TECHNIQUES FOR CREDENTIAL STRENGTH ANALYSIS VIA FAILED INTRUDER ACCESS ATTEMPTS
First Claim
Patent Images
1. A machine-implemented method, comprising:
- detecting that a failed authentication to a secure network has occurred;
acquiring a failed credential used in the failed authentication from an authentication service;
determining when the failed credential falls within a defined threshold of tolerance;
recording the failed credential in a failed credential store when the failed credential falls outside the defined threshold of tolerance; and
using the failed credential and the failed credential store to resolve a strength attribute associated with one or more existing valid credentials that properly authenticate to the secure network.
7 Assignments
0 Petitions
Accused Products
Abstract
Techniques for credential strength analysis via failed intruder access attempts are presented. Intruders attempting to access a secure network with failed credentials are monitored. The failed credentials are retained and evaluated in view of previously recorded failed credentials. Credential policy is updated in response to the evaluation and intruder trends and sophistication levels are also predicted in response to the evaluation.
-
Citations
24 Claims
-
1. A machine-implemented method, comprising:
-
detecting that a failed authentication to a secure network has occurred; acquiring a failed credential used in the failed authentication from an authentication service; determining when the failed credential falls within a defined threshold of tolerance; recording the failed credential in a failed credential store when the failed credential falls outside the defined threshold of tolerance; and using the failed credential and the failed credential store to resolve a strength attribute associated with one or more existing valid credentials that properly authenticate to the secure network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A machine-implemented method, comprising:
-
determining a failed password supplied with a user identification in an attempt to access a secure resource originates from an intruder; analyzing the failed password in view of previous failed passwords and previous patterns associated with those failed passwords; and updating intruder detection metrics in response to the analysis. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
an authentication service implemented in a machine-accessible and computer-readable medium and that executes on a machine; the credential analysis service implemented in a machine-accessible and computer-readable medium and to process on the machine or a different machine; wherein the authentication service is to supply a failed credential, which is associated with a legitimate resource identifier, to the credential analysis service when a requesting resource attempts to use the failed credential under the guise of the legitimate resource identifier for purposes of accessing a secure network, and wherein the credential analysis service is to determine when the requesting resource is an intruder and when the intruder is detected, the credential analysis service acquires metrics associated with the failed credential and its usage by the intruder and updates an intruder data store, and wherein the credential analysis service evaluates the data store having other metrics associated with other failed credentials and other intruders for purposes of adjusting strength values for legitimate credentials used in the secure network and for purposes of adjusting a policy that is associated with intruder trends. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A system, comprising:
-
a password service implemented in a machine-accessible and computer-readable medium and is to process on a machine; and a intruder analysis service implemented in a machine-accessible and computer-readable medium and is to process on the machine or a different machine; wherein the password service supplies a failed password and user identifier received from a requesting user, who is attempting to login to a secure network, to the intruder analysis service, and wherein the intruder analysis service is to evaluate the failed password, in view of a data store of failed passwords historically maintained for previously failed passwords used to attempt access into the secure network, for purposes of adjusting password policy for the secure network. - View Dependent Claims (22, 23, 24)
-
Specification