RISK BASED BRUTE-FORCE ATTACK PREVENTION

US 20200134165A1
Filed: 10/28/2018
Published: 04/30/2020
Est. Priority Date: 10/28/2018
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method of reducing a probability for falsely classifying a legitimate authentication process conducted by a legitimate user as a password guessing attack, comprising:

using at least one processor for;

estimating a password guessing attack risk for an authentication process conducted by a user for accessing a secure service by performing the following for each of a plurality of failed access attempts in which the user provides incorrect authentication credentials;

calculate a risk score for a respective failed access attempt based on analysis of the incorrect authentication credentials provided during the respective failed access attempt;

update an authentication session score of the authentication process according to the calculated risk score; and

initiate at least one action in case the updated authentication session value exceeds at least one threshold value extracted from a security policy predefined for the secure service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computerized method of reducing a probability for falsely classifying a legitimate authentication process conducted by a legitimate user as a password guessing attack, comprising estimating a password guessing attack risk for an authentication process conducted by a user for accessing a secure service by performing the following for each of a plurality of failed access attempts in which the user provides incorrect authentication credentials: (1) calculate a risk score for a respective failed access attempt based on analysis of the incorrect authentication credentials provided during the respective failed access attempt and (2) update an authentication session score of the authentication process according to the calculated risk score and initiate one or more actions in case the updated authentication session value exceeds one or more threshold values extracted from a security policy predefined for the secure service.

11 Citations

14 Claims

1. A computer implemented method of reducing a probability for falsely classifying a legitimate authentication process conducted by a legitimate user as a password guessing attack, comprising:
- using at least one processor for;
  
  estimating a password guessing attack risk for an authentication process conducted by a user for accessing a secure service by performing the following for each of a plurality of failed access attempts in which the user provides incorrect authentication credentials;
  
  calculate a risk score for a respective failed access attempt based on analysis of the incorrect authentication credentials provided during the respective failed access attempt;
  
  update an authentication session score of the authentication process according to the calculated risk score; and
  
  initiate at least one action in case the updated authentication session value exceeds at least one threshold value extracted from a security policy predefined for the secure service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer implemented method of claim 1, wherein the authentication credentials comprising at least one member of a group consisting of:
    - a code, a password and a key.
  - 3. The computer implemented method of claim 1, wherein the password guessing attack comprising at least one member of a group consisting of:
    - a dictionary attack and a brute-force attack.
  - 4. The computer implemented method of claim 1, wherein the incorrect authentication credentials provided during each failed access attempt are stored for the duration of the authentication process.
  - 5. The computer implemented method of claim 1, wherein by default the risk score is set to a predefined maximum value.
  - 6. The computer implemented method of claim 5, wherein the risk score is set to zero in case the incorrect authentication credentials provided during the respective failed access attempt are identical to the incorrect authentication credentials provided in at least one previous failed access attempt during the current authentication process.
  - 7. The computer implemented method of claim 5, wherein the risk score is set to a predefined first value lower than the predefined maximum value in case the incorrect authentication credentials provided during the respective failed access attempt are identical to the incorrect authentication credentials provided in at least one previous failed access attempt during the current authentication process with the exception that the current incorrect authentication credentials are in a different character capitalization compared to the previous incorrect authentication credentials.
  - 8. The computer implemented method of claim 5, wherein the risk score is set to a predefined second value lower than the predefined maximum value in case a Levenshtein distance calculated between the incorrect authentication credentials provided during the respective failed access attempt are and the incorrect authentication credentials provided in a previous failed access attempt during the current authentication process is within a predefined distance threshold.
  - 9. The computer implemented method of claim 8, wherein in case a plurality of previous failed access attempts were conducted prior to the respective failed access attempt, the risk score is set to the predefined second value in case a maximum Levenshtein distance is within the predefined distance threshold, the maximum Levenshtein distance is a largest value of the Levenshtein distance calculated between the incorrect authentication credentials provided during the respective failed access attempt and each of the incorrect authentication credentials provided during the plurality of previous failed access attempts.
  - 10. The computer implemented method of claim 5, wherein the risk score is set to a predefined third value lower than the predefined maximum value in case the incorrect authentication credentials provided during the respective failed access attempt are identical to previously valid historical authentication credentials used by the user in the past for accessing the secure service.
  - 11. The computer implemented method of claim 1, wherein the at least one action is defined by the security policy predefined for the secure service, the at least one action is a member of a group consisting of:
    - instructing a permanent lock of access to the secure service for the user, instructing lock of access to the secure service for the user for a predefined time period and generating at least one notification message to the user.
  - 12. The computer implemented method of claim 1, further comprising adjusting the at least one threshold value according to authentication processes analytics generated based on analysis of a plurality of authentication processes conducted by a plurality of users attempting to access the secure service.
  - 13. The computer implemented method of claim 11, further comprising adjusting at least one of a predefined maximum value, a first predefined value, a second predefined value and a third predefined value according to the authentication processes analytics, wherein the predefined maximum value, the first predefined value, the second predefined value and the third predefined value are used for calculating the risk value for the incorrect authentication credentials provided during at least one failed access attempt.

14. A system for reducing a probability for falsely classifying a legitimate authentication process conducted by a legitimate user as a password guessing attack, comprising:
- a program store storing a code; and
  
  at least one processor coupled to the program store for executing the stored code, the code comprising;
  
  code instructions to estimate a password guessing attack risk for an authentication process conducted by a user for accessing a secure service by performing the following for each of a plurality of failed access attempts in which the user provides incorrect authentication credentials;
  
  calculate a risk score for a respective failed access attempt based on analysis of the incorrect authentication credentials provided during the respective failed access attempt;
  
  update an authentication session score of the authentication process according to the calculated risk score; and
  
  initiate at least one action in case the updated authentication session value exceeds at least one threshold value extracted from a security policy predefined for the secure service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Transmit Security Ltd. (Transmit Security, Inc.)
Original Assignee
Michael Boodaei
Inventors
BOODAEI, Michael

Granted Patent

US 11,048,792 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 21/45   Structures or tools for the...

G06F 21/554   involving event detection a...

G06F 21/604   Tools and structures for ma...

G06F 21/62   Protecting access to data v...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/083   using passwords cryptograph...

H04L 63/1466   Active attacks involving in...

H04L 63/20   for managing network securi...

H04L 63/308   retaining data, e.g. retain...

RISK BASED BRUTE-FORCE ATTACK PREVENTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

RISK BASED BRUTE-FORCE ATTACK PREVENTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links