Detecting Use of Compromised Security Credentials in Private Enterprise Networks
First Claim
1. A tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising:
- obtaining, with one or more processors, with a domain controller of a private computer network, a set of user-authentication credentials comprising a first username and a first password;
querying, with one or more processors, a distributed credential-monitoring application with a query requesting compromised credentials corresponding to the first username;
receiving, with one or more processors, query results including one or more passwords associated with the first username;
determining, with one or more processors, that at least some of the one or more passwords in the query results match the obtained first password;
in response to the determination, blocking, with one or more processors, with the domain controller, access to a first user account on the private computer network associated with the obtained first username and first password; and
in response to the determination, causing, with one or more processors, a first user associated with the first user account to be notified to reset the obtained first password.
2 Assignments
0 Petitions
Accused Products
Abstract
Provided is a process including: obtaining, with a domain controller of a private computer network, a set of user-authentication credentials comprising a first username and a first password; querying a distributed credential-monitoring application; receiving query results including one or more passwords associated with the first username; determining that at least some of the one or more passwords in the query results match the obtained first password; and in response to the determination, blocking, with the domain controller, access to a first user account on the private computer network associated with the obtained first username and first password.
17 Citations
20 Claims
-
1. A tangible, non-transitory, machine-readable medium storing instructions that when executed by one or more processors effectuate operations comprising:
-
obtaining, with one or more processors, with a domain controller of a private computer network, a set of user-authentication credentials comprising a first username and a first password; querying, with one or more processors, a distributed credential-monitoring application with a query requesting compromised credentials corresponding to the first username; receiving, with one or more processors, query results including one or more passwords associated with the first username; determining, with one or more processors, that at least some of the one or more passwords in the query results match the obtained first password; in response to the determination, blocking, with one or more processors, with the domain controller, access to a first user account on the private computer network associated with the obtained first username and first password; and in response to the determination, causing, with one or more processors, a first user associated with the first user account to be notified to reset the obtained first password. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method, comprising:
-
obtaining, with one or more processors, with a domain controller of a private computer network, a set of user-authentication credentials comprising a first username and a first password; querying, with one or more processors, a distributed credential-monitoring application with a query requesting compromised credentials corresponding to the first username; receiving, with one or more processors, query results including one or more passwords associated with the first username; determining, with one or more processors, that at least some of the one or more passwords in the query results match the obtained first password; in response to the determination, blocking, with one or more processors, with the domain controller, access to a first user account on the private computer network associated with the obtained first username and first password; and in response to the determination, causing, with one or more processors, a first user associated with the first user account to be notified to reset the obtained first password.
-
Specification