System and method for blocking unauthorized network log in using stolen password

US 20060015743A1
Filed: 03/11/2005
Published: 01/19/2006
Est. Priority Date: 07/15/2004
Status: Active Grant

First Claim

Patent Images

1. A method for selectively granting a user access to data, comprising:

at an information server, receiving a user name and password from a user computer;

if the user name and password are valid, transparently to a user of the user computer transferring user computer communication to an authentication server;

at the authentication server, determining whether a cookie previously deposited on the user computer includes a machine ID matching a test machine ID and a login key matching a test login key, and if so, transparently to a user of the user computer transferring user computer communication back to the information server, granting the user computer access to the data, and refreshing the login key, otherwise not granting the user computer access to the data absent additional authentication steps.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When a user successfully logs in to an information server such as an online banking server, an e-commerce server, or a VPN server, for greater security communication is transferred transparently to the user to an authentication server for additional authentication. The additional authentication can include comparing elements of a previously deposited cookie on the user computer to test elements, and if the elements, match, granting access and transparently transferring the user computer back to the information server. If the secondary authentication fails, however, the user may be asked questions as tertiary authentication, or a PIN code can be sent to the user'"'"'s cell phone, which PIN code can then be input on the user computer to gain access.

Citations

15 Claims

1. A method for selectively granting a user access to data, comprising:
- at an information server, receiving a user name and password from a user computer;
  
  if the user name and password are valid, transparently to a user of the user computer transferring user computer communication to an authentication server;
  
  at the authentication server, determining whether a cookie previously deposited on the user computer includes a machine ID matching a test machine ID and a login key matching a test login key, and if so, transparently to a user of the user computer transferring user computer communication back to the information server, granting the user computer access to the data, and refreshing the login key, otherwise not granting the user computer access to the data absent additional authentication steps.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein if the machine ID does not match the test machine ID, additional authentication steps are executed.
  - 3. The method of claim 1, wherein if the machine ID matches the test machine ID but the login key does not match the test login key, no additional authentication steps are executed and an account associated with the user is disabled.
  - 4. The method of claim 2, wherein the additional authentication steps include sending a PIN code to a wireless telephone associated with the user, and receiving from the user computer the PIN code from the user obtained from the wireless telephone.
  - 5. The method of claim 1, wherein the information server is an online banking server.
  - 6. The method of claim 1, wherein the information server is an e-commerce server.
  - 7. The method of claim 1, wherein the information server is a VPN server.

8. An authentication system for at least one user computer associated with a user, comprising:
- at least one information server controlling access to information, the information server receiving initial authentication data from the user computer and if the initial authentication data is valid, transparently to a user of the user computer transferring communication to at least one authentication server, the authentication server executing secondary authentication with the user computer and if the secondary authentication is valid, transparently to a user of the user computer transferring communication back to the information server for accessing the information, otherwise executing at least one action in the group consisting of;
  
  disabling an account associated with the user, and executing tertiary authentication the successful completion of which causes the authentication server, transparently to a user of the user computer, to transfer communication back to the information server for accessing the information.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein the secondary authentication includes comparing a machine ID in a cookie on the user computer to a test machine ID and comparing a login key to a test login key, successful comparisons resulting in no additional authentication steps and the refreshing of the login key.
  - 10. The system of claim 8, wherein the tertiary authentication include sending a PIN code to a wireless telephone associated with the user, and receiving from the user computer the PIN code from the user obtained from the wireless telephone.
  - 11. The system of claim 8, wherein the information server is an online banking server.
  - 12. The system of claim 8, wherein the information server is an e-commerce server.
  - 13. The system of claim 8, wherein the information server is a VPN server.

14. An authentication server configured for communicating with at least one user computer and at least one information server, comprising:
- means for authenticating the user computer using a previously deposited cookie on the user computer;
  
  means, responsive to the means for authenticating, for informing the information server to grant access to the user computer; and
  
  means, responsive to the means for authenticating, for transferring user computer communication back to the information server.
- View Dependent Claims (15)
- - 15. The authentication server of claim 14, further comprising means for sending a one-time PIN code to a wireless telephone associated with the user as part of a tertiary authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Anakam, Inc. (Equifax, Inc.)
Original Assignee
Anakam, Inc. (Equifax, Inc.)
Inventors
Samuelsson, Jonas, Camaisa, Allan

Granted Patent

US 8,079,070 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/31   User authentication

H04L 63/083   using passwords cryptograph...

H04L 63/1441   Countermeasures against mal...

H04L 67/02   based on web technology, e....

System and method for blocking unauthorized network log in using stolen password

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for blocking unauthorized network log in using stolen password

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links