Protection against end user account locking denial of service (DOS)

US 10,225,283 B2
Filed: 10/20/2016
Issued: 03/05/2019
Est. Priority Date: 10/22/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining, at a computing system of an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access to a resource on behalf of a user from a device via the access management system, wherein the access attempts are received by the access management system on a first channel of communication;

upon determining that the access threshold has been satisfied, sending, to a destination associated with the user, first temporary access information for the user to authenticate the access management system, wherein the destination is different from the device and the first temporary access information is communicated to the destination using a second channel of communication that is different from the first channel of communication;

receiving, from the device, second temporary access information;

determining whether the second temporary access information matches the first temporary access information sent to the destination;

upon determining that the second temporary access information matches the first temporary access information sent to the destination, sending a message to the device, the message causing the device to enable the user with access from the device to the resource; and

upon determining that the second temporary access information does not match the first temporary access information sent to the destination, sending a message to the device, the message causing the device to prevent the user with future access from the device to the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for protecting a user from denial of service (DOS) to access his/her a user account that has been locked. An access management system can provide features that enable an owner of an account to prevent the account from becoming locked. Specifically, the techniques disclosed herein enable an account holder to circumvent procedures of the access management system that lock an account after several unsuccessful attempts to access the account. The access management system may operate according to a configuration for managing access to account. The access management system can manage access to an account by presenting a user with an interface to received access information (e.g., account information and credential information) for the account to determine whether to unlock the account. The access management system can deny access to an account upon determining that the credential information is not correct for the account.

77 Citations

View as Search Results

18 Claims

1. A method comprising:
- determining, at a computing system of an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access to a resource on behalf of a user from a device via the access management system, wherein the access attempts are received by the access management system on a first channel of communication;
  
  upon determining that the access threshold has been satisfied, sending, to a destination associated with the user, first temporary access information for the user to authenticate the access management system, wherein the destination is different from the device and the first temporary access information is communicated to the destination using a second channel of communication that is different from the first channel of communication;
  
  receiving, from the device, second temporary access information;
  
  determining whether the second temporary access information matches the first temporary access information sent to the destination;
  
  upon determining that the second temporary access information matches the first temporary access information sent to the destination, sending a message to the device, the message causing the device to enable the user with access from the device to the resource; and
  
  upon determining that the second temporary access information does not match the first temporary access information sent to the destination, sending a message to the device, the message causing the device to prevent the user with future access from the device to the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - generating the first temporary access information; and
      
      after sending the first temporary access information to the destination, sending to the device a request for the first temporary access information.
  - 3. The method of claim 1, wherein the device is a first computing device and wherein the destination is a second computing device that is different from the first computing device.
  - 4. The method of claim 1, wherein the destination is an email address or a telephone number accessible using a mobile device.
  - 5. The method of claim 1, wherein resource is accessed based on an account managed by the access management system, and wherein the account provides access to the resource that is enabled by the access management system.
  - 6. The method of claim 1, wherein the first temporary access information is a password that is associated with a time period.
  - 7. The method of claim 1, further comprising:
    - generating a graphical interface to receive access information to determine access from the device to the resource; and
      
      sending the graphical interface to the device, wherein the device displays the graphical interface, wherein the device receives the first temporary access information as input by the user through the graphical interface, and wherein the first temporary access information that is received by the device is sent by the device as the second temporary access information that is received from the device.
  - 8. The method of claim 1, further comprising:
    - storing data in association with information about the user upon sending the first temporary access information to the destination.
  - 9. The method of claim 8, further comprising:
    - updating the data to indicate that the second temporary access information was received.
  - 10. The method of claim 8, further comprising:
    - upon determining that the second temporary access information matches the first temporary access information sent to the destination, updating the data to indicate that the user is enabled to request access on behalf of the user from the device via the access management system.
  - 11. The method of claim 8, further comprising:
    - upon determining that the second temporary access information does not match the first temporary access information sent to the destination, updating the data to indicate that the user is prevented from future attempts to obtain access on behalf of the user from the device via the access management system.

12. A method comprising:
- determining, at a computing system of an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access on behalf of a user from a device via the access management system;
  
  upon determining that the access threshold has been satisfied, sending, to a destination associated with the user, first temporary access information for the user to authenticate the access management system;
  
  receiving, from the device, second temporary access information;
  
  determining whether the second temporary access information matches the first temporary access information sent to the destination;
  
  upon determining that the second temporary access information matches the first temporary access information sent to the destination, sending to the device a request for credential information to enable the user to request access to a resource;
  
  receiving the credential information from the device;
  
  determining, at the computer system, whether the received credential information is valid for the user;
  
  upon determining that the received credential information is valid, authenticating the user based on the credential information and sending a message to the device, wherein the message causes the device to enable the user with access from the device to the resource; and
  
  upon determining that the second temporary access information does not match the first temporary access information sent to the destination or upon determining that the received credential information is invalid, sending a message to the device, the message causing the device to prevent the user with future access from the device to the resource.

13. A method comprising:
- determining, at a computing system of an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access on behalf of a user from a device via the access management system;
  
  sending, to a destination associated with the user, first temporary access information for the user to authenticate the access management system;
  
  upon sending the first temporary access information to the destination, storing data in association with information about the user;
  
  receiving, from the device, second temporary access information;
  
  determining whether the second temporary access information matches the first temporary access information sent to the destination;
  
  upon determining that the second temporary access information matches the first temporary access information sent to the destination, updating the data to indicate that the user is enabled to request access on behalf of the user from the device via the access management system and sending a message to the device, the message causing the device to enable the user with access from the device to a resource;
  
  upon determining that the second temporary access information does not match the first temporary access information sent to the destination, sending a message to the device, the message causing the device to prevent the user with future access from the device to the resourcereceiving, from the device, a new request for access on behalf of the user; and
  
  enabling the new request for access based on the data indicating that the user is enabled to request access on behalf of the user from the device via the access management system.

14. A method comprising:
- determining, at a computing system of an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access on behalf of a user from a device via the access management system;
  
  sending, to a destination associated with the user, first temporary access information for the user to authenticate the access management system;
  
  upon sending the first temporary access information to the destination, storing data in association with information about the user;
  
  receiving, from the device, second temporary access information;
  
  determining whether the second temporary access information matches the first temporary access information sent to the destination;
  
  upon determining that the second temporary access information matches the first temporary access information sent to the destination, sending a message to the device, the message causing the device to enable the user with access from the device to a resource;
  
  upon determining that the second temporary access information does not match the first temporary access information sent to the destination, updating the data to indicate that the user is prevented from future attempts to obtain access on behalf of the user from the device via the access management system and sending a message to the device, the message causing the device to prevent the user with future access from the device to the resource;
  
  receiving, from the device, a new request for access on behalf of the user; and
  
  preventing the new request for access based on the data indicating that the user is prevented from future attempts to obtain access on behalf of the user from the device via the access management system.

15. A system comprising:
- one or more processors; and
  
  a memory coupled accessible to the one or more processors, the memory storing one or more instructions that, upon execution by the one or more processors, causes the one or more processors to;
  
  determine, at an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access on behalf of a user from a device via the access management system;
  
  upon determining that the access threshold has been satisfied, send, to a destination associated with the user, first temporary access information for the user to authenticate the access management system;
  
  receive, from the device, second temporary access information;
  
  determine whether the second temporary access information matches the first temporary access information sent to the destination;
  
  upon determining that the second temporary access information matches the first temporary access information sent to the destination, sending to the device a request for credential information to enable the user to request access to a resourcereceive the credential information from the device;
  
  determine, at the access management system, whether the received credential information is valid for the user;
  
  upon determining that the received credential information is valid, authenticate the user based on the credential information and send a message to the device, the message causing the device to enable the user with access from the device to the resource; and
  
  upon determining that the second temporary access information does not match the first temporary access information sent to the destination or upon determining that the received credential information is invalid, send a message to the device, the message causing the device to prevent the user with future access from the device to the resource.
- View Dependent Claims (16)
- - 16. The system of claim 15, wherein the one or more instructions, upon execution by the one or more processors, further causes the one or more processors to:
    - after sending the first temporary access information to the destination, send to the device a request for the first temporary access information.

17. A non-transitory computer-readable medium storing one or more instructions that, upon execution by one or more processors, causes the one or more processors to:
- determine, at a computing system of an access management system, that an access threshold has been satisfied, the access threshold being based on a maximum number of unsuccessful attempts to obtain access on behalf of a user from a device via the access management system;
  
  upon determining that the access threshold has been satisfied, send, to a destination associated with the user, first temporary access information for the user to authenticate the access management system;
  
  receive, from the device, second temporary access information;
  
  determine whether the second temporary access information matches the first temporary access information sent to the destination;
  
  upon determining that the second temporary access information matches the first temporary access information sent to the destination, sending to the device a request for credential information to enable the user to request access to a resourcereceive the credential information from the device;
  
  determine, at the access management system, whether the received credential information is valid for the user;
  
  upon determining that the received credential information is valid, authenticate the user based on the credential information and send a message to the device, the message causing the device to enable the user with access from the device to the resource; and
  
  upon determining that the second temporary access information does not match the first temporary access information sent to the destination or upon determining that the received credential information is invalid, send a message to the device, the message causing the device to prevent the user with future access from the device to the resource.
- View Dependent Claims (18)
- - 18. The non-transitory computer-readable medium of claim 17, wherein the device is a first computing device and wherein the destination is a second computing device that is different from the first computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Mathew, Stephen, Subramanya, Ramya, Koottayi, Vipin Anaparakkal
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US15/298,624
Publication Number

US 20170126733A1
Time in Patent Office

866 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/1458   Denial of Service

Protection against end user account locking denial of service (DOS)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

77 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Protection against end user account locking denial of service (DOS)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links