Browse Prior Art Database

Two layered honeypot for security access of a flow of task

IP.com Disclosure Number: IPCOM000206354D
Publication Date: 2011-Apr-19
Document File: 3 page(s) / 47K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method for discriminating human involvement from automated system (i.e., bot) intervention in the context of a web- or network-based transaction. The method incorporates the use of a two-layer honeypot where a web application page has multiple honeypot forms, each having a randomly-generated unique identification (ID). This ID makes it extremely difficult for a bot to query and store a correct form or field ID because they are regenerated each time the page is loaded.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 3

Two layered honeypot for security access of a flow of task

ECommerce applications that include a check-out process could be in a position where they do not provide all of their customers (a.k.a., traders), many of which may be competing with one another, the same opportunities to purchase highly-desired inventory items. This is especially evident when the eCommerce site's security is compromised when some of the traders utilize pre-formatted scripts/ spiders to place orders, thus giving them an unfair advantage when only a few items are available.

A method is needed to eliminate scripts/spiders in eCommerce applications by using cognitive pattern recognition for security access prior to check out.

Current known solutions to this problem include:
• A product/system which provides a distorted image of letters and numbers used to prevent automated use of websites. These solutions require a person to read the distorted letters and type them into a field, something a bot cannot do, this proving that the page is being accessed by a person. Other solutions may include providing an invisible field(s) which get filled by spiders and could be filtered and/or discarded on the server side.

The drawback to this solution is that the approach can be problematic for users as they cannot always read the letters or numbers because of too much distortion. The main drawback is that hackers have developed smart spiders where with a library of images that would allow the image to be deciphered based on its size.

• A system which uses Form honeypots. The existing solution is trivial and easy to crack given the sophisticated form scanners and the number of experienced hackers. Existing solutions provide a 'fixed' one or multiple invisible honeypot fields where they are populated by the spider. The back-end server logic would be capable of identifying the spider-made request by looking at the value of these fields(s).

The drawback to this solution is that advanced code scanners and experienced hackers can easily crack this single dimensioned honeypot approach by creating a simple analysis of request/response of a given form to identify the proper fields expected by the server. The key issue here is that existing honeypot solution has a static list of fields in a given form; therefore, the spider is able to identify which field is the honeypot, given the right sophistication.

No other existing solutions address the problems in the manner that is described in this disclosure.

Adding a two-layered honeypot for security access eliminates the automation of the check process so that the spider is not able to identify which form and which field is the honeypot. This disclosure describes a method to make it difficult for the bot to determine

1


Page 02 of 3

the honeypot detection. Based on the implementation of the...