-
公开(公告)号:US11971976B2
公开(公告)日:2024-04-30
申请号:US17515026
申请日:2021-10-29
申请人: PAYPAL, INC.
发明人: Yuri Shafet , Bradley Wardman , Nahman Khayet
IPC分类号: G06F21/36 , G06F16/33 , G06F16/332 , G06N3/04
CPC分类号: G06F21/36 , G06F16/332 , G06F16/3347 , G06N3/04
摘要: There are provided systems and methods for a sentence based automated Turing test for detecting scripted computing attacks. A computing may request access to a service or data from a service provider, where the service provider may be required to determine that the device is used by a user and not a bot executing a scripted or automated process/attack against the service provider. To authenticate that the device is used by a user, the service provider may determine and output a challenge that queries the user to fill in one or more missing words from a sentence. Acceptable answers may be based on past messages and internal data that is specific to the service provider, as well as an external corpus of documents. The service provider may also further authenticate the user based on the user's response and a likely user response for that user.
-
公开(公告)号:US11699140B2
公开(公告)日:2023-07-11
申请号:US16731976
申请日:2019-12-31
申请人: PayPal, Inc.
发明人: Bradley Wardman , Nathan Pratt , Ilya Chernyakov , Yotam Perkal , Yuri Shafet
CPC分类号: G06Q20/3224 , G01S19/10
摘要: Techniques are disclosed relating to determining whether geographic locations of a user computing device satisfy a location consensus threshold. A computer system receives results of a plurality of location determination operations, each of which specifies a geographic location of a computing device initiating an action. The computer system then makes a determination whether the received results satisfy a consensus threshold as to geographic location of the computing device. In some embodiments, the determination is usable to select, from a plurality of sets of rules for different geographic regions, a particular set of rules for processing the action. In some cases, the particular set of rules is usable to determine whether to process the action. Such techniques may advantageously allow a processing system to understand how to process actions initiated by a computing device associated with different geographic locations.
-
公开(公告)号:US11200310B2
公开(公告)日:2021-12-14
申请号:US16219838
申请日:2018-12-13
申请人: PAYPAL, INC.
发明人: Yuri Shafet , Bradley Wardman , Nahman Khayet
IPC分类号: G06F21/36 , G06N3/04 , G06F16/33 , G06F16/332
摘要: There are provided systems and methods for a sentence based automated Turing test for detecting scripted computing attacks. A computing may request access to a service or data from a service provider, where the service provider may be required to determine that the device is used by a user and not a bot executing a scripted or automated process/attack against the service provider. To authenticate that the device is used by a user, the service provider may determine and output a challenge that queries the user to fill in one or more missing words from a sentence. Acceptable answers may be based on past messages and internal data that is specific to the service provider, as well as an external corpus of documents. The service provider may also further authenticate the user based on the user's response and a likely user response for that user.
-
公开(公告)号:US20210258345A1
公开(公告)日:2021-08-19
申请号:US17234388
申请日:2021-04-19
申请人: PayPal, Inc.
发明人: Bradley Wardman , Jakub Ceiran Burgis , Nicole Harris , Blake Butler , Nathan Robert Pratt , Kevin James Tyers
摘要: Methods, systems, and computer program products for performing passive and active identity verification in association with online communications. For example, a computer-implemented method may include receiving one or more electronic messages associated with a user account, analyzing the electronic messages based on a plurality of identity verification profiles associated with the user account, generating an identity trust score associated with the electronic messages based on the analyzing, determining whether to issue a security challenge in response to the electronic messages based on the generated identity trust score, and issuing the security challenge in response to the electronic messages based on the determining.
-
公开(公告)号:US11080388B2
公开(公告)日:2021-08-03
申请号:US16150213
申请日:2018-10-02
申请人: PAYPAL, INC.
摘要: Images related to one or more attacks to a service provider system may be analyzed to improve the security of the service provider system. Each of the images may be segmented into multiple segments. Each of the segments is analyzed independently to determine whether the segment includes obfuscated data and if so, which one of the data obfuscation techniques was used to generate the obfuscated data. Additional information regarding the obfuscated data may be derived from other segments that include unobfuscated data and from the metadata of the image. A data restoration algorithm may be configured accordingly to restore the obfuscated data. The restored data, as well as a context derived for the image, may be used to adjust one or more security parameters of the service provider system to improve the security of the service provider system.
-
公开(公告)号:US20210203690A1
公开(公告)日:2021-07-01
申请号:US16729210
申请日:2019-12-27
申请人: PayPal, Inc.
发明人: Eric Nunes , Kevin Tyers , Meethil Vijay Yadav , Nicholas Bailey , Todd Clausen , Nathan Pratt , Bradley Wardman
摘要: A method for phishing detection using certificates associated with uniform resource locators (URLs) is discussed. The method includes accessing certificate portions of a certificate associated with a suspect URL, the certificate accessed at a database that includes certificates obtained by monitoring certificate logs. The method includes accessing a URL score for the suspect URL. The method includes assigning a certificate rule score based on partial certificate scores of certificate portions, the certificate rule score indicating a phishing potential for the certificate, each of the partial certificate scores indicating a likelihood of phishing of each portion based on certificate rules. The method includes using a machine learning model based on the URL score and the certificate to determine a uniqueness certificate score. The method also includes determining a phishing certificate score based on the certificate rule score and the uniqueness certificate score for the certificate.
-
公开(公告)号:US10320775B2
公开(公告)日:2019-06-11
申请号:US15260388
申请日:2016-09-09
申请人: PAYPAL, INC.
IPC分类号: H04L29/06
摘要: Methods, systems, and computer program products for eliminating abuse caused by password reuse in different computer systems are disclosed. For example, a computer-implemented method may include receiving a security request comprising an anonymized version of authentication data from a first computer system of a first organization, analyzing the security request to determine a second computer system of a second organization to contact for detecting reuse of the authentication data, generating a second security request comprising the anonymized authentication data for the second computer system, sending the second security request to the second computer system of the second organization, analyzing a response to the second security request from the second computer system to determine whether the anonymized authentication data associated was detected, and providing a response to the first security request indicating whether the second computer system detected reuse of the authentication data.
-
公开(公告)号:US09866582B2
公开(公告)日:2018-01-09
申请号:US14320491
申请日:2014-06-30
申请人: PAYPAL, INC.
CPC分类号: H04L63/1441 , G06F21/51 , G06F21/566 , H04L9/3271 , H04L63/1416 , H04L63/1425
摘要: Methods, systems, and computer program products for online content referral are provided. A computer-implemented method may include receiving a request from an application, issuing a challenge to the application to determine a capability of the application, analyzing a result of the challenge to associate the application with an application type, determining whether the activity performed by the application is scripted, and classifying the activity as automated or semi-automated when it is determined that the activity is scripted.
-
公开(公告)号:US09781140B2
公开(公告)日:2017-10-03
申请号:US14827494
申请日:2015-08-17
申请人: PAYPAL, INC.
发明人: Bradley Wardman , Blake Butler
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , H04L63/1425 , H04L63/1441
摘要: Methods, systems, and computer program products for providing high-yielding detection of remote abusive content are disclosed. A computer-implemented method may include generating a graphical user interface allowing users to submit a web link for analysis to determine whether the web link is associated with malicious content, receiving the web link from the user via the graphical user interface, sending the web link to a plurality of distributed server machines to allow each of the distributed server machines to test the web link, generating a plurality of test user profiles to test the web link, testing the web link by each of the distributed server machines using one or more of the test user profiles, receiving a test result for the web link from each of the distributed server machines, and displaying a report comprising the test results for the web link to the user via the graphical user interface.
-
公开(公告)号:US20240250982A1
公开(公告)日:2024-07-25
申请号:US18424119
申请日:2024-01-26
申请人: PayPal, Inc.
发明人: Yuri Shafet , Bradley Wardman , Ilya Chernyakov
IPC分类号: H04L9/40 , G06F16/953 , G06Q20/08
CPC分类号: H04L63/1441 , G06F16/953 , G06Q20/085 , H04L63/1416 , H04L63/1433
摘要: An indication is received that a first online platform has undergone/is undergoing a first electronic attack made by one or more actors engaged in online malicious actions with the first online platform. Responsive to the indication of the first electronic attack, one or more vulnerability characteristics of the first online platform are determined, where the vulnerability characteristics are associated with the first electronic attack. A plurality of other online platforms are analyzed to identify a second online platform that shares at least one of the vulnerability characteristics with the first online platform. Based on the determining and/or the analyzing, the second online platform is predicted to be a potential target for a second electronic attack having an attack vector in common with the first electronic attack that corresponds to the shared vulnerability characteristics. An action is performed to mitigate potential damage of the second electronic attack.
-
-
-
-
-
-
-
-
-
搜索结果
68 条记录 (耗时 0.028 秒)
