer program product including instructions operable to cause a computing device in a second network to:
 receive a plurality of interactions between a plurality of data centers in a first network and one or more devices, remote from the data centers, of a user, the plurality of interactions forming an aggregate user session representing the user's activity over a period of time with the plurality of data centers via the one or more devices;   monitor data transaction requests of the plurality of interactions, the computing device configured to respond to each data transaction request with a response that appears to the user as if the request was executed by the respective data center;   if the computing device determines that the interactions are harmful:
 interdict the interactions from execution by the plurality of data centers; and 
 allow the one or more devices to submit additional interactions; 
   if the computing device is unable to determine whether the subsequent interactions are harmful:
 transmit the interactions to the plurality of data centers for execution; and 
 mark the interactions for monitoring purposes. 
   
     
     
         14 . The computer program product of  claim 13 , if the computing device determines that the interactions are harmful, the computer program product including further instructions operable to cause the computing device to:
 transmit a response for each interaction to the one or more devices if the computing device is able to simulate the interactions, the transmitted responses appearing to the user as if the plurality of data centers executed the interactions;   transmit a response for each interaction to the one or more devices if the computing device is unable to simulate the interactions, the transmitted responses appearing to the user as if the plurality of data centers failed to execute the interactions due to a system error; and   monitor data transaction requests of additional interactions submitted from the one or more devices.

Join the waitlist — get patent alerts

Track US2012221721A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.