WO2019123479A1 - Method and system to use click event to securely authenticate online user's input and prevent frauds - Google Patents

Method and system to use click event to securely authenticate online user's input and prevent frauds Download PDF

Info

Publication number
WO2019123479A1
WO2019123479A1 PCT/IN2018/050854 IN2018050854W WO2019123479A1 WO 2019123479 A1 WO2019123479 A1 WO 2019123479A1 IN 2018050854 W IN2018050854 W IN 2018050854W WO 2019123479 A1 WO2019123479 A1 WO 2019123479A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
servers
dcdo
image
users
Prior art date
Application number
PCT/IN2018/050854
Other languages
French (fr)
Inventor
Sekhar Rao Balaga
Original Assignee
Sekhar Rao Balaga
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sekhar Rao Balaga filed Critical Sekhar Rao Balaga
Publication of WO2019123479A1 publication Critical patent/WO2019123479A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • the present invention relates to method and system for secure authentication of an online user. More specifically it relates to method and system to use click event to securely authenticate online user’s input and prevent frauds.
  • the content providers provide plurality of contents and services to the users.
  • the content providers may obtain the consent of the user through fraudulent means and make the user(s) subscribe to unwanted content(s) or service(s).
  • the user(s) may end up paying for unwanted subscription, downloading or using those contents and services without giving any consent for the same.
  • BOTs automatic programs which are capable of simulating user’s actions or behavior.
  • Such BOTs send users’ positive confirmation, without his knowledge or consent, by identifying and selecting/clicking buttons/options made available on a webpage on behalf of the user and have the user charged for such unwanted contents and/or services.
  • One of the major ways of advertising online is Digital marketing which depends on users’ clicks (Pay-per-click), signifying website’s traffic. In such cases the advertiser who is putting up the sponsored ads must pay only when their ad is clicked. However, of late this also has fallen prey to online frauds. Such ads are not being clicked by users, but by automated programs resulting in large revenue losses to advertisers. Also, it skews understanding of customers’ requirements to the advertisers which is also another important objective of the whole exercise.
  • VAS Value-Added-Services
  • OTP One-time-password
  • USSD One-time-password
  • Another online fraudulent activity is use of crawler programs.
  • the crawler programs skim competitor websites to get the best price points available online, and automatically undercut competitors pricing, thus resulting in revenue losses to competitors.
  • Such website use price scraping to undercut the competitors pricing and inventory blocking to block real users from purchasing the products.
  • Another issue is when automated programs submit online forms by simulating real users resulting in loss of scarce resources, for example by purchasing goods at discounted prices and reselling them on other websites at a profit.
  • Another outcome of the fraudulent BOTs is to use up the server resources of the hosting website, resulting in Denial of Service (DoS) attacks. This means that the websites become too slow for the real users to access them or do any transactions on the services.
  • DoS Denial of Service
  • CAPTCHAs Completely Automated Public Turing test to tell Computers and Humans Apart
  • BOTs have become more sophisticated with capabilities to read and input CAPTCHAs and are able to break this defense mechanism.
  • CAPTCHAs have become highly complex, resulting in some improvement in the defense against BOTs, but, it has made it increasingly difficult for humans to fill CAPTCHAs, resulting in user inconvenience and increased cart abandonment rates.
  • US7231657B2 discloses a computer system to authenticate users of vendors supplying services and/or products to the users, the system having programmed processors providing authentication rules, authenticating users according to the authentication rules responsive to user authentication requests, configuring the authentication rules in real-time, thereby allowing real-time customization of the system, providing multi-factor user authentication processes, using any data sources providing information about and/or known to the users to authenticate the users, thereby providing a data agnostic system, and authentication strategies correspond to the authentication rules, thereby allowing the system to support authentication strategy experimentation.
  • US7516483B2 discloses a method of accomplishing two-factor user authentication, comprising providing two separate user authentication methods, enabling a user to communicate authentication data for both authentication methods to a first web site using the internet, and enabling the communication of at least some of the authentication data from the first web site to a second web site also using the internet. Both web sites are thus involved in user authentication using the authentication data.
  • US8539569B2 discloses systems and methods for facilitating network transactions include user authentication over a network by providing strong mutual authentication of client web application to server side application server, providing session encryption key negotiation after authentication to continue encryption during communication, and providing a high- level encryption technique referred to as an effective zero knowledge proof of identity (eZKPI) algorithm.
  • the eZKPI algorithm is adapted to couple something the user Knows (e.g., a password or personal identification number) with something the user Has (e.g., a secure identification card) to create a stronger identity authentication proof for access to a mobile device and applications running on the mobile device.
  • the above cited documents US7231657B2 does not discloses the splitting DCDO image- based user authentication.
  • the cited document also does not disclose machine learning algorithm for machine updating as well as user second authentication.
  • the cited documents US7516483B2 discloses one-way user authentication system using token based electronic system.
  • present invention discloses a system for safely obtaining inputs from the user by two-way authentication system using DCDO images.
  • the cited document US8539569B2 discloses facilitating transaction over networks which is different from the present invention.
  • OBJECTS OF INVENTION 1 To provide a user-friendly mechanism for securely obtaining inputs from an online user, thereby prevent automated programs from performing automated fake clicks on behalf on the online user without the user’s consent.
  • Machine-Learning based logic in the back-end to detect fraudulent transactions and block them.
  • the embodiments herein relate to method and system, More specifically the present invention relates to method and system to use click event to securely authenticate online user’s input and prevent frauds.
  • the system includes one or more user terminals, one or more content providers, one or more portal hosting server, one or more image generator gateways and one or more machine learning servers, which are communicatively connected via one or more networks.
  • the system is configured to perform the method of obtaining one or more user inputs based on a click event and securely authenticate the online users using user’s parameters and pattern recognition using one or more machine learning algorithms.
  • the system includes one or more user terminals, where the one or more user terminals send one or more requests of one or more users to one or more portal hosting server.
  • the one or more portal hosting server requests the one or more image generator servers to generate Dynamic Context Driven Object (DCDO) image.
  • the one or more image generator servers produce DCDO image and split it into multiple layers.
  • DCDO Dynamic Context Driven Object
  • the one or more portal hosting server receives the multiple generated layers of DCDO image from the one or more image generator servers and further send the multiple generated layers of DCDO image to the one or more user terminals in such a manner that the layers are not machine readable All the multiple generated layers of the DCDO image are merged at runtime in a preconfigured manner at the one or more user terminals to form and display one or more DCDO images.
  • the merged image is also not machine readable, thereby preventing BOTs from interfering in the process of image transfer or reading one or more user inputs.
  • the one or more users provide his/her inputs by clicking over the one of the graphical objects on the displayed one or more DCDO images.
  • the one or more user inputs include click coordinates of the selected one or more DCDO images.
  • the one or more user inputs are encrypted and transferred from the one or more user terminals to the one or more image generator servers.
  • the one or more image generators map the one or more users input comprising of the click coordinates with the saved data associated with the multilayered DCDO image.
  • the one or more image generator servers interpret the one or more users input based on the mapping and use it to authenticate user for the next action.
  • the one or more user inputs are also analyzed by one or more machine-learning training server to improve and update the learning.
  • the learning is used by a one or more machine learning prediction servers to detect fraudulent patterns which are then used to interpret the patterns of the current one or more user inputs and detect if the patterns match with a fraudulent user or a real user. Finally, the one or more users are redirected based on authentication.
  • Example if the one or more users are detected as real user, the one or more users are redirected to the content. Else, if the one or more users are detected as a fraudulent user, the one or more users are redirected out of the real flow. If it is predicted that the received request could be a fraudulent user, the one or more users may be redirected to additional authentication including but not restricted to OTP, USSD or an additional opportunity to retry.
  • FIG. 1 illustrates a high-level overview of a system for securely obtaining online user’s input based on a click event and authenticate the user, according to the embodiments as disclosed herein.
  • FIG. 2 is a flow diagram illustrating a method of securely obtaining online user’s input based on a click event and authenticate the user, according to an embodiment as disclosed in the embodiments herein.
  • FIGS. 3a-3c illustrate example DCDO images with graphical objects positioned at various positions for obtaining the consent/input of the user, according to the embodiments as disclosed herein.
  • FIGS. 4a-4c illustrate various layers of the DCDO image each containing a graphical object, according to the embodiments as disclosed herein.
  • FIG. 5A is a sequence diagram showing various signaling messages for secure authentication of the user based on input from the user, according to the embodiments as disclosed herein.
  • FIG. 5B is another sequence diagram showing various signaling messages for secure authentication of the user based on input from the user, according to the embodiments as disclosed herein.
  • FIG. 6 illustrates an example DCDO image containing graphical objects in which the consent from the user is obtained for secure redirection, according to the embodiments as disclosed herein.
  • FIG. 7 illustrates an example image showing price point along with graphical objects positioned at various positions for secure authentication of the user, according to the embodiments as disclosed herein.
  • FIG. 8 illustrates an example image showing a virtual keypad for secure authentication of the user, according to an embodiment as disclosed herein.
  • FIGS. 9A and 9B illustrate another example DCDO images showing graphical objects for secure authentication of the user, according to an embodiment as disclosed herein.
  • FIG. 10 illustrates a computing environment implementing the method and system for secure redirection for payment processing based on consent of the user, according to an embodiment as disclosed herein.
  • circuits may, for example, be embodied in one or more semiconductor chips, or on substrate supports such as printed circuit boards and the like.
  • the circuits constituting a block may be implemented by dedicated hardware, or by a processor (e.g., one or more programmed microprocessors and associated circuitry), or by a combination of dedicated hardware to perform some functions of the block and a processor to perform other functions of the block.
  • the circuits may include higher processing units like Graphics Processing Units (GPU) or/and customize processing by Field-Programmable Gate Array (FPGA) logic.
  • GPU Graphics Processing Unit
  • FPGA Field-Programmable Gate Array
  • the present invention discloses method and system for presenting information in a secure manner to online user(s), obtaining one or more users’ inputs based on a click event and securely authenticating the online user.
  • the user inputs are analyzed by a machine-learning algorithm to detect fraudulent patterns which is then used to interpret the patterns of the current user inputs and detect if the patterns match with a fraudulent user or a real user.
  • the present invention makes the whole process secure by preventing online frauds such as input of fake clicks by the automated programs/BOTs imitating human input, prevent skimming away of data such as pricing information by web crawlers and filling of the junk data by automated utilities.
  • the present invention makes the method of authentication user friendly by reducing interference and friction that are introduced by alternate approaches like CAPTCHA, OTP and USSD.
  • the present system includes a user terminal, a portal hosting server, an image generator server, a content provider server and machine learning server, communicatively connected via a network.
  • the present system is configured to perform the method of obtaining an online user inputs based on a click event and securely authenticate the online user.
  • the present invention relates to a system and method to securely obtain online one or more user’s input based on a click event and authenticate the one or more users.
  • the system includes one or more user terminals, one or more content provider servers, one or more portal hosting-servers, one or more image generator gateways and one or more machine learning servers, which are communicatively connected via one or more networks.
  • the system is configured to perform the method of obtaining the one or more users’ input based on a click event and securely authenticate one or more online users using user’s parameters and pattern recognition by using one or more machine learning algorithms.
  • the one or more user terminals includes, but not limited to, a mobile phone, a tablet, a smart phone or any communication device or any electronic device on which a user can access the webpages or Apps.
  • the one or more content provider servers provide, but not limited to, a digital content, financial entity, an association network, acquirer, issuer, payment bank, aggregator or the like.
  • the one or more content provider servers also be called as a merchant server.
  • the content provided by the one or more content provider servers include, but not limited to, apps, wallpaper, multimedia, news, and other various subscription services.
  • One or more user terminals where the one or more user terminals send one or more requests of one or more users to one or more portal hosting servers. Then the one or more portal hosting server request the one or more image generator servers to generate multiple layers of DCDO images.
  • the one or more dynamic context driven object (DCDO) images containing graphical objects at configurable positions on the image is generated.
  • the one or more DCDO images are split into multiple layers using multiple image-generation techniques including, but not limited to, an image cryptography, a bit-plane splicing.
  • the graphical object area consisting of labels, texts, buttons, components are dynamically generated and randomly configured to generate multiple split layers of the one or more DCDO images, wherein each of one or more graphical obj ects are associated with an option being provided to the one or more users.
  • the one or more portal hosting server receives the multiple split layers of the one or more DCDO images from the one or more image generator servers and further sends the multiple split layers of the one or more DCDO image to the one or more user terminals in such a manner that the split layers are not machine readable by technology like Optical Character Readers (OCRs) or can be simulated by BOTs. All the multiple split layers of the DCDO image are merged at runtime in a preconfigured manner at the one or more user terminals to form and display one or more merged DCDO images. The one or more merged DCDO images are also not machine readable, thereby preventing BOTs from interfering in the process of image transfer or reading the one or more user input.
  • the one or more users provide input by clicking over the one of the one or more graphical objects on the displayed the one or more merged DCDO images, wherein the one or more users input comprises click coordinates of the selected one or more merged DCDO images.
  • the one or more users input are encrypted and transferred from the one or more user terminals to the one or more image generator servers.
  • the one or more image generator servers map the one or more users input which include click coordinates with the saved data associated with the one or more merged DCDO images.
  • the one or more image generator servers interpret the one or more users input based on the mapping and based on interpretation authenticate the one or more users for the next action.
  • the one or more user inputs are also analyzed by one or more machine-learning training servers to improve and update the learning.
  • the one or more machine-learning training servers analyses the historic data, to infer rules inherent in the data.
  • the one or more machine-learning training servers uses method including but not restricted to neural networks to calculate how much each of the user inputs contribute to the probability that the user transaction is fraudulent or genuine.
  • the one or more user inputs are passed to the machine learning prediction (MLP) server, which calculates the probability whether the one or more users transaction are fraudulent or not.
  • MLP machine learning prediction
  • the one or more users are redirected to the content.
  • the one or more users are redirected out of the real flow. If it is predicted that the received request could be a fraudulent user, the one or more users may be redirected to additional authentication including but not restricted to OTP, USSD or an additional opportunity to retry.
  • the present invention discloses method and system for presenting information in a secure manner to online user(s), obtaining online user’s input based on a click event and securely authenticating the online user.
  • the present invention comprises a system which includes a user terminal, a content provider server, a portal hosting-server, an image generator gateway and a machine learning server, which are communicatively connected via a network.
  • the system is configured to perform the method of obtaining one or more user’s input based on a click event and securely authenticate the online users using user parameters and pattern recognition using a machine learning algorithm.
  • the portal hosting server requests the image generator server to generate a DCDO image.
  • a dynamic context driven object (DCDO) image containing graphical objects at configurable positions on the image is generated.
  • the image generator then splits the dynamic context driven object (DCDO) image into multiple layers
  • the portal hosting server receives the multiple split layers of DCDO images from the image generator servers and further sends the multiple split layers of dynamic context driven object(DCDO) image images to the user terminals in such a manner that the split layers of the dynamic context driven object(DCDO) image are not machine readable by technology like Optical Character Readers (OCRs) or can be simulated by BOTs. All the multiple split layers of the dynamic context driven object(DCDO) image are merged at runtime in a preconfigured manner at the user terminal to form and display a merged dynamic context driven object (DCDO) image.
  • the user provide input by clicking over graphical objects displayed on merged dynamic context driven object (DCDO) image, wherein the user input comprises click coordinates of the selected merged dynamic context driven object (DCDO) image.
  • the user input is encrypted and transferred from the one or more user terminals to the one or more image generator servers.
  • the image generator server maps the user input which includes click coordinates with the saved data associated with the merged dynamic context driven object (DCDO) image.
  • the image generator server then analyze/interpret the user input based on the mapping and based on interpretation, authenticate the user for the next action.
  • DCDO dynamic context driven object
  • the user input is also analyzed by a machine-learning training server to improve and update the learning.
  • the machine-learning training server analyses the historic data, to infer rules inherent in the data.
  • the machine-learning training server uses method including but not restricted to neural network to calculate how much each of the user input contribute to the probability that the user transaction is fraudulent or genuine.
  • the user inputs are passed to the machine learning prediction (MLP) server, which calculates the probability whether the user transaction is fraudulent or not.
  • MLP machine learning prediction
  • the user is redirected to the content.
  • the user is redirected out of the real flow. If it is predicted that the received request could be a fraudulent user, the one or more users may be redirected to additional authentication including but not restricted to OTP, EiSSD or an additional opportunity to retry.
  • the present invention includes a method to securely obtain online user’ s input based on a click event and authenticate the user wherein the method comprises, sending one or more first user consents of one or more users to one or more content provider servers by one or more user terminals, redirecting the one or more first user consents to one or more portal hosting servers by the one or more content provider servers, requesting one or more image generator servers to generate a one or more DCDO image by the one or more portal hosting servers, generating the one or more DCDO images and splitting the one or more DCDO images into plurality of layers, sending the plurality of split layers of the one or more DCDO images to the one or more portal hosting servers by the one or more image generator servers, sending the plurality of generated layers of DCDO images to the one or more user terminals by the one or more portal hosting servers, merging the plurality of split layers of the one or more DCDO images by the one or more user terminals, displaying the one or more merged DCDO images by the one or more user terminals, receiving click coordinate
  • the one or more user inputs are also analyzed by one or more machine-learning training servers to improve and update the learning.
  • the learning is used by a one or more machine learning prediction servers to detect fraudulent patterns which is then used to interpret the patterns of the current the one or more user inputs and detect if the patterns match with a fraudulent user or a real user.
  • the one or more user inputs are also analyzed by one or more machine-learning training servers to improve and update the learning.
  • the learning is used by a one or more machine learning prediction servers to detect fraudulent patterns which is then used to interpret the patterns of the current the one or more user inputs and detect if the patterns match with a fraudulent user or a real user.
  • the one or more users are redirected based on authentication if the one or more users are detected as a real user, the one or more users are redirected to the content. Else, if the one or more users are detected as a fraudulent user, the one or more users are redirected out of the real flow. If it is predicted that the received request could be a fraudulent user, the one or more users may be redirected to additional authentication including but not restricted to OTP, USSD or an additional opportunity to retry.
  • a content provider server invokes an image generator server, without receiving any request from a user terminal, for directly displaying a DCDO image to the webpage for securely obtaining consent of the user for purchasing/ subscribing/ viewing/ downloading any desired content provided in the webpage.
  • the image generator server uses image generation APIs to generate multiple layers of the DCDO image containing one or more graphical objects dynamically positioned at random coordinates over the DCDO image.
  • the DCDO image is split into multiple layers using multiple image-generation techniques including but not limited to image cryptography, bit-plane splicing.
  • the one or more graphical objects area, depending on the context, include approval or disapproval or selection labels (for example, with a text containing yes or no), text, buttons, elements, components, or the like.
  • the graphical objects are provided as binary data or binary text over the image.
  • the one or more graphical objects are configured to be of variable colors and randomly positioned over the Dynamic Context Driven Object (DCDO) image.
  • DCDO Dynamic Context Driven Object
  • the image generator server sends the generated multiple layers of the DCDO image to the portal hosting server. Subsequently, the portal hosting server sends the multiple layers DCDO image containing graphical objects to the user terminal. At the user terminal, the multiple layers of the DCDO image are merged in a predefined manner to form a corresponding DCDO image which is not machine readable thereby preventing BOTs from interfering in the process.
  • the user terminal receives input from the user by a click on the DCDO image.
  • the received input is encrypted and sent by the user terminal to the image generator server via the portal hosting server for validation.
  • the image generator server decrypts the encrypted user input to obtain the user’s input, which is further validated against the DCDO image.
  • the User Inputs are sent to the Machine Learning Prediction (MLP) server.
  • MLP Machine Learning Prediction
  • the MLP server uses knowledge from the previously learnt patterns to analyze the user inputs and performs predictions on whether the new user inputs are coming from a real or fraudulent user.
  • the user inputs are also forwarded to the machine learning training (MLT) server which is used for enhancing the training data set, thereby improving future predictions.
  • MLT machine learning training
  • the user terminal is redirected to portal hosting server with the user’s consent.
  • the portal hosting server initiates appropriate action based on the user’s consent. If the user inputs match closely with that of a fraudulent user, the user is redirected away and blocked from accessing further information.
  • the authentication and appropriate action include communicating with a merchant content provider server, a payment gateway, a financial institution, a non-fmancial institution, telecommunication provider, e-commerce institutions, CAPTCHA providers or the likes.
  • the financial entity confirms the payment deduction from user’s account and communicates the payment deduction to the user terminal.
  • the present system also be implemented on a wireless application protocol (WAP) portal, which can be accessible to the user terminal through a WAP browser (for example: a web browser or a mobile application) on the user terminal.
  • WAP wireless application protocol
  • the system can also be accessed over internet via internet connected device.
  • graphical objects positioned over an image will occupy a combination of pixels of the image.
  • the graphical object as an area containing the text as‘YES’ .
  • the text‘YES’ is positioned over the image such that it occupies a combination of pixels of the image.
  • the graphical objects added to the multiple layers of the DCDO image are context based and include approval or disapproval labels (for example, options of clicking YES or NO text or selection of an appropriate option among many options provided), buttons, elements, components, or the likes. It is to be appreciated that no single layer of the layers of DCDO image reveals content(s) by itself, the content(s) is revealed only when all the layers are overlaid to form the DCDO image and that too only under specified preset sequence.
  • a user terminal enables a client for encrypting an image with user’s consent.
  • the client updates the encryption algorithm from an image generator server, when the data connection is enabled on the user terminal.
  • a method for user authentication also readily implemented by substituting or augmenting the conventional CAPTCHA or OTP mechanism for authentication of a user.
  • the present method is not only secure but also user-friendly, since the user is neither required to solve complicated CAPTCHAs nor need keep his phone handy to receive one-time passwords (OTP).
  • OTP one-time passwords
  • the user has to only click once on a DCDO image.
  • the portal hosting server is any third-party portal hosting server for processing the payment.
  • an image generator server is present in a mobile network.
  • a user terminal includes a client for encrypting the image with the user’s consent.
  • the client able to update the encryption algorithm from an image generator server, when the data connection is enabled on the user terminal.
  • the contextual graphical object includes a virtual keypad.
  • a user is authenticated by providing the virtual keypad on DCDO image generated at an image generator server. The user enters the credentials for authentication through the virtual keypad. After receiving the credentials from the user, click coordinated are encrypted and sent to the image generator server for validation. Based on validation at the image generator server, the user is authenticated and relevant next step is initiated. This specific implementation could be helpful in preventing the automated programs from submitting online forms/information by simulating real users.
  • a computing environment implementing a method and system for secure redirection for payment processing based on consent of the user
  • the computing environment comprises at least one processing unit that is equipped with a control unit and an arithmetic logic unit (ALU), a memory, a storage unit, plurality of networking devices and a plurality input output (I/O) devices.
  • a graphic processing unit is optional and is included in the computing environment based on the processing needed.
  • the processing unit is responsible for processing the instructions of the algorithm.
  • the processing unit receives command from the control unit in order to perform its processing. Further, any logical and arithmetic operations involved in the execution of the instructions are computed with the help of the ALU.
  • the overall computing environment can be composed of multiple homogeneous and/or heterogeneous cores, multiple CPUs of different kinds, special media and other accelerators.
  • the processing unit is responsible for processing the instructions of the algorithm. Further, the plurality of processing units may be located on a single chip or over multiple chips.
  • the algorithm comprising of instructions and codes required for the implementation are stored in either the memory unit or the storage or both. At the time of execution, the instructions may be fetched from the corresponding memory and/or storage and executed by the processing unit. If a faster processing is needed the Graphics Processing Unit (GPU) or/and customize processing by Field-Programmable Gate Array (FPGA) logic may be included.
  • GPU Graphics Processing Unit
  • FPGA Field-Programmable Gate Array
  • the GPU/FPGA can be used for generating the DCDO images and for the MLT to train the machine learning model which is to be used in the MLP.
  • various networking devices or external I/O devices may be connected to the computing environment to support the implementation through the networking unit and the I/O device unit.
  • the user is online users.
  • system for secure authentication of a user is system for secure authentication of an online user.
  • the graphical objects may be one- time passwords (OTPs).
  • OTPs one- time passwords
  • a generated layered DCDO image by the server includes multiple OTPs.
  • a user is requested to select by clicking on the correct OTP for authentication.
  • multiple date of births are provided as contextual graphical objects on a DCDO image and user is requested to select one DOB. based on the user selection, the user is authenticated.
  • DOBs date of births
  • FIG. 1 illustrates a high-level overview of a system (100) for securely obtaining online user’s input based on a click event and authenticating the user, according one of the embodiments of the present invention.
  • the system (100) includes a user terminal (102), a portal hosting server (104), an image generator server (106) and a content provider server (108), a machine learning training server (110) and a machine learning prediction server (112).
  • the portal hosting server (104) acts as a security filter for safely displaying information intended to be displayed on the display screen of the user terminal by the content provider server 108 and securely receiving online users’ input.
  • the image generator server (106) can be a network data center, a server on the cloud or the like which is configured to generate multiple layers of a Dynamic Context Driven Object (DCDO) image at the request of the content provider server (108).
  • the image generator server (106) communicatively connected via one or more networks with the content provider servers (108) and supports one or more interfaces including, charging gateways, financial services (for example: e-commerce, m-commerce and so on), mobile payment gateway, online banking, online wallet, mobile wallet and cash cards and the likes.
  • charging gateways for example: e-commerce, m-commerce and so on
  • mobile payment gateway online banking, online wallet, mobile wallet and cash cards and the likes.
  • the content provider server (108) redirects the online user to the portal hosting server (104).
  • the portal hosting server (104) invokes the image generator server (106) for securely obtaining consent of the user for purchasing/ subscribing/ viewing/ downloading any desired content.
  • the user inputs received at the portal hosting server (104) are forwarded to a machine learning training (MLT) server (110) for analyzing. Then the analyzed inputs from the machine learning training (MLT) server (110) are send to a machine learning prediction (MLP) server (112).
  • MLP machine learning prediction
  • the machine learning prediction (112) server analyze the inputs in order to determine whether the user is real or fraudulent.
  • FIG. 2 is a flow diagram (200) illustrating a method of securely obtaining one or more users’ inputs based on a click event and securely authenticate the one or more online users, according to an embodiment of the present invention.
  • the method includes generating the multiple layers of the Dynamic Context Driven Object (DCDO) image containing one or more graphical objects dynamically positioned at random coordinates over the DCDO image, wherein each of the one or more graphical objects is associated with the options being made available to the online user.
  • DCDO Dynamic Context Driven Object
  • the method includes transmitting all the layers of the DCDO image (from the image generator server (106) to the user’ s terminal (102) in an encrypted manner such that no individual layer is deciphered by automated programs or Optical Character Recognition (OCR) or can be simulated by BOTs.
  • OCR Optical Character Recognition
  • the method includes merging all the layers of the DCDO image at runtime, in the specified preset sequence to form a DCDO image and displaying it on the user terminal (102).
  • the DCDO image is not readable by automate programs, OCR software or BOTs.
  • the dynamically varying coordinates of the graphical objects defeats the repeated attempts of automated programs of simulating user input since such programs cannot accurately predict the location of the graphical image and transmit the user consent to the portal hosting server (104).
  • the user’s click coordinates as input on the DCDO received.
  • the automated programs or BOTs fail to click and select appropriate options made available on the DCDO image fraudulently on behalf of the user.
  • the input of the user includes click coordinate on the DCDO image where the click was made.
  • the click coordinates corresponds to x- coordinate and y-coordinate indicating the exact position of the input area of the DCDO image.
  • the click coordinates received as user’s input are encrypted at the user’s terminal (102). For example, if the user is interested in purchasing or subscribing desired content, then the user clicks on‘YES’ area displayed over the DCDO image to indicate his consent (refer to FIG. 3a).
  • the method includes receiving the encrypted click coordinates from the user terminal (102) for validation to authenticate the user at the image generator server (106) via the portal hosting server (104).
  • the image generator server (106) extracts the user’ s input by applying suitable decryption techniques (which are known only to the image generator server (106) a-priori).
  • the method includes mapping the received click coordinates with the DCDO image layers stored at the image generator server (106).
  • the graphical objects are positioned at the specific coordinates and each of the graphical object correspond to a specific option made available to the user. Therefore, based on the mapped click coordinate the user’s input is interpreted. Mapping authenticates that it is a real user providing input, since the automated programs or BOTs cannot provide appropriate input.
  • the user related data and click related data is passed through the MLP block in order to obtain a prediction based on a Machine Learning based engine.
  • Step (214) includes a decision point wherein the result from Machine Learning Prediction is used to decide if the user transaction is from a fraudulent BOT or a real user.
  • the method includes redirecting the user based on authentication and interpreted user’ s input.
  • the user terminal ( 102) i s redirected to portal hosting server ( 104) with the user’s consent.
  • FIGS. 3a-3c illustrate example DCDO images with graphical objects positioned at various positions for obtaining the consent/input of the user, according to an embodiment of the present invention.
  • the portal hosting server (104) invokes the script engine at the image generator server (106)
  • a secure script is executed at the image generator server (106) to generate a layered DCDO image containing graphical objects positioned at random coordinates over the different DCDO images.
  • FIGS. 4a-4c illustrate various layers of the DCDO image each containing a graphical object (a portion or full part), according to an embodiment of the present invention.
  • FIG. 4a and FIG. 4b show the split images.
  • the merged DCDO image is generated as shown in the FIG. 4c, at runtime, at the user terminal by merging the layer 1 and the layer 2.
  • FIG. 5 A is a sequence diagram showing various signaling messages for performing secure authentication of the user based on input from the user, according to an embodiment of the present invention.
  • the user terminal (102) accesses (502a) content from the content provider server (108). If the user is interested in any content, then he sends (504a) via the user terminal (102) to the content provide server (108). The user clicks on the desired content for subscribing to the content.
  • the content provider server (108) redirects (506a) the user to the portal hosting server (104).
  • the portal hosting server (104) invokes (508a) image generator server (106) for obtaining second secured consent of the user.
  • the image generator server (106) generates (5l0a) the multi-layered DCDO image containing one or more graphical objects at random coordinates. Further, the image generator server (106) sends (5 l2a) the generated DCDO image layers to the portal hosting server (104).
  • the portal hosting server 104 sends (5l4a) the DCDO image layers to the user terminal (102).
  • the user terminal 102 merges the layers to form the DCDO image and receives input from the user on the DCDO image.
  • the user terminal (102) receives the click coordinates (516a) and sends the encrypted click coordinates to the image generator server (106) for validation.
  • the image generator server (106) decrypts (518 a) the image coordinated to obtain the user’s input.
  • the image generation server then sends a request to the machine learning prediction (MLP) server (112) for Fraud analysis (524a) to obtain the probability of the transaction being fraudulent.
  • MLP server returns a prediction if the transaction is from a fraudulent or real user (526a).
  • the user terminal (102) is redirected (520a) to the portal hosting server (104).
  • the portal hosting server (104) initiates (522a) charging/further procedure based on the user’s input and validation by MLP.
  • FIG. 5B is another sequence diagram showing various signaling messages for performing secure authentication of the user based on input from the user, according to another embodiment of the present invention.
  • the user terminal (102) accesses (502a) content from the content provider server (108).
  • the content provider server (108) invokes (404b) image generator server (106) for authenticating the user.
  • the image generator server (106) generates (406b) multi-layered DCDO image containing the one or more graphical objects at random coordinates. Further, the image generator server 106 sends (408b) the generated DCDO image layers to the user terminal 102. The user terminal 102 receives input from the user on the DCDO image. Further, the user terminal 102 encrypts (5 lOb) and sends the click coordinates to the image generator server 106 for validation. The image generator server 106 decrypts (5l2b) the click coordinated and maps them to the layered DCDO image to obtain the user’ s input. The image generation server then sends a request to the Machine Learning Prediction (MLP) server 112 for Fraud analysis (524a) to obtain the probability of the transaction being fraudulent. The MLP server returns a prediction if the transaction is from a fraudulent or real user (526a). The image generator server 106 with the portal hosting server 104 initiates (5 l4b) charging procedure with the content provider server 108 based on the user input.
  • MLP Machine Learning
  • FIG. 6 illustrates an example DCDO image containing graphical objects in which the consent from the user is obtained for secure redirection.
  • the portal hosting server 104 sends the image containing‘Yes’ and‘No’ areas for obtaining the consent of the user.
  • The‘Yes’ and‘No’ areas are displayed on the image and is viewable by the user. If the user is interested in purchasing the desired content, then the user clicks on‘yes’ area displayed over the image to indicate the consent. When the user clicks on the ‘yes’ area, the user parameters are set to machine learning prediction server (112) for analysis. If the user is detected as a fraudulent user, the user is redirected out of the real flow.
  • the one or more users may be redirected to additional authentication including but not restricted to OTP, USSD or an additional opportunity to retry.
  • user terminal (102) is redirected to a payment page provided by the financial institution as shown in the FIG. 6.
  • the user is requested to enter the transaction information which includes, but not limited to, credit card credentials, debit card credentials, security codes, user ID, password credentials or the like.
  • the consent of the user is obtained through the graphical obj ects‘ Submit’ and‘Cancel’ positioned over the DCDO image provided on the payment page.
  • the consent of the user is transmitted as encrypted click coordinates and sent to the image generator server (106) for validation.
  • the user terminal is redirected to the portal hosting server (108).
  • the portal hosting server (104) initiates the charging procedure based on the user’s consent. In case, the user clicks on‘no’ area displayed over the image to indicate dissent, then the portal hosting server (104) redirects the user terminal (102) back to its home page or any other free content page.
  • FIG. 7 illustrates an example image showing price point along with graphical objects positioned at various positions for secure authentication of the user, according to the embodiments as disclosed herein.
  • the DCDO image is generated with the price point (i.e ., 200 USD) along with contextual graphical objects ⁇ i.e., Yes and No areas).
  • the user input on the graphical objects is received as click coordinated and encrypted. Further, the coordinated are sent to the image server (106) for authenticating the user.
  • This specific implementation prevents the skimming of sensitive price information from various webpages by Web Crawlers.
  • FIG. 8 illustrates an example image showing a virtual keypad for secure authentication of the user, according to an embodiment as disclosed herein.
  • the contextual graphical object can include a virtual keypad.
  • the user can be authenticated by providing the virtual keypad on the DCDO image generated at the server 106.
  • the user enters the credentials for authentication through the virtual keypad as shown in the FIG. 8.
  • the click coordinated are encrypted and sent to the server 104 for validation.
  • the user is authenticated and relevant next step is initiated. This specific implementation could be helpful in preventing the automated programs from submitting online forms/information by simulating real users.
  • FIGS. 9A and 9B illustrate another example DCDO images showing graphical objects for secure authentication of the user.
  • the graphical objects may be one-time passwords (OTPs).
  • OTPs one-time passwords
  • the generated layered DCDO image by the server 104 includes multiple OTPs as shown in the FIG. 9A.
  • the user is requested to select by clicking on the correct OTP for authentication.
  • multiple date of births (DOBs) are provided as contextual graphical objects on the DCDO image and the user is requested to select one DOB. Based on the user selection, the user is authenticated.
  • DOBs date of births
  • FIG. 10 illustrates a computing environment implementing a method and system for secure redirection for payment processing based on consent of the user, according to the embodiments as disclosed herein.
  • the computing environment 1002 comprises at least one processing unit 1008 that is equipped with a control unit 1004 and an Arithmetic Logic Unit (ALU) 1006, a memory 1010, a storage unit 1012, plurality of networking devices 1016 and a plurality Input output (I/O) devices 1014.
  • ALU Arithmetic Logic Unit
  • the Graphic Processing Unit (1018) is optional and is included in the Computing environment based on the processing needed.
  • the processing unit 1008 is responsible for processing the instructions of the algorithm.
  • the processing unit 1008 receives commands from the control unit in order to perform its processing. Further, any logical and arithmetic operations involved in the execution of the instructions are computed with the help of the ALU 1006.
  • the overall computing environment 1002 can be composed of multiple homogeneous and/or heterogeneous cores, multiple CPUs of different kinds, special media and other accelerators.
  • the processing unit 1008 is responsible for processing the instructions of the algorithm. Further, the plurality of processing units 1008 may be located on a single chip or over multiple chips.
  • the algorithm comprising of instructions and codes required for the implementation are stored in either the memory unit 1010 or the storage 1012 or both.
  • the instructions may be fetched from the corresponding memory 1010 and/or storage 1012 and executed by the processing unit 1008. If a faster processing is needed the Graphics Processing Unit (GPU) or/and customize processing by Field-Programmable Gate Array (FPGA) logic 1018 may be included.
  • the GPU/FPGA can be used for generating the DCDO images and for the MLT to train the machine learning model which is to be used in the MLP.
  • various networking devices 1016 or external I/O devices 1014 may be connected to the computing environment to support the implementation through the networking unit and the I/O device unit.
  • the proposed system provides a secure redirection for payment processing based on consent of the user.
  • the proposed method and system can be used to eliminate fraudulent charging/access of the user by third party content providers, merchants and so on.
  • the embodiments disclosed herein can be implemented through at least one software program running on at least one hardware device and performing network management functions to control the elements.
  • the elements shown in FIGS. 1 and 10 include blocks which can be at least one of a hardware-devices, or a combination of hardware device and software module.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention discloses user-friendly method and system to securely obtain online user's input based on a click event and authenticate the user. The system includes a user terminal, a portal hosting server, an image generator server and a content provider server. The system obtains user's inputs based on a click event and securely authenticate the online users. The technology of authentication is based on use of DCDO image containing graphical objects at configurable positions on the image, which has split into multi-layered. Neither the layers of the DCDO image nor the reconstituted DCDO image are machine readable by technology like OCRs or can be simulated by BOTs thereby completely preventing online frauds such as input of fake clicks by the automated programs/BOTs imitating human input, skimming away of data such as pricing information by web crawlers and filling of the junk data by automated utilities.

Description

METHOD AND SYSTEM TO USE CLICK EVENT TO SECURELY AUTHENTICATE ONLINE USER’S INPUT AND PREVENT
FRAUDS
RELATED INVENTION
The present invention claims benefit of the Indian Provisional Application No. 201741045490 titled“METHOD AND SYSTEM TO SECURELY OBTAIN ONLINE USER’S INPUT BASED ON A CLICK EVENT AND AUTHENTICATE THE USER” filed on 18*11 December 2017 by BALAGA, Sekhar Rao which is herein incorporated in its entirety by reference for all purposes.
FIELD OF INVENTION
The present invention relates to method and system for secure authentication of an online user. More specifically it relates to method and system to use click event to securely authenticate online user’s input and prevent frauds.
BACKGROUND OF INVENTION
As internet is evolving, the inherent vulnerabilities of existing systems and methods of interaction/exchange of information are manifested by various forms of attacks. In existing systems, the content providers provide plurality of contents and services to the users. In some of the such systems, when the user is accessing any content made available online, the content providers may obtain the consent of the user through fraudulent means and make the user(s) subscribe to unwanted content(s) or service(s). Thus, the user(s) may end up paying for unwanted subscription, downloading or using those contents and services without giving any consent for the same. In many instances, it is achieved by automatic programs, also called BOTs which are capable of simulating user’s actions or behavior. Such BOTs send users’ positive confirmation, without his knowledge or consent, by identifying and selecting/clicking buttons/options made available on a webpage on behalf of the user and have the user charged for such unwanted contents and/or services. One of the major ways of advertising online is Digital marketing which depends on users’ clicks (Pay-per-click), signifying website’s traffic. In such cases the advertiser who is putting up the sponsored ads must pay only when their ad is clicked. However, of late this also has fallen prey to online frauds. Such ads are not being clicked by users, but by automated programs resulting in large revenue losses to advertisers. Also, it skews understanding of customers’ requirements to the advertisers which is also another important objective of the whole exercise.
Telecom operators provide Value-Added-Services (VAS) that are highly susceptible to fraud. These VAS result in high number Activations-without-consent that result in expensive complaints to the call-center and dilution of the telecom operator brand. Telecom operators typically fight this fraud by using One-time-password (OTP) or USSD, which is being very user-unfriendly results in high drop off rates for the VAS service
Another online fraudulent activity is use of crawler programs. In the competitive e- commerce industry, the crawler programs skim competitor websites to get the best price points available online, and automatically undercut competitors pricing, thus resulting in revenue losses to competitors. Such website use price scraping to undercut the competitors pricing and inventory blocking to block real users from purchasing the products. Another issue is when automated programs submit online forms by simulating real users resulting in loss of scarce resources, for example by purchasing goods at discounted prices and reselling them on other websites at a profit. Another outcome of the fraudulent BOTs is to use up the server resources of the hosting website, resulting in Denial of Service (DoS) attacks. This means that the websites become too slow for the real users to access them or do any transactions on the services. Most of the websites nowadays use Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHAs) to authenticate a human user, to avoid automated programs from attacking websites. BOTs have become more sophisticated with capabilities to read and input CAPTCHAs and are able to break this defense mechanism. To counter BOTs, CAPTCHAs have become highly complex, resulting in some improvement in the defense against BOTs, but, it has made it increasingly difficult for humans to fill CAPTCHAs, resulting in user inconvenience and increased cart abandonment rates.
Thus, there is a pressing need of a user-friendly and secure mechanism for authenticating online users and securely obtaining inputs from the online users, which can prevent unwanted clicks of the automated programs/BOTs. There is a need to stop web crawlers from skimming away data like pricing information and automated utilities from simulating user clicks. US7231657B2 discloses a computer system to authenticate users of vendors supplying services and/or products to the users, the system having programmed processors providing authentication rules, authenticating users according to the authentication rules responsive to user authentication requests, configuring the authentication rules in real-time, thereby allowing real-time customization of the system, providing multi-factor user authentication processes, using any data sources providing information about and/or known to the users to authenticate the users, thereby providing a data agnostic system, and authentication strategies correspond to the authentication rules, thereby allowing the system to support authentication strategy experimentation. US7516483B2 discloses a method of accomplishing two-factor user authentication, comprising providing two separate user authentication methods, enabling a user to communicate authentication data for both authentication methods to a first web site using the internet, and enabling the communication of at least some of the authentication data from the first web site to a second web site also using the internet. Both web sites are thus involved in user authentication using the authentication data.
US8539569B2 discloses systems and methods for facilitating network transactions include user authentication over a network by providing strong mutual authentication of client web application to server side application server, providing session encryption key negotiation after authentication to continue encryption during communication, and providing a high- level encryption technique referred to as an effective zero knowledge proof of identity (eZKPI) algorithm. In various implementations, the eZKPI algorithm is adapted to couple something the user Knows (e.g., a password or personal identification number) with something the user Has (e.g., a secure identification card) to create a stronger identity authentication proof for access to a mobile device and applications running on the mobile device.
The above cited documents US7231657B2 does not discloses the splitting DCDO image- based user authentication. The cited document also does not disclose machine learning algorithm for machine updating as well as user second authentication. The cited documents US7516483B2 discloses one-way user authentication system using token based electronic system. However present invention discloses a system for safely obtaining inputs from the user by two-way authentication system using DCDO images. The cited document US8539569B2 discloses facilitating transaction over networks which is different from the present invention.
OBJECTS OF INVENTION 1. To provide a user-friendly mechanism for securely obtaining inputs from an online user, thereby prevent automated programs from performing automated fake clicks on behalf on the online user without the user’s consent.
2. To present information in a secure manner to the online user in the form of Dynamic Context Driven Object (DCDO) image.
3. To improve on the services provided by VAS in terms of security and user experience
4. To prevent web crawlers from skimming away data like pricing information from one or more webpages.
5. To stop automated utilities from filling junk data on behalf of the online user(s). 6. To stop unwanted utilities from taking over the server resources and denying real users from accessing the information.
7. Use of Machine-Learning based logic in the back-end to detect fraudulent transactions and block them.
8. To improve on the user experience as compared to present alternatives like OTP, USSD and CAPTCHA.
SUMMARY OF THE INVENTION
The embodiments herein relate to method and system, More specifically the present invention relates to method and system to use click event to securely authenticate online user’s input and prevent frauds.
The system includes one or more user terminals, one or more content providers, one or more portal hosting server, one or more image generator gateways and one or more machine learning servers, which are communicatively connected via one or more networks. The system is configured to perform the method of obtaining one or more user inputs based on a click event and securely authenticate the online users using user’s parameters and pattern recognition using one or more machine learning algorithms. The system includes one or more user terminals, where the one or more user terminals send one or more requests of one or more users to one or more portal hosting server. The one or more portal hosting server requests the one or more image generator servers to generate Dynamic Context Driven Object (DCDO) image. The one or more image generator servers produce DCDO image and split it into multiple layers. The one or more portal hosting server receives the multiple generated layers of DCDO image from the one or more image generator servers and further send the multiple generated layers of DCDO image to the one or more user terminals in such a manner that the layers are not machine readable All the multiple generated layers of the DCDO image are merged at runtime in a preconfigured manner at the one or more user terminals to form and display one or more DCDO images. The merged image is also not machine readable, thereby preventing BOTs from interfering in the process of image transfer or reading one or more user inputs. The one or more users provide his/her inputs by clicking over the one of the graphical objects on the displayed one or more DCDO images. The one or more user inputs include click coordinates of the selected one or more DCDO images. The one or more user inputs are encrypted and transferred from the one or more user terminals to the one or more image generator servers. The one or more image generators map the one or more users input comprising of the click coordinates with the saved data associated with the multilayered DCDO image. The one or more image generator servers interpret the one or more users input based on the mapping and use it to authenticate user for the next action. The one or more user inputs are also analyzed by one or more machine-learning training server to improve and update the learning. The learning is used by a one or more machine learning prediction servers to detect fraudulent patterns which are then used to interpret the patterns of the current one or more user inputs and detect if the patterns match with a fraudulent user or a real user. Finally, the one or more users are redirected based on authentication. Example, if the one or more users are detected as real user, the one or more users are redirected to the content. Else, if the one or more users are detected as a fraudulent user, the one or more users are redirected out of the real flow. If it is predicted that the received request could be a fraudulent user, the one or more users may be redirected to additional authentication including but not restricted to OTP, USSD or an additional opportunity to retry. BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
This invention is illustrated in the accompanying drawings, throughout which like reference letters indicate corresponding parts in the various figures. The embodiments herein will be better understood from the following description with reference to the drawings, in which:
FIG. 1 illustrates a high-level overview of a system for securely obtaining online user’s input based on a click event and authenticate the user, according to the embodiments as disclosed herein.
FIG. 2 is a flow diagram illustrating a method of securely obtaining online user’s input based on a click event and authenticate the user, according to an embodiment as disclosed in the embodiments herein. FIGS. 3a-3c illustrate example DCDO images with graphical objects positioned at various positions for obtaining the consent/input of the user, according to the embodiments as disclosed herein.
FIGS. 4a-4c illustrate various layers of the DCDO image each containing a graphical object, according to the embodiments as disclosed herein.
FIG. 5A is a sequence diagram showing various signaling messages for secure authentication of the user based on input from the user, according to the embodiments as disclosed herein. FIG. 5B is another sequence diagram showing various signaling messages for secure authentication of the user based on input from the user, according to the embodiments as disclosed herein.
FIG. 6 illustrates an example DCDO image containing graphical objects in which the consent from the user is obtained for secure redirection, according to the embodiments as disclosed herein. FIG. 7 illustrates an example image showing price point along with graphical objects positioned at various positions for secure authentication of the user, according to the embodiments as disclosed herein.
FIG. 8 illustrates an example image showing a virtual keypad for secure authentication of the user, according to an embodiment as disclosed herein.
FIGS. 9A and 9B illustrate another example DCDO images showing graphical objects for secure authentication of the user, according to an embodiment as disclosed herein. FIG. 10 illustrates a computing environment implementing the method and system for secure redirection for payment processing based on consent of the user, according to an embodiment as disclosed herein.
BRIEF DESCRIPTION OF THE INVENTION
The embodiments herein and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and detailed in the following description. Descriptions of well- known components and processing techniques are omitted to not unnecessarily obscure the embodiments herein. Also, the various embodiments described herein are not necessarily mutually exclusive, as some embodiments can be combined with one or more other embodiments to form new embodiments. The term“or” as used herein, refers to a non exclusive or, unless otherwise indicated. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein can be practiced and to further enable those skilled in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
As is traditional in the field, embodiments may be described and illustrated in terms of blocks which carry out a described function or functions. These blocks, which may be referred to herein as units or modules or the like, are physically implemented by analog and/or digital circuits such as logic gates, integrated circuits, microprocessors, microcontrollers, memory circuits, passive electronic components, active electronic components, optical components, hardwired circuits and the like, and may optionally be driven by firmware and/or software. The circuits may, for example, be embodied in one or more semiconductor chips, or on substrate supports such as printed circuit boards and the like. The circuits constituting a block may be implemented by dedicated hardware, or by a processor (e.g., one or more programmed microprocessors and associated circuitry), or by a combination of dedicated hardware to perform some functions of the block and a processor to perform other functions of the block. The circuits may include higher processing units like Graphics Processing Units (GPU) or/and customize processing by Field-Programmable Gate Array (FPGA) logic. Each block of the embodiments may be physically separated into two or more interacting and discrete blocks without departing from the scope of the disclosure. Likewise, the blocks of the embodiments may be physically combined into more complex blocks without departing from the scope of the disclosure.
In the context of the present disclosure the word“user” and“online user” are used interchangeably. The present invention discloses method and system for presenting information in a secure manner to online user(s), obtaining one or more users’ inputs based on a click event and securely authenticating the online user. The user inputs are analyzed by a machine-learning algorithm to detect fraudulent patterns which is then used to interpret the patterns of the current user inputs and detect if the patterns match with a fraudulent user or a real user. The present invention makes the whole process secure by preventing online frauds such as input of fake clicks by the automated programs/BOTs imitating human input, prevent skimming away of data such as pricing information by web crawlers and filling of the junk data by automated utilities. The present invention makes the method of authentication user friendly by reducing interference and friction that are introduced by alternate approaches like CAPTCHA, OTP and USSD.
The present system includes a user terminal, a portal hosting server, an image generator server, a content provider server and machine learning server, communicatively connected via a network. The present system is configured to perform the method of obtaining an online user inputs based on a click event and securely authenticate the online user.
According to an embodiment of the present invention, the present invention relates to a system and method to securely obtain online one or more user’s input based on a click event and authenticate the one or more users. The system includes one or more user terminals, one or more content provider servers, one or more portal hosting-servers, one or more image generator gateways and one or more machine learning servers, which are communicatively connected via one or more networks. The system is configured to perform the method of obtaining the one or more users’ input based on a click event and securely authenticate one or more online users using user’s parameters and pattern recognition by using one or more machine learning algorithms. The one or more user terminals includes, but not limited to, a mobile phone, a tablet, a smart phone or any communication device or any electronic device on which a user can access the webpages or Apps. The one or more content provider servers provide, but not limited to, a digital content, financial entity, an association network, acquirer, issuer, payment bank, aggregator or the like. The one or more content provider servers also be called as a merchant server. The content provided by the one or more content provider servers include, but not limited to, apps, wallpaper, multimedia, news, and other various subscription services.
One or more user terminals, where the one or more user terminals send one or more requests of one or more users to one or more portal hosting servers. Then the one or more portal hosting server request the one or more image generator servers to generate multiple layers of DCDO images. When a request of new image is received at the one or more image generator servers, one or more dynamic context driven object (DCDO) images containing graphical objects at configurable positions on the image is generated. The one or more DCDO images are split into multiple layers using multiple image-generation techniques including, but not limited to, an image cryptography, a bit-plane splicing. The graphical object area consisting of labels, texts, buttons, components are dynamically generated and randomly configured to generate multiple split layers of the one or more DCDO images, wherein each of one or more graphical obj ects are associated with an option being provided to the one or more users.
The one or more portal hosting server receives the multiple split layers of the one or more DCDO images from the one or more image generator servers and further sends the multiple split layers of the one or more DCDO image to the one or more user terminals in such a manner that the split layers are not machine readable by technology like Optical Character Readers (OCRs) or can be simulated by BOTs. All the multiple split layers of the DCDO image are merged at runtime in a preconfigured manner at the one or more user terminals to form and display one or more merged DCDO images. The one or more merged DCDO images are also not machine readable, thereby preventing BOTs from interfering in the process of image transfer or reading the one or more user input. The one or more users provide input by clicking over the one of the one or more graphical objects on the displayed the one or more merged DCDO images, wherein the one or more users input comprises click coordinates of the selected one or more merged DCDO images.
The one or more users input are encrypted and transferred from the one or more user terminals to the one or more image generator servers. The one or more image generator servers map the one or more users input which include click coordinates with the saved data associated with the one or more merged DCDO images. The one or more image generator servers then interpret the one or more users input based on the mapping and based on interpretation authenticate the one or more users for the next action.
The one or more user inputs are also analyzed by one or more machine-learning training servers to improve and update the learning. The one or more machine-learning training servers analyses the historic data, to infer rules inherent in the data. The one or more machine-learning training servers uses method including but not restricted to neural networks to calculate how much each of the user inputs contribute to the probability that the user transaction is fraudulent or genuine.
When a new transaction is received, the one or more user inputs are passed to the machine learning prediction (MLP) server, which calculates the probability whether the one or more users transaction are fraudulent or not. Example, if the one or more users are detected as a real user, the one or more users are redirected to the content. Else, if the one or more users are detected as a fraudulent user, the one or more users are redirected out of the real flow. If it is predicted that the received request could be a fraudulent user, the one or more users may be redirected to additional authentication including but not restricted to OTP, USSD or an additional opportunity to retry.
In another embodiment of the present invention, the present invention discloses method and system for presenting information in a secure manner to online user(s), obtaining online user’s input based on a click event and securely authenticating the online user.
The present invention comprises a system which includes a user terminal, a content provider server, a portal hosting-server, an image generator gateway and a machine learning server, which are communicatively connected via a network. The system is configured to perform the method of obtaining one or more user’s input based on a click event and securely authenticate the online users using user parameters and pattern recognition using a machine learning algorithm. The portal hosting server requests the image generator server to generate a DCDO image. When a request of new image is received at the image generator server, a dynamic context driven object (DCDO) image containing graphical objects at configurable positions on the image is generated. The image generator then splits the dynamic context driven object (DCDO) image into multiple layers
The portal hosting server receives the multiple split layers of DCDO images from the image generator servers and further sends the multiple split layers of dynamic context driven object(DCDO) image images to the user terminals in such a manner that the split layers of the dynamic context driven object(DCDO) image are not machine readable by technology like Optical Character Readers (OCRs) or can be simulated by BOTs. All the multiple split layers of the dynamic context driven object(DCDO) image are merged at runtime in a preconfigured manner at the user terminal to form and display a merged dynamic context driven object (DCDO) image. The user provide input by clicking over graphical objects displayed on merged dynamic context driven object (DCDO) image, wherein the user input comprises click coordinates of the selected merged dynamic context driven object (DCDO) image.
The user input is encrypted and transferred from the one or more user terminals to the one or more image generator servers. The image generator server maps the user input which includes click coordinates with the saved data associated with the merged dynamic context driven object (DCDO) image. The image generator server then analyze/interpret the user input based on the mapping and based on interpretation, authenticate the user for the next action.
The user input is also analyzed by a machine-learning training server to improve and update the learning. The machine-learning training server analyses the historic data, to infer rules inherent in the data. The machine-learning training server uses method including but not restricted to neural network to calculate how much each of the user input contribute to the probability that the user transaction is fraudulent or genuine.
When a new transaction is received, the user inputs are passed to the machine learning prediction (MLP) server, which calculates the probability whether the user transaction is fraudulent or not. Example, if the user is detected as a real user, the user is redirected to the content. Else, if the user is detected as a fraudulent user, the user is redirected out of the real flow. If it is predicted that the received request could be a fraudulent user, the one or more users may be redirected to additional authentication including but not restricted to OTP, EiSSD or an additional opportunity to retry.
In an embodiment of the present invention, the present invention includes a method to securely obtain online user’ s input based on a click event and authenticate the user wherein the method comprises, sending one or more first user consents of one or more users to one or more content provider servers by one or more user terminals, redirecting the one or more first user consents to one or more portal hosting servers by the one or more content provider servers, requesting one or more image generator servers to generate a one or more DCDO image by the one or more portal hosting servers, generating the one or more DCDO images and splitting the one or more DCDO images into plurality of layers, sending the plurality of split layers of the one or more DCDO images to the one or more portal hosting servers by the one or more image generator servers, sending the plurality of generated layers of DCDO images to the one or more user terminals by the one or more portal hosting servers, merging the plurality of split layers of the one or more DCDO images by the one or more user terminals, displaying the one or more merged DCDO images by the one or more user terminals, receiving click coordinates as one or more second user consents on the one or more merged DCDO images from the one or more users by the one or more user terminals, sending the one or more second user consents to the one or more image generator servers by the one or more user terminals, mapping the one or more second user consents consisting one or more click coordinates with the one or more merged DCDO images by the one or more image generator servers, interpreting the one or more second user consents based on mapping by the one or more image generator servers and authenticating the one or more users for next action by the one or more image generators. The one or more user inputs are also analyzed by one or more machine-learning training servers to improve and update the learning. The learning is used by a one or more machine learning prediction servers to detect fraudulent patterns which is then used to interpret the patterns of the current the one or more user inputs and detect if the patterns match with a fraudulent user or a real user.
The one or more user inputs are also analyzed by one or more machine-learning training servers to improve and update the learning. The learning is used by a one or more machine learning prediction servers to detect fraudulent patterns which is then used to interpret the patterns of the current the one or more user inputs and detect if the patterns match with a fraudulent user or a real user.
The one or more users are redirected based on authentication if the one or more users are detected as a real user, the one or more users are redirected to the content. Else, if the one or more users are detected as a fraudulent user, the one or more users are redirected out of the real flow. If it is predicted that the received request could be a fraudulent user, the one or more users may be redirected to additional authentication including but not restricted to OTP, USSD or an additional opportunity to retry. In an embodiment of the present invention, a content provider server invokes an image generator server, without receiving any request from a user terminal, for directly displaying a DCDO image to the webpage for securely obtaining consent of the user for purchasing/ subscribing/ viewing/ downloading any desired content provided in the webpage. When a request for new image is received, the image generator server uses image generation APIs to generate multiple layers of the DCDO image containing one or more graphical objects dynamically positioned at random coordinates over the DCDO image. The DCDO image is split into multiple layers using multiple image-generation techniques including but not limited to image cryptography, bit-plane splicing. The one or more graphical objects area, depending on the context, include approval or disapproval or selection labels (for example, with a text containing yes or no), text, buttons, elements, components, or the like. The graphical objects are provided as binary data or binary text over the image. The one or more graphical objects are configured to be of variable colors and randomly positioned over the Dynamic Context Driven Object (DCDO) image. Therefore, none of the generated DCDO images are same. Further, the image generator server sends the generated multiple layers of the DCDO image to the portal hosting server. Subsequently, the portal hosting server sends the multiple layers DCDO image containing graphical objects to the user terminal. At the user terminal, the multiple layers of the DCDO image are merged in a predefined manner to form a corresponding DCDO image which is not machine readable thereby preventing BOTs from interfering in the process. The user terminal, receives input from the user by a click on the DCDO image. The received input is encrypted and sent by the user terminal to the image generator server via the portal hosting server for validation. The image generator server decrypts the encrypted user input to obtain the user’s input, which is further validated against the DCDO image. The User Inputs are sent to the Machine Learning Prediction (MLP) server. The MLP server uses knowledge from the previously learnt patterns to analyze the user inputs and performs predictions on whether the new user inputs are coming from a real or fraudulent user. The user inputs are also forwarded to the machine learning training (MLT) server which is used for enhancing the training data set, thereby improving future predictions. Once the user is authenticated, the user terminal is redirected to portal hosting server with the user’s consent. The portal hosting server initiates appropriate action based on the user’s consent. If the user inputs match closely with that of a fraudulent user, the user is redirected away and blocked from accessing further information. The authentication and appropriate action include communicating with a merchant content provider server, a payment gateway, a financial institution, a non-fmancial institution, telecommunication provider, e-commerce institutions, CAPTCHA providers or the likes. After successful authentication, the financial entity confirms the payment deduction from user’s account and communicates the payment deduction to the user terminal. In another embodiment of the present invention, the present system also be implemented on a wireless application protocol (WAP) portal, which can be accessible to the user terminal through a WAP browser (for example: a web browser or a mobile application) on the user terminal. The system can also be accessed over internet via internet connected device.
In another embodiment of the present invention, graphical objects positioned over an image will occupy a combination of pixels of the image. For example, consider the graphical object as an area containing the text as‘YES’ . The text‘YES’ is positioned over the image such that it occupies a combination of pixels of the image. The graphical objects added to the multiple layers of the DCDO image are context based and include approval or disapproval labels (for example, options of clicking YES or NO text or selection of an appropriate option among many options provided), buttons, elements, components, or the likes. It is to be appreciated that no single layer of the layers of DCDO image reveals content(s) by itself, the content(s) is revealed only when all the layers are overlaid to form the DCDO image and that too only under specified preset sequence.
In another embodiment of the present invention, a user terminal enables a client for encrypting an image with user’s consent. The client updates the encryption algorithm from an image generator server, when the data connection is enabled on the user terminal.
In another embodiment of the present invention, a method for user authentication also readily implemented by substituting or augmenting the conventional CAPTCHA or OTP mechanism for authentication of a user. The present method is not only secure but also user-friendly, since the user is neither required to solve complicated CAPTCHAs nor need keep his phone handy to receive one-time passwords (OTP). The user has to only click once on a DCDO image. In another embodiment of the present invention, the portal hosting server is any third-party portal hosting server for processing the payment.
In another embodiment of the present invention, an image generator server is present in a mobile network.
In another embodiment of the present invention, a user terminal includes a client for encrypting the image with the user’s consent. The client able to update the encryption algorithm from an image generator server, when the data connection is enabled on the user terminal.
In another embodiment of the present invention, the contextual graphical object includes a virtual keypad. A user is authenticated by providing the virtual keypad on DCDO image generated at an image generator server. The user enters the credentials for authentication through the virtual keypad. After receiving the credentials from the user, click coordinated are encrypted and sent to the image generator server for validation. Based on validation at the image generator server, the user is authenticated and relevant next step is initiated. This specific implementation could be helpful in preventing the automated programs from submitting online forms/information by simulating real users.
In another embodiment of the present invention, a computing environment implementing a method and system for secure redirection for payment processing based on consent of the user, the computing environment comprises at least one processing unit that is equipped with a control unit and an arithmetic logic unit (ALU), a memory, a storage unit, plurality of networking devices and a plurality input output (I/O) devices. A graphic processing unit is optional and is included in the computing environment based on the processing needed. The processing unit is responsible for processing the instructions of the algorithm. The processing unit receives command from the control unit in order to perform its processing. Further, any logical and arithmetic operations involved in the execution of the instructions are computed with the help of the ALU. The overall computing environment can be composed of multiple homogeneous and/or heterogeneous cores, multiple CPUs of different kinds, special media and other accelerators. The processing unit is responsible for processing the instructions of the algorithm. Further, the plurality of processing units may be located on a single chip or over multiple chips. The algorithm comprising of instructions and codes required for the implementation are stored in either the memory unit or the storage or both. At the time of execution, the instructions may be fetched from the corresponding memory and/or storage and executed by the processing unit. If a faster processing is needed the Graphics Processing Unit (GPU) or/and customize processing by Field-Programmable Gate Array (FPGA) logic may be included. The GPU/FPGA can be used for generating the DCDO images and for the MLT to train the machine learning model which is to be used in the MLP. In case of any hardware implementations various networking devices or external I/O devices may be connected to the computing environment to support the implementation through the networking unit and the I/O device unit. In an embodiment of the present invention, wherein the user is online users.
In an embodiment of the present invention, wherein the system for secure authentication of a user is system for secure authentication of an online user.
In an exemplary embodiment of the present invention, the graphical objects may be one- time passwords (OTPs). A generated layered DCDO image by the server includes multiple OTPs. A user is requested to select by clicking on the correct OTP for authentication.
In another exemplary embodiment, multiple date of births (DOBs) are provided as contextual graphical objects on a DCDO image and user is requested to select one DOB. based on the user selection, the user is authenticated.
DETATES DESCRIPTION OF DRAWINGS
FIG. 1 illustrates a high-level overview of a system (100) for securely obtaining online user’s input based on a click event and authenticating the user, according one of the embodiments of the present invention. As illustrated in the FIG. 1, the system (100) includes a user terminal (102), a portal hosting server (104), an image generator server (106) and a content provider server (108), a machine learning training server (110) and a machine learning prediction server (112). The portal hosting server (104) acts as a security filter for safely displaying information intended to be displayed on the display screen of the user terminal by the content provider server 108 and securely receiving online users’ input. The image generator server (106) can be a network data center, a server on the cloud or the like which is configured to generate multiple layers of a Dynamic Context Driven Object (DCDO) image at the request of the content provider server (108). The image generator server (106) communicatively connected via one or more networks with the content provider servers (108) and supports one or more interfaces including, charging gateways, financial services (for example: e-commerce, m-commerce and so on), mobile payment gateway, online banking, online wallet, mobile wallet and cash cards and the likes. Initially the user terminal (102) accesses content from the content provider server (108). The online user at the user terminal (102) clicks on the desired content for purchasing/ subscribing/ viewing/ downloading the content.
The content provider server (108) redirects the online user to the portal hosting server (104). The portal hosting server (104) invokes the image generator server (106) for securely obtaining consent of the user for purchasing/ subscribing/ viewing/ downloading any desired content.
The user inputs received at the portal hosting server (104) are forwarded to a machine learning training (MLT) server (110) for analyzing. Then the analyzed inputs from the machine learning training (MLT) server (110) are send to a machine learning prediction (MLP) server (112). The machine learning prediction (112) server analyze the inputs in order to determine whether the user is real or fraudulent.
FIG. 2 is a flow diagram (200) illustrating a method of securely obtaining one or more users’ inputs based on a click event and securely authenticate the one or more online users, according to an embodiment of the present invention.
At step (202), the method includes generating the multiple layers of the Dynamic Context Driven Object (DCDO) image containing one or more graphical objects dynamically positioned at random coordinates over the DCDO image, wherein each of the one or more graphical objects is associated with the options being made available to the online user.
At step (204), the method includes transmitting all the layers of the DCDO image (from the image generator server (106) to the user’ s terminal (102) in an encrypted manner such that no individual layer is deciphered by automated programs or Optical Character Recognition (OCR) or can be simulated by BOTs.
At step (206), the method includes merging all the layers of the DCDO image at runtime, in the specified preset sequence to form a DCDO image and displaying it on the user terminal (102). The DCDO image is not readable by automate programs, OCR software or BOTs. In addition to this, the dynamically varying coordinates of the graphical objects defeats the repeated attempts of automated programs of simulating user input since such programs cannot accurately predict the location of the graphical image and transmit the user consent to the portal hosting server (104).
At step (208), the user’s click coordinates as input on the DCDO received. The automated programs or BOTs fail to click and select appropriate options made available on the DCDO image fraudulently on behalf of the user. The input of the user includes click coordinate on the DCDO image where the click was made. The click coordinates corresponds to x- coordinate and y-coordinate indicating the exact position of the input area of the DCDO image. Further, the click coordinates received as user’s input are encrypted at the user’s terminal (102). For example, if the user is interested in purchasing or subscribing desired content, then the user clicks on‘YES’ area displayed over the DCDO image to indicate his consent (refer to FIG. 3a).
At step (210), the method includes receiving the encrypted click coordinates from the user terminal (102) for validation to authenticate the user at the image generator server (106) via the portal hosting server (104). In an embodiment, the image generator server (106) extracts the user’ s input by applying suitable decryption techniques (which are known only to the image generator server (106) a-priori).
At step (212), the method includes mapping the received click coordinates with the DCDO image layers stored at the image generator server (106). As mentioned earlier, the graphical objects are positioned at the specific coordinates and each of the graphical object correspond to a specific option made available to the user. Therefore, based on the mapped click coordinate the user’s input is interpreted. Mapping authenticates that it is a real user providing input, since the automated programs or BOTs cannot provide appropriate input.
At step (214), the user related data and click related data is passed through the MLP block in order to obtain a prediction based on a Machine Learning based engine.
The data is also stored in the MLT block where this data will be used for training, refining and upgrading the predictive model residing in MLP represented by step (215). Step (214) includes a decision point wherein the result from Machine Learning Prediction is used to decide if the user transaction is from a fraudulent BOT or a real user.
At step (216), the method includes redirecting the user based on authentication and interpreted user’ s input. The user terminal ( 102) i s redirected to portal hosting server ( 104) with the user’s consent.
The various actions, acts, blocks, steps, or the like in the flow diagram (200) may be performed in the order presented, in a different order or simultaneously. Further, in some embodiments, some of the actions, acts, blocks, steps, or the like may be omitted, added, modified, skipped, or the like without departing from the scope of the invention.
FIGS. 3a-3c illustrate example DCDO images with graphical objects positioned at various positions for obtaining the consent/input of the user, according to an embodiment of the present invention. When the portal hosting server (104) invokes the script engine at the image generator server (106), a secure script is executed at the image generator server (106) to generate a layered DCDO image containing graphical objects positioned at random coordinates over the different DCDO images. FIGS. 4a-4c illustrate various layers of the DCDO image each containing a graphical object (a portion or full part), according to an embodiment of the present invention. FIG. 4a and FIG. 4b show the split images. The merged DCDO image is generated as shown in the FIG. 4c, at runtime, at the user terminal by merging the layer 1 and the layer 2. The‘yes’ and ‘no’ areas can be realized on the DCDO image by using one or more pugmark registered methods of four layers. The areas are viewable on the DCDO image with variable colors and the coordinates of these areas are configurable and are decided by the image generator server 106 dynamically. FIG. 5 A is a sequence diagram showing various signaling messages for performing secure authentication of the user based on input from the user, according to an embodiment of the present invention. As depicted in the FIG. 5A, the user terminal (102) accesses (502a) content from the content provider server (108). If the user is interested in any content, then he sends (504a) via the user terminal (102) to the content provide server (108). The user clicks on the desired content for subscribing to the content. The content provider server (108) redirects (506a) the user to the portal hosting server (104). The portal hosting server (104) invokes (508a) image generator server (106) for obtaining second secured consent of the user. The image generator server (106) generates (5l0a) the multi-layered DCDO image containing one or more graphical objects at random coordinates. Further, the image generator server (106) sends (5 l2a) the generated DCDO image layers to the portal hosting server (104). The portal hosting server 104 sends (5l4a) the DCDO image layers to the user terminal (102). The user terminal 102 merges the layers to form the DCDO image and receives input from the user on the DCDO image. The user terminal (102) receives the click coordinates (516a) and sends the encrypted click coordinates to the image generator server (106) for validation. The image generator server (106) decrypts (518 a) the image coordinated to obtain the user’s input. The image generation server then sends a request to the machine learning prediction (MLP) server (112) for Fraud analysis (524a) to obtain the probability of the transaction being fraudulent. The MLP server returns a prediction if the transaction is from a fraudulent or real user (526a).
Post this validation the user terminal (102) is redirected (520a) to the portal hosting server (104). The portal hosting server (104) initiates (522a) charging/further procedure based on the user’s input and validation by MLP.
FIG. 5B is another sequence diagram showing various signaling messages for performing secure authentication of the user based on input from the user, according to another embodiment of the present invention. As depicted in the FIG. 5B, the user terminal (102) accesses (502a) content from the content provider server (108). When the user clicks on the desired content, the content provider server (108) invokes (404b) image generator server (106) for authenticating the user.
The image generator server (106) generates (406b) multi-layered DCDO image containing the one or more graphical objects at random coordinates. Further, the image generator server 106 sends (408b) the generated DCDO image layers to the user terminal 102. The user terminal 102 receives input from the user on the DCDO image. Further, the user terminal 102 encrypts (5 lOb) and sends the click coordinates to the image generator server 106 for validation. The image generator server 106 decrypts (5l2b) the click coordinated and maps them to the layered DCDO image to obtain the user’ s input. The image generation server then sends a request to the Machine Learning Prediction (MLP) server 112 for Fraud analysis (524a) to obtain the probability of the transaction being fraudulent. The MLP server returns a prediction if the transaction is from a fraudulent or real user (526a). The image generator server 106 with the portal hosting server 104 initiates (5 l4b) charging procedure with the content provider server 108 based on the user input.
FIG. 6 illustrates an example DCDO image containing graphical objects in which the consent from the user is obtained for secure redirection. As depicted in FIG. 6, the portal hosting server 104 sends the image containing‘Yes’ and‘No’ areas for obtaining the consent of the user. The‘Yes’ and‘No’ areas are displayed on the image and is viewable by the user. If the user is interested in purchasing the desired content, then the user clicks on‘yes’ area displayed over the image to indicate the consent. When the user clicks on the ‘yes’ area, the user parameters are set to machine learning prediction server (112) for analysis. If the user is detected as a fraudulent user, the user is redirected out of the real flow. If it is predicted that the received request could be a fraudulent user, the one or more users may be redirected to additional authentication including but not restricted to OTP, USSD or an additional opportunity to retry. If the user is detected as a real user, user terminal (102) is redirected to a payment page provided by the financial institution as shown in the FIG. 6. In the payment page, the user is requested to enter the transaction information which includes, but not limited to, credit card credentials, debit card credentials, security codes, user ID, password credentials or the like. Thus, with the proposed method, the consent of the user is obtained through the graphical obj ects‘ Submit’ and‘Cancel’ positioned over the DCDO image provided on the payment page. Further, the consent of the user is transmitted as encrypted click coordinates and sent to the image generator server (106) for validation. After validation by the image generator server (106), the user terminal is redirected to the portal hosting server (108). The portal hosting server (104) initiates the charging procedure based on the user’s consent. In case, the user clicks on‘no’ area displayed over the image to indicate dissent, then the portal hosting server (104) redirects the user terminal (102) back to its home page or any other free content page.
FIG. 7 illustrates an example image showing price point along with graphical objects positioned at various positions for secure authentication of the user, according to the embodiments as disclosed herein. As depicted in the FIG. 7, the DCDO image is generated with the price point ( i.e ., 200 USD) along with contextual graphical objects {i.e., Yes and No areas). The user input on the graphical objects is received as click coordinated and encrypted. Further, the coordinated are sent to the image server (106) for authenticating the user. This specific implementation prevents the skimming of sensitive price information from various webpages by Web Crawlers.
FIG. 8 illustrates an example image showing a virtual keypad for secure authentication of the user, according to an embodiment as disclosed herein. In an embodiment, the contextual graphical object can include a virtual keypad. The user can be authenticated by providing the virtual keypad on the DCDO image generated at the server 106. The user enters the credentials for authentication through the virtual keypad as shown in the FIG. 8. After receiving the credentials from the user, the click coordinated are encrypted and sent to the server 104 for validation. Based on validation at the server 104, the user is authenticated and relevant next step is initiated. This specific implementation could be helpful in preventing the automated programs from submitting online forms/information by simulating real users.
FIGS. 9A and 9B illustrate another example DCDO images showing graphical objects for secure authentication of the user. In an exemplary embodiment, the graphical objects may be one-time passwords (OTPs). The generated layered DCDO image by the server 104 includes multiple OTPs as shown in the FIG. 9A. The user is requested to select by clicking on the correct OTP for authentication. In another exemplary embodiment, multiple date of births (DOBs) are provided as contextual graphical objects on the DCDO image and the user is requested to select one DOB. Based on the user selection, the user is authenticated.
It is understood that the present system and method can be applied at various platforms and for authenticating various online activities of the users without departing from scope of the invention. FIG. 10 illustrates a computing environment implementing a method and system for secure redirection for payment processing based on consent of the user, according to the embodiments as disclosed herein. As depicted the computing environment 1002 comprises at least one processing unit 1008 that is equipped with a control unit 1004 and an Arithmetic Logic Unit (ALU) 1006, a memory 1010, a storage unit 1012, plurality of networking devices 1016 and a plurality Input output (I/O) devices 1014. The Graphic Processing Unit (1018) is optional and is included in the Computing environment based on the processing needed. The processing unit 1008 is responsible for processing the instructions of the algorithm. The processing unit 1008 receives commands from the control unit in order to perform its processing. Further, any logical and arithmetic operations involved in the execution of the instructions are computed with the help of the ALU 1006. The overall computing environment 1002 can be composed of multiple homogeneous and/or heterogeneous cores, multiple CPUs of different kinds, special media and other accelerators. The processing unit 1008 is responsible for processing the instructions of the algorithm. Further, the plurality of processing units 1008 may be located on a single chip or over multiple chips. The algorithm comprising of instructions and codes required for the implementation are stored in either the memory unit 1010 or the storage 1012 or both. At the time of execution, the instructions may be fetched from the corresponding memory 1010 and/or storage 1012 and executed by the processing unit 1008. If a faster processing is needed the Graphics Processing Unit (GPU) or/and customize processing by Field-Programmable Gate Array (FPGA) logic 1018 may be included. The GPU/FPGA can be used for generating the DCDO images and for the MLT to train the machine learning model which is to be used in the MLP. In case of any hardware implementations various networking devices 1016 or external I/O devices 1014 may be connected to the computing environment to support the implementation through the networking unit and the I/O device unit. Unlike conventional mechanisms, the proposed system provides a secure redirection for payment processing based on consent of the user. The proposed method and system can be used to eliminate fraudulent charging/access of the user by third party content providers, merchants and so on.
The embodiments disclosed herein can be implemented through at least one software program running on at least one hardware device and performing network management functions to control the elements. The elements shown in FIGS. 1 and 10 include blocks which can be at least one of a hardware-devices, or a combination of hardware device and software module.
The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the spirit and scope of the embodiments as described herein.

Claims

I/We claim:
1. A method for online user authentication and fraud detection, comprising:
one or more user terminals, where the one or more user terminals send one or more requests of one or more users to one or more portal hosting servers;
requesting, by the one or more portal hosting servers, one or more image generating servers to generate one or more dynamic context driven object (DCDO) images; splitting, by one or more image generators, the one or more dynamic context driven object (DCDO) images;
sending, by the one or more image generating servers, the plurality of split layers of the one or more dynamic context driven object (DCDO) images to the one or more portal hosting servers;
sending, by the one or more portal hosting servers, the plurality of split layers of the one or more DCDO images to the one or more user terminals;
merging, by the one or more user terminals, the plurality of split layers of dynamic context driven object (DCDO) images;
displaying, by the one or more user terminals, one or more merged dynamic context driven object (DCDO) images;
receiving, by the one or more user terminals, click coordinates as one or more second user consents on the one or more merged DCDO images from the one or more users;
sending, by the one or more user terminals, the one or more second user consents to the one or more image generator servers;
mapping, by the one or more image generator servers, the one or more second user consents consisting one or more click coordinates, with the one or more merged dynamic context driven object (DCDO) images;
interpreting, by the one or more image generator servers, the one or more second user consents based on mapping; and authenticating, by the one or more image generators, the user for next action, wherein the one or more image generator servers connected to one or more networks.
2. The method as claimed in claim 1, wherein the one or more consents of one or more users analyzed by one or more machine learning training servers by using update the machine learning algorithm.
3. The method as claimed in claim 2, wherein one or more machine prediction learning servers configured to use the learning of the one or more machine learning training servers to detect fraudulent patterns based on a machine learning algorithm.
4. The method as claimed in claim 1 further comprising redirecting the one or more users to the one or more content provider servers once the one or more users are authenticated.
5. The method as claimed in claim 1, further comprising, redirecting away and blocked the accessing further information, once the one or more users authentication failed.
6. A online user authentication and fraud detection system, the online user authentication system comprising:
one or more user terminals, adapted to send one or more first user consents of one or more users to one or more content provider servers;
the one or more content provider servers connected to the one or more user terminals, wherein the one or more content provider servers adapted to receive the one or more requests of the one or more users from the one or more user terminals, redirect the one or more first consent of one or more users to one or more portal hosting servers from one or more user terminals;
the one or more portal hosting servers connected to the one or more image generator servers, wherein the one or more consent provider servers adapted to receive one or more first consent of the one or more users from the one or more content provider servers, request the one or more image generator servers to generate one or more dynamic context driven object (DCDO) images; and
the one or more image generator servers connected to the one or more portal hosting servers, wherein the one or more image generators servers configured to authenticate the one or more users.
7. The online user authentication and fraud detection system as claimed in claim 6, wherein the one or more image generator servers comprises step:
splitting, the one or more dynamic context driven object (DCDO) images into plurality of layers;
sending, by the one or more image generating servers, the plurality of split layers of the one or more dynamic context driven object (DCDO) images to the one or more portal hosting servers;
sending, by the one or more portal hosting servers, the plurality of split layers of the one or more dynamic context driven object (DCDO) images to the one or more user terminals;
merging, by the one or more user terminals, the plurality of split layers of the one or more dynamic context driven object (DCDO) images;
displaying, by the one or more user terminals, one or more merged dynamic context driven object (DCDO) images;
receiving, by the one or more user terminals, click coordinates as one or more consents of the one or more users on the one or more merged dynamic context driven object (DCDO) images;
sending, by the one or more user terminals, the one or more consents of the one or more users to the one or more image generator servers;
mapping, by the one or more image generator servers, the one or more consents of one or more including one or more click coordinates, with the one or more merged dynamic context driven object (DCDO) images; interpreting, by the one or more image generator servers, the one or more consents of the one or more users based on mapping; and
authenticating, by the one or more image generators, the user for next action.
8. The user authentication system as claimed in claim 6, wherein the one or more user consents analyzed by one or more machine learning training servers to update the machine learning algorithm.
9. The user authentication system as claimed in claim 8, wherein one or more machine prediction learning servers configured to use the learning of the one or more machine learning training servers to detect fraudulent patterns based on a machine learning algorithm.
10. The user authentication system as claimed in claim 6 further comprising redirecting the user to the content provider once the one or more users authenticated.
11. The user authentication system as claimed in claim 6 further comprising redirecting away and blocked from the accessing further information, once the one or more users authentication failed.
12. The user authentication system as claimed in claim 11, wherein one or more contents of the one or more dynamic context driven object (DCDO) images visible only after the merger of the plurality of split layers of the one or more dynamic context driven object (DCDO) images.
PCT/IN2018/050854 2017-12-18 2018-12-18 Method and system to use click event to securely authenticate online user's input and prevent frauds WO2019123479A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN201741045490 2017-12-18
IN201741045490 2017-12-18

Publications (1)

Publication Number Publication Date
WO2019123479A1 true WO2019123479A1 (en) 2019-06-27

Family

ID=66994547

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2018/050854 WO2019123479A1 (en) 2017-12-18 2018-12-18 Method and system to use click event to securely authenticate online user's input and prevent frauds

Country Status (1)

Country Link
WO (1) WO2019123479A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080216163A1 (en) * 2007-01-31 2008-09-04 Binary Monkeys Inc. Method and Apparatus for Network Authentication of Human Interaction and User Identity
CN103139204A (en) * 2012-12-19 2013-06-05 姚爱军 Network identifying code method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080216163A1 (en) * 2007-01-31 2008-09-04 Binary Monkeys Inc. Method and Apparatus for Network Authentication of Human Interaction and User Identity
CN103139204A (en) * 2012-12-19 2013-06-05 姚爱军 Network identifying code method and system

Similar Documents

Publication Publication Date Title
US11258776B2 (en) System and method for determining use of non-human users in a distributed computer network environment
US11956243B2 (en) Unified identity verification
US11625720B2 (en) Secure in-line payments for rich internet applications
US10339291B2 (en) Approving transactions using a captured biometric template
US8707048B2 (en) Dynamic pattern insertion layer
US20210049579A1 (en) Multi-factor identity authentication
US20150213451A1 (en) Credit card fraud prevention system and method
US11017385B2 (en) Online transactions
US20210105302A1 (en) Systems And Methods For Determining User Intent At A Website And Responding To The User Intent
US11341200B1 (en) System and method for facilitating presentation modification of a user interface
US11233820B2 (en) Systems and methods for detecting phishing websites
WO2019123479A1 (en) Method and system to use click event to securely authenticate online user's input and prevent frauds
US20200410489A1 (en) Device manager to control data tracking on computing devices
FANG et al. Security Measures Applied on Digital Banking Towards Service Improvement Proposal
Müller Authentication
KR101505934B1 (en) Method for providing personal page in internet banking service
AU2013100799A4 (en) Secure in-line payments for rich internet applications
KR20070115034A (en) Method and system for authenticating user and payment in internet

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18892909

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18892909

Country of ref document: EP

Kind code of ref document: A1