System for detecting unauthorized account access
First Claim
1. A method for both authorizing access from a user device to an electronic account record stored at a computer authentication device, and for detecting attempted unauthorized access to said electronic account record, said method comprising the steps of:
- recording at said computer authentication device an plurality of access sequence numbers and an account profile consisting essentially of an account identification number and a user device identification number and associating said recorded account profile with said electronic account record at said computer authentication device;
independently recording at said user device the same plurality of access sequence numbers and said account profile;
selecting at said authentication device from among said plurality of access sequence numbers a first access sequence number and associating said first access sequence number with said electronic account record;
independently selecting at said user device the same first access sequence number and associating said first access sequence number with said account profile at said user device;
transmitting a request for electronic access to said electronic account record from said user device to said computer authentication device, wherein said request comprises said first access sequence number and said account profile;
receiving said request at said computer authentication device and comparing said first access sequence number and said account profile received from said user device with said first access sequence number and account profile associated with said electronic account record;
determining at said computer authorization device that said received first access sequence number and said associated first access sequence number are the equal or unequal;
authorizing access to said electronic account record when said determination is equal;
whether or not said first access sequence numbers are equal or unequal, independently selecting from said plurality a second access sequence number at said user device and replacing said first access sequence number with said second access sequence number;
only if said first access sequence numbers are equal, independently selecting from said plurality a second access sequence number at said computer authentication device and replacing said first associated access sequence number with said second access sequence number;
wherein said method for detecting attempted unauthorized access comprises the step of determining that said first access sequence number or said account profile received from said user device and said first sequence number or account profile associated with said electronic account record are unequal and reporting the unequal finding to an account holder, a user, the computer authorization device or the user device.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system for detecting unauthorized account access. The system may operate in conjunction with known methods of remote access authentication. The system provides a unique account for each authorized person (i.e., each user) and a system sequence number and a user sequence number for each account. For each access to the account, the system updates the system sequence number corresponding to that account to the next number in a preselected sequence, and the user updates the user sequence number in like manner. The preselected sequence comprises a sequence of pseudorandom numbers and the update comprises selecting the next pseudorandom number using a pseudorandom number generator, but the sequence number may be updated using other techniques, so long as the system and the user are both capable of performing the same updates. The system and the user perform a handshake process, to assure that the system updates the system sequence number, and the user updates the user sequence number, in synchrony. Normally, the system sequence number and the user sequence number will be the same, but when there is an authorized access by third party the system will update the system sequence number and the user will not update the user sequence number, causing the two sequence numbers to be unequal. When the two sequence numbers are unequal, when the user next accesses the account, the user is made aware that an unauthorized access has occurred.
145 Citations
14 Claims
-
1. A method for both authorizing access from a user device to an electronic account record stored at a computer authentication device, and for detecting attempted unauthorized access to said electronic account record, said method comprising the steps of:
-
recording at said computer authentication device an plurality of access sequence numbers and an account profile consisting essentially of an account identification number and a user device identification number and associating said recorded account profile with said electronic account record at said computer authentication device; independently recording at said user device the same plurality of access sequence numbers and said account profile; selecting at said authentication device from among said plurality of access sequence numbers a first access sequence number and associating said first access sequence number with said electronic account record; independently selecting at said user device the same first access sequence number and associating said first access sequence number with said account profile at said user device; transmitting a request for electronic access to said electronic account record from said user device to said computer authentication device, wherein said request comprises said first access sequence number and said account profile; receiving said request at said computer authentication device and comparing said first access sequence number and said account profile received from said user device with said first access sequence number and account profile associated with said electronic account record; determining at said computer authorization device that said received first access sequence number and said associated first access sequence number are the equal or unequal; authorizing access to said electronic account record when said determination is equal; whether or not said first access sequence numbers are equal or unequal, independently selecting from said plurality a second access sequence number at said user device and replacing said first access sequence number with said second access sequence number; only if said first access sequence numbers are equal, independently selecting from said plurality a second access sequence number at said computer authentication device and replacing said first associated access sequence number with said second access sequence number; wherein said method for detecting attempted unauthorized access comprises the step of determining that said first access sequence number or said account profile received from said user device and said first sequence number or account profile associated with said electronic account record are unequal and reporting the unequal finding to an account holder, a user, the computer authorization device or the user device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for detecting unauthorized access to an account at an authentication device, said method comprising the steps of:
-
recording a first sequence number and associating said sequence number with said account at the authentication device; recording a second sequence number at a location in a user device; transmitting a request from a user device to the authentication device, wherein said request comprises said second sequence number; controlling access to said account in response to the request for access by determining whether said first sequence number and said second sequence number are the same or different and allowing access only if the first sequence number and the second sequence number are the same; replacing said first sequence number with a third sequence number and associating said third sequence number with said account; transmitting said third sequence number to said location in said user device; and replacing said second sequence number in said location in said user device with said third sequence number.
-
Specification