Method and system for detecting and preventing an intrusion in multiple platform computing environments
First Claim
1. An authentication intrusion detection system responsive to an attempted intrusion into a local computer system to which access is gained by prospective users entering a personal identifier followed by a secret authenticator, said authentication intrusion detection system comprising:
- a local computer system authenticator file communicating with said local computer system and having stored therein the secret authenticators corresponding to the personal identifiers entered by prospective users;
an authenticator broker system to intercept and redirect the identifier and secret authenticator of a prospective user from the local computer system;
an authenticator broker file communicating with said authenticator broker system and having stored therein the secret authenticators corresponding to the personal identifiers entered by the prospective users at the local computer system and stored in the local computer system authenticator file, whereby a prospective user can gain access to the local computer system when the authenticator entered by the prospective user matches the authenticator stored in said authenticator broker file; and
a decoy authenticator file communicating with the authenticator broker system to assign a decoy authenticator for the secret authenticator entered by the prospective user at the local computer system and stored in the local computer system authenticator file.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and a system by which to achieve authentication intrusion detection so as to effectively detect and prevent unauthorized access to and use of a local computer system, or the like, and take appropriate measures. The local system authentication process is redirected to an authenticator broker system (i.e. a secondary authentication system) that makes use of the local system authentication process paths and the local system authenticator file. The authenticator broker system includes an authenticator broker system file having stored therein secret authenticators of prospective users, a mapping file to assign a replacement identifier for the identifier entered by a particular user at the local system and redirected to the secondary system, and a decoy authenticator file to assign a decoy authenticator for the secret authenticator entered by the user and originally stored in the local system authentication file. It is the decoy authenticator that is captured and unknowingly used by the intruder to give away his or her presence. By way of example, the authenticator broker system may be a mainframe computer that is responsible for authentication and access control with respect to a local computer system.
65 Citations
12 Claims
-
1. An authentication intrusion detection system responsive to an attempted intrusion into a local computer system to which access is gained by prospective users entering a personal identifier followed by a secret authenticator, said authentication intrusion detection system comprising:
-
a local computer system authenticator file communicating with said local computer system and having stored therein the secret authenticators corresponding to the personal identifiers entered by prospective users;
an authenticator broker system to intercept and redirect the identifier and secret authenticator of a prospective user from the local computer system;
an authenticator broker file communicating with said authenticator broker system and having stored therein the secret authenticators corresponding to the personal identifiers entered by the prospective users at the local computer system and stored in the local computer system authenticator file, whereby a prospective user can gain access to the local computer system when the authenticator entered by the prospective user matches the authenticator stored in said authenticator broker file; and
a decoy authenticator file communicating with the authenticator broker system to assign a decoy authenticator for the secret authenticator entered by the prospective user at the local computer system and stored in the local computer system authenticator file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for detecting a compromise by an intruder to a local computer system that requires authorized users to log onto the local computer system by means of successfully entering a personal identifier and a secret authenticator for purposes of user authentication, said method comprising the steps of:
-
intercepting the secret authenticator entered by the authorized user at the local computer system and forwarding the secret authenticator to an authenticator broker system;
transmitting from the authenticator broker system to the local computer system a decoy password in substitution of the secret authenticator of the authorized user; and
logging the authorized user onto the local computer system on the basis of the decoy password transmitted to the local computer system from the authenticator broker system;
whereby an intruder who breaks into the local computer system will capture and enter the authorized user'"'"'s personal identifier and the decoy password substituted for the authorized user'"'"'s secret authenticator to be forwarded to the authenticator broker system by which to provide an indication that the local computer system has been compromised. - View Dependent Claims (10, 11, 12)
-
Specification