System and method for blocking unauthorized network log in using stolen password
First Claim
1. A method for selectively granting a user access to data, comprising:
- at a Web server, receiving a user name and password from a user computer;
only if a cookie previously deposited on the user computer by the server, the user name, and the password are valid, granting access to the data to the user computer;
otherwise initiating a user validation process at least if the password is valid but the cookie is not.
3 Assignments
0 Petitions
Accused Products
Abstract
To limit access to thieves of passwords, at initial registration with a Web server, a user is given a password and user name, and a cookie including a login key and machine ID is downloaded to the user. For subsequent log ins, the user inputs the user name and password and if they are correct, the server checks the cookie on the user computer to determine whether the login key and machine ID matches the record stored in the server before granting access. If access is successful a new login key is sent in a new cookie to be used in the next subsequent login so that the login key changes every login. If the cookie check is unsuccessful, the server refuses access until a user validation process has been completed.
-
Citations
33 Claims
-
1. A method for selectively granting a user access to data, comprising:
-
at a Web server, receiving a user name and password from a user computer;
only if a cookie previously deposited on the user computer by the server, the user name, and the password are valid, granting access to the data to the user computer;
otherwiseinitiating a user validation process at least if the password is valid but the cookie is not. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 28, 29)
-
-
11. A system for impeding a thief possessing a password of a user from accessing information intended to be accessed by the user, comprising:
-
at least one user computer associated with the user; and
a server computer controlling-access to the information, the server computer granting access to the information only upon receipt of a valid password and determination that a valid verification string resides on the user computer, the server computer otherwise initiating a validation process at least under the condition of the password being valid and the verification string not being valid. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 30, 31)
-
-
22. A computer system, comprising:
a Web server comprising;
means for sending a user name and a password to a user computer;
means for sending a verification string to the user computer, the verification string including a machine ID substantially unique to the user computer and a login key that is refreshed each time the user computer logs in to the Web server;
means for, subsequent to sending the verification string to the user computer and in response to an attempted log in from a login computer that may or may not be the user computer to gain access to information the access to which is controlled by the Web server, determining whether at least a password sent from the login computer is valid, and whether the verification string resides on the login computer;
means for granting access to the user computer if both the password is valid and the verification string resides on the user computer;
means for, if the password is valid but the verification string does not reside on the login computer, refusing access pending successful validation and then undertaking at least one of;
initiating a validation process; and
determining whether all N≧
1 machines associated with the user have accessed the server.- View Dependent Claims (23, 24, 25, 26, 27, 32, 33)
Specification