Using trusted communication channel to combat user name/password theft
First Claim
1. A method for using a trusted communication channel to combat user name/password theft, comprising the steps of:
- detecting an access attempt from an untrusted system;
making an immediate contact with a user of a trusted system when said access attempt from said untrusted system is first detected;
asking said user to confirm whether or not access via said untrusted system should be allowed; and
permitting or denying said access via said untrusted system in response to said confirmation.
8 Assignments
0 Petitions
Accused Products
Abstract
A technique for defining a system with enhanced trust is disclosed, in which an immediate contact is made with the user on the enhanced trust system when a compromise is first detected. The service contacts the compromised user and asks for confirmation of the results. As a result, the true user on the enhanced trust machine is able to preclude a login or preclude a password change. In a first embodiment of the invention, an enhanced trust machine is a machine where the user is currently logged in at the time that the less trusted machine attempts a login. A second embodiment of the invention comprehends an enhanced trust machine where the user has logged in repeatedly over a course of numerous weeks, as compared with a lesser trusted machine that the user has never logged into before and which is now asking for a change of the password.
-
Citations
32 Claims
-
1. A method for using a trusted communication channel to combat user name/password theft, comprising the steps of:
-
detecting an access attempt from an untrusted system;
making an immediate contact with a user of a trusted system when said access attempt from said untrusted system is first detected;
asking said user to confirm whether or not access via said untrusted system should be allowed; and
permitting or denying said access via said untrusted system in response to said confirmation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for determining if a system is a trusted system, comprising the steps of:
-
detecting an access attempt at an untrusted system;
using a messaging system to make immediate contact with a user of a trusted system;
asking said user for confirmation with regard to one or more actions to be taken in connection with said untrusted system; and
precluding said one or more actions if said user refuses to provide affirmative conformation. - View Dependent Claims (15, 16)
-
-
17. An apparatus for using enhanced trust to combat user name/password theft, comprising:
-
a mechanism for detecting an access attempt from an untrusted system;
a messaging system for making an immediate contact with a user of a trusted system when said access attempt from said untrusted system is first detected;
a mechanism for asking said user to confirm whether or not access via said untrusted system should be allowed; and
a mechanism for permitting or denying said access via said untrusted system in response to said confirmation. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. An apparatus for determining if a system is a trusted system, comprising:
-
a mechanism for detecting an access attempt at an untrusted system;
a messaging system for making immediate contact with a user of a trusted system;
a mechanism for asking said user for confirmation with regard to one or more actions to be taken in connection with said untrusted system; and
a mechanism for precluding said one or more actions if said user refuses to provide affirmative conformation. - View Dependent Claims (31, 32)
-
Specification