PREVENTING PHISHING ATTACKS BASED ON REPUTATION OF USER LOCATIONS

US 20100211996A1
Filed: 12/23/2009
Published: 08/19/2010
Est. Priority Date: 12/26/2008
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for authenticating a user session, the method comprising:

storing one or more safe locations associated with a user account, each stored safe location having a location type;

receiving a request to create a session associated with the user account;

identifying a plurality of locations of different location types associated with a source of the request;

determining that the request is authorized if a location associated with the request matches a stored safe location; and

responsive to determining that the request is authorized;

creating the requested session, andadding at least one of the locations associated with the source of the request to the stored one or more safe locations for the user account.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

User sessions are authenticated based on locations associated with a user account used for sending a request for creating a session. Examples of locations of a source of a request include a geographical location, a network address, or a machine cookie associated with a device sending the request. Locations of the request are compared with stored safe locations associated with the user account and a suspiciousness index is determined for the session. The level of authentication required for the session is determined based on the suspiciousness index. Locations are associated with a reputation based on past history of sessions originating from the locations. A location associated with a history of creating suspicious session is considered an unsafe location. Reputation of the location originating the session is used to determine the level of authentication required for the session.

102 Citations

View as Search Results

20 Claims

1. A computer implemented method for authenticating a user session, the method comprising:
- storing one or more safe locations associated with a user account, each stored safe location having a location type;
  
  receiving a request to create a session associated with the user account;
  
  identifying a plurality of locations of different location types associated with a source of the request;
  
  determining that the request is authorized if a location associated with the request matches a stored safe location; and
  
  responsive to determining that the request is authorized;
  
  creating the requested session, andadding at least one of the locations associated with the source of the request to the stored one or more safe locations for the user account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The computer implemented method of claim 1, wherein a location type is one of a geographical location, a device as indicated by a machine cookie, and a network address.
  - 3. The computer implemented method of claim 1, wherein the one or more stored safe locations comprise locations from where the user has created sessions determined to be safe in the past.
  - 4. The computer implemented method of claim 1, wherein the one or more stored safe locations comprise locations from where the user has created sessions determined to be safe in the past based on authentication provided by the user.
  - 5. The computer implemented method of claim 1, wherein the one or more stored safe locations comprise locations from where connections of the user in a social network have created sessions determined to be safe in the past, wherein a connection of the user is another user to whom the user has established a relationship in the social network.
  - 6. The computer implemented method of claim 1, wherein the one or more stored safe locations comprise locations from where connections of the user in a social network determined as close connections of the user have created sessions determined to be safe in the past, wherein a connection of the user is another user to whom the user has established a relationship in the social network and the connection is determined as a close connection if the interactions between the user and the connection exceed a threshold number.
  - 7. The computer implemented method of claim 1, wherein the session is determined authorized if at least one location in the plurality of locations is identical to a stored safe location from the one or more stored safe locations.
  - 8. The computer implemented method of claim 1, wherein the session is determined authorized if at least one location in the plurality of locations is within a threshold geographical distance of a stored safe location from the one or more stored safe locations.
  - 9. The computer implemented method of claim 1, wherein the session is determined unauthorized if a geographical location associated with the session is greater than a threshold distance from geographical locations associated with the one or more stored safe locations.
  - 10. The computer implemented method of claim 1, wherein the session is determined authorized if more than a threshold number of user'"'"'s connections in a social network have at least one safe location within a threshold distance of the geographical location.
  - 11. The computer implemented method of claim 1, further comprising:
    - receiving a second request to create a second session associated with the user account;
      
      identifying a second plurality of locations of different location types associated with a source of the second request;
      
      determining that the second request is not authorized if none of the locations in the second plurality of locations match a stored safe location; and
      
      responsive to determining that the second request is not authorized, requesting enhanced authentication information from the source of the second request.
  - 12. The computer implemented method of claim 1, further comprising:
    - receiving a second request to create a second session associated with the user account;
      
      identifying a second plurality of locations of different location types associated with a source of the second request;
      
      determining a safety metric associated with the source of the second request based on a match between locations in the second plurality of locations and the one or more stored safe locations;
      
      determining a level of authentication required for the session based on the value of the safety metric; and
      
      sending a request for authentication information based on the level of authentication required.
  - 13. The computer implemented method of claim 12, further comprising:
    - adding at least one of the locations associated with the source of the second request to the stored one or more safe locations for the user account if the safety metric exceeds a threshold value indicating a high level of safety for the session.
  - 14. The computer implemented method of claim 1, further comprising:
    - responsive to a stored safe location from the one or more stored safe locations not being associated with any user session for a period greater than a threshold value, removing the stored safe location from the one or more stored safe locations.
  - 15. The computer implemented method of claim 1, further comprising:
    - responsive to a location of the location type machine cookie from the plurality of locations being larger than a threshold length, determining a safety metric value for the session indicative of unsafe session.

16. A computer program product having a computer-readable storage medium storing computer-executable code for authenticating a user session, the code comprising:
- a session manager configured to;
  
  store one or more safe locations associated with a user account, each stored safe location having a location type;
  
  receive a request to create a session associated with the user account;
  
  identify a plurality of locations of different location types associated with a source of the request;
  
  an authentication manager configured to;
  
  determine that the request is authorized if a location associated with the request matches a stored safe location; and
  
  the session manager further configured to;
  
  responsive to determining that the request is authorized;
  
  create the requested session, andadd at least one of the locations associated with the source of the request to the stored one or more safe locations for the user account.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, wherein a location type is one of a geographical location, a device as indicated by a machine cookie, and a network address.
  - 18. The computer program product of claim 16, wherein the one or more stored safe locations comprise locations from where the user has created sessions determined to be safe in the past.
  - 19. The computer program product of claim 16, wherein the one or more stored safe locations comprise locations from where the user has created sessions determined to be safe in the past based on authentication provided by the user.
  - 20. The computer program product of claim 16, wherein the one or more stored safe locations comprise locations from where connections of the user in a social network have created sessions determined to be safe in the past, wherein a connection of the user is another user to whom the user has established a relationship in the social network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Keyami, Pedram, Palow, Christopher William, McGeehan, Ryan, Popov, Lev Timourovich, Read, Robert J.

Granted Patent

US 9,576,119 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/08   for authentication of entit...

H04L 63/107   wherein the security polici...

H04L 63/1483   service impersonation, e.g....

PREVENTING PHISHING ATTACKS BASED ON REPUTATION OF USER LOCATIONS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

102 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

PREVENTING PHISHING ATTACKS BASED ON REPUTATION OF USER LOCATIONS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others