System and method for blocking unauthorized network log in using stolen password
First Claim
1. A method for selectively granting a user access to data, comprising:
- at an information server, receiving a user name and password from a user computer;
if the user name and password are valid, transparently to a user of the user computer transferring user computer communication to an authentication server;
at the authentication server, determining whether a cookie previously deposited on the user computer includes a machine ID matching a test machine ID and a login key matching a test login key, and if so, transparently to a user of the user computer transferring user computer communication back to the information server, granting the user computer access to the data, and refreshing the login key, otherwise not granting the user computer access to the data absent additional authentication steps.
4 Assignments
0 Petitions
Accused Products
Abstract
When a user successfully logs in to an information server such as an online banking server, an e-commerce server, or a VPN server, for greater security communication is transferred transparently to the user to an authentication server for additional authentication. The additional authentication can include comparing elements of a previously deposited cookie on the user computer to test elements, and if the elements, match, granting access and transparently transferring the user computer back to the information server. If the secondary authentication fails, however, the user may be asked questions as tertiary authentication, or a PIN code can be sent to the user'"'"'s cell phone, which PIN code can then be input on the user computer to gain access.
-
Citations
15 Claims
-
1. A method for selectively granting a user access to data, comprising:
-
at an information server, receiving a user name and password from a user computer;
if the user name and password are valid, transparently to a user of the user computer transferring user computer communication to an authentication server;
at the authentication server, determining whether a cookie previously deposited on the user computer includes a machine ID matching a test machine ID and a login key matching a test login key, and if so, transparently to a user of the user computer transferring user computer communication back to the information server, granting the user computer access to the data, and refreshing the login key, otherwise not granting the user computer access to the data absent additional authentication steps. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An authentication system for at least one user computer associated with a user, comprising:
-
at least one information server controlling access to information, the information server receiving initial authentication data from the user computer and if the initial authentication data is valid, transparently to a user of the user computer transferring communication to at least one authentication server, the authentication server executing secondary authentication with the user computer and if the secondary authentication is valid, transparently to a user of the user computer transferring communication back to the information server for accessing the information, otherwise executing at least one action in the group consisting of;
disabling an account associated with the user, and executing tertiary authentication the successful completion of which causes the authentication server, transparently to a user of the user computer, to transfer communication back to the information server for accessing the information. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. An authentication server configured for communicating with at least one user computer and at least one information server, comprising:
-
means for authenticating the user computer using a previously deposited cookie on the user computer;
means, responsive to the means for authenticating, for informing the information server to grant access to the user computer; and
means, responsive to the means for authenticating, for transferring user computer communication back to the information server. - View Dependent Claims (15)
-
Specification