Stolen credential use prevention on a web service
First Claim
1. A method to facilitate securing web services from unauthorized access, the method comprising:
- monitoring user interactions with a web service;
generating sets of the user interactions per originator by grouping the user interactions per originator based on origination information associated with the user interactions, wherein the origination information includes network data and application information associated with applications used to conduct the user interactions with the web service that uniquely identify each originator;
processing the sets of the user interactions that are grouped per originator to identify credentials used to access the web service per originator;
comparing the credentials used to access the web service per originator with compromised credentials stored in a database to identify one or more user accounts of the web service associated with an originator that used the compromised credentials found in the database;
determining whether the originator used multiple ones of the compromised credentials stored in the database to attempt to access the one or more user accounts of the web service;
responsive to determining that the originator used the multiple ones of the compromised credentials, blocking the originator from access to the web service; and
applying security measures for at least the one or more user accounts of the web service associated with the originator that used the compromised credentials found in the database.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques to facilitate securing web services from unauthorized access are disclosed herein. In at least one implementation, user interactions with a web service are monitored, and sets of the user interactions are generated per originator based on origination information associated with the user interactions. The sets of the user interactions are processed to identify credentials used to access the web service per originator. The credentials used to access the web service per originator are compared with compromised credentials stored in a database to identify one or more user accounts of the web service associated with an originator that used the compromised credentials found in the database. Security measures are applied for at least the one or more user accounts of the web service associated with the originator that used the compromised credentials found in the database.
-
Citations
20 Claims
-
1. A method to facilitate securing web services from unauthorized access, the method comprising:
-
monitoring user interactions with a web service; generating sets of the user interactions per originator by grouping the user interactions per originator based on origination information associated with the user interactions, wherein the origination information includes network data and application information associated with applications used to conduct the user interactions with the web service that uniquely identify each originator; processing the sets of the user interactions that are grouped per originator to identify credentials used to access the web service per originator; comparing the credentials used to access the web service per originator with compromised credentials stored in a database to identify one or more user accounts of the web service associated with an originator that used the compromised credentials found in the database; determining whether the originator used multiple ones of the compromised credentials stored in the database to attempt to access the one or more user accounts of the web service; responsive to determining that the originator used the multiple ones of the compromised credentials, blocking the originator from access to the web service; and applying security measures for at least the one or more user accounts of the web service associated with the originator that used the compromised credentials found in the database. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus comprising:
-
one or more processors; one or more non-transitory computer-readable storage media; and program instructions stored on the one or more non-transitory computer-readable storage media that, when executed by the one or more processors, direct a system to at least; monitor user interactions with a web service; generate sets of the user interactions per originator by grouping the user interactions per originator based on origination information associated with the user interactions, wherein the origination information includes network data and application information associated with applications used to conduct the user interactions with the web service that uniquely identify each originator; process the sets of the user interactions that are grouped per originator to identify credentials used to access the web service per originator; compare the credentials used to access the web service per originator with compromised credentials stored in a database to identify one or more user accounts of the web service associated with an originator that used the compromised credentials found in the database; determine whether the originator used multiple ones of the compromised credentials to attempt to access the one or more user accounts of the web service; responsive to determining that the originator used the multiple ones of the compromised credentials, block the originator from access to the web service; and apply security measures for at least the one or more user accounts of the web service associated with the originator that used the compromised credentials found in the database. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. One or more non-transitory computer-readable storage media having program instructions stored thereon to facilitate securing web services from unauthorized access, wherein the program instructions, when executed by a processing system, direct the processing system to at least:
-
monitor user interactions with a web service; generate sets of the user interactions per originator by grouping the user interactions per originator based on origination information associated with the user interactions, wherein the origination information includes network data and application information associated with applications used to conduct the user interactions with the web service that uniquely identify each originator; process the sets of the user interactions that are grouped per originator to identify credentials used to access the web service per originator; compare the credentials used to access the web service per originator with compromised credentials stored in a database to identify one or more user accounts of the web service associated with an originator that used the compromised credentials found in the database; determine whether the originator used multiple ones of the compromised credentials to attempt to access the one or more user accounts of the web service; responsive to determining that the originator used the multiple ones of the compromised credentials, block the originator from access to the web service; and apply security measures for at least the one or more user accounts of the web service associated with the originator that used the compromised credentials found in the database. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification