Protection against end user account locking denial of service (DOS)
First Claim
1. A method comprising:
- determining, at a computing system of an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access to a resource on behalf of a user from a device via the access management system, wherein the access attempts are received by the access management system on a first channel of communication;
upon determining that the access threshold has been satisfied, sending, to a destination associated with the user, first temporary access information for the user to authenticate the access management system, wherein the destination is different from the device and the first temporary access information is communicated to the destination using a second channel of communication that is different from the first channel of communication;
receiving, from the device, second temporary access information;
determining whether the second temporary access information matches the first temporary access information sent to the destination;
upon determining that the second temporary access information matches the first temporary access information sent to the destination, sending a message to the device, the message causing the device to enable the user with access from the device to the resource; and
upon determining that the second temporary access information does not match the first temporary access information sent to the destination, sending a message to the device, the message causing the device to prevent the user with future access from the device to the resource.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are disclosed for protecting a user from denial of service (DOS) to access his/her a user account that has been locked. An access management system can provide features that enable an owner of an account to prevent the account from becoming locked. Specifically, the techniques disclosed herein enable an account holder to circumvent procedures of the access management system that lock an account after several unsuccessful attempts to access the account. The access management system may operate according to a configuration for managing access to account. The access management system can manage access to an account by presenting a user with an interface to received access information (e.g., account information and credential information) for the account to determine whether to unlock the account. The access management system can deny access to an account upon determining that the credential information is not correct for the account.
77 Citations
18 Claims
-
1. A method comprising:
-
determining, at a computing system of an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access to a resource on behalf of a user from a device via the access management system, wherein the access attempts are received by the access management system on a first channel of communication; upon determining that the access threshold has been satisfied, sending, to a destination associated with the user, first temporary access information for the user to authenticate the access management system, wherein the destination is different from the device and the first temporary access information is communicated to the destination using a second channel of communication that is different from the first channel of communication; receiving, from the device, second temporary access information; determining whether the second temporary access information matches the first temporary access information sent to the destination; upon determining that the second temporary access information matches the first temporary access information sent to the destination, sending a message to the device, the message causing the device to enable the user with access from the device to the resource; and upon determining that the second temporary access information does not match the first temporary access information sent to the destination, sending a message to the device, the message causing the device to prevent the user with future access from the device to the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
determining, at a computing system of an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access on behalf of a user from a device via the access management system; upon determining that the access threshold has been satisfied, sending, to a destination associated with the user, first temporary access information for the user to authenticate the access management system; receiving, from the device, second temporary access information; determining whether the second temporary access information matches the first temporary access information sent to the destination; upon determining that the second temporary access information matches the first temporary access information sent to the destination, sending to the device a request for credential information to enable the user to request access to a resource; receiving the credential information from the device; determining, at the computer system, whether the received credential information is valid for the user; upon determining that the received credential information is valid, authenticating the user based on the credential information and sending a message to the device, wherein the message causes the device to enable the user with access from the device to the resource; and upon determining that the second temporary access information does not match the first temporary access information sent to the destination or upon determining that the received credential information is invalid, sending a message to the device, the message causing the device to prevent the user with future access from the device to the resource.
-
-
13. A method comprising:
-
determining, at a computing system of an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access on behalf of a user from a device via the access management system; sending, to a destination associated with the user, first temporary access information for the user to authenticate the access management system; upon sending the first temporary access information to the destination, storing data in association with information about the user; receiving, from the device, second temporary access information; determining whether the second temporary access information matches the first temporary access information sent to the destination; upon determining that the second temporary access information matches the first temporary access information sent to the destination, updating the data to indicate that the user is enabled to request access on behalf of the user from the device via the access management system and sending a message to the device, the message causing the device to enable the user with access from the device to a resource; upon determining that the second temporary access information does not match the first temporary access information sent to the destination, sending a message to the device, the message causing the device to prevent the user with future access from the device to the resource receiving, from the device, a new request for access on behalf of the user; and enabling the new request for access based on the data indicating that the user is enabled to request access on behalf of the user from the device via the access management system.
-
-
14. A method comprising:
-
determining, at a computing system of an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access on behalf of a user from a device via the access management system; sending, to a destination associated with the user, first temporary access information for the user to authenticate the access management system; upon sending the first temporary access information to the destination, storing data in association with information about the user; receiving, from the device, second temporary access information; determining whether the second temporary access information matches the first temporary access information sent to the destination; upon determining that the second temporary access information matches the first temporary access information sent to the destination, sending a message to the device, the message causing the device to enable the user with access from the device to a resource; upon determining that the second temporary access information does not match the first temporary access information sent to the destination, updating the data to indicate that the user is prevented from future attempts to obtain access on behalf of the user from the device via the access management system and sending a message to the device, the message causing the device to prevent the user with future access from the device to the resource; receiving, from the device, a new request for access on behalf of the user; and preventing the new request for access based on the data indicating that the user is prevented from future attempts to obtain access on behalf of the user from the device via the access management system.
-
-
15. A system comprising:
-
one or more processors; and a memory coupled accessible to the one or more processors, the memory storing one or more instructions that, upon execution by the one or more processors, causes the one or more processors to; determine, at an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access on behalf of a user from a device via the access management system; upon determining that the access threshold has been satisfied, send, to a destination associated with the user, first temporary access information for the user to authenticate the access management system; receive, from the device, second temporary access information; determine whether the second temporary access information matches the first temporary access information sent to the destination; upon determining that the second temporary access information matches the first temporary access information sent to the destination, sending to the device a request for credential information to enable the user to request access to a resource receive the credential information from the device; determine, at the access management system, whether the received credential information is valid for the user; upon determining that the received credential information is valid, authenticate the user based on the credential information and send a message to the device, the message causing the device to enable the user with access from the device to the resource; and upon determining that the second temporary access information does not match the first temporary access information sent to the destination or upon determining that the received credential information is invalid, send a message to the device, the message causing the device to prevent the user with future access from the device to the resource. - View Dependent Claims (16)
-
-
17. A non-transitory computer-readable medium storing one or more instructions that, upon execution by one or more processors, causes the one or more processors to:
-
determine, at a computing system of an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access on behalf of a user from a device via the access management system; upon determining that the access threshold has been satisfied, send, to a destination associated with the user, first temporary access information for the user to authenticate the access management system; receive, from the device, second temporary access information; determine whether the second temporary access information matches the first temporary access information sent to the destination; upon determining that the second temporary access information matches the first temporary access information sent to the destination, sending to the device a request for credential information to enable the user to request access to a resource receive the credential information from the device; determine, at the access management system, whether the received credential information is valid for the user; upon determining that the received credential information is valid, authenticate the user based on the credential information and send a message to the device, the message causing the device to enable the user with access from the device to the resource; and upon determining that the second temporary access information does not match the first temporary access information sent to the destination or upon determining that the received credential information is invalid, send a message to the device, the message causing the device to prevent the user with future access from the device to the resource. - View Dependent Claims (18)
-
Specification