Detection method of illegal access to computer system

US 6,202,158 B1
Filed: 04/10/1998
Issued: 03/13/2001
Est. Priority Date: 04/11/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A detection method of an illegal access to a computer system, comprising the steps of:

a) collating user identification information inputted from an input unit in one or more log-in operations with user authentication information registered in said computer system;

b) detecting the number of times that said identification information is not coincident with said authentication information in a series of log-in operations within a predetermined term;

c) obtaining final log-in information indicating whether said identification information is coincident with said authentication information or not in a final log-in operation; and

d) comparing said number of times in respect to the incoincidence and said final log-in information with a predetermined judgment standard to thereby detect the presence of the illegal access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A detection method of an illegal access to a computer system includes a step a) of collating user identification information inputted from an input unit in one or more log-in operations with user authentication information registered in the computer system, a step b) of detecting the number of times that the identification information is not coincident with the authentication information in a series of log-in operations within a predetermined term, a step c) of obtaining final log-in information indicating whether the identification information is coincident with the authentication information or not in a final log-in operation, and a step d) of comparing the number of times in respect to the incoincidence and the final log-in information with a predetermined judgment standard to thereby detect the presence of the illegal access.

117 Citations

16 Claims

1. A detection method of an illegal access to a computer system, comprising the steps of:
- a) collating user identification information inputted from an input unit in one or more log-in operations with user authentication information registered in said computer system;
  
  b) detecting the number of times that said identification information is not coincident with said authentication information in a series of log-in operations within a predetermined term;
  
  c) obtaining final log-in information indicating whether said identification information is coincident with said authentication information or not in a final log-in operation; and
  
  d) comparing said number of times in respect to the incoincidence and said final log-in information with a predetermined judgment standard to thereby detect the presence of the illegal access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, wherein when a plurality of events for accessing have been occurred and the latest event is determined to be one event included in a series of preceding events in consideration of a time information and user authentification information, those events are reported together as one event with a warning so as to reduce the number of warnings to be monitored by a user.
  - 3. A method according to claim 1, further comprising the step of setting said predetermined term for each log-in operation when there are a plurality of log-in operations.
  - 4. A method according to claim 3, wherein said series of log-in operations is defined to include log-in operations performed until the final log-in operation is successful or until the number of times of failures in the log-in operations within said predetermined term does not reach a predetermined value while successively shifting said predetermined term every log-in operation.
  - 5. A method according to claim 3, wherein it is judged that there is an illegal access when it is detected that the number of times in respect to the incoincidence reaches a predetermined number of times in said series of log-in operations within said predetermined term and said final log-in information represents the incoincidence.
  - 6. A method according to claim 5, wherein said computer system includes a plurality of user computers and a managing computer connected to said user computers through a communication network for managing said user computers, and said user computer performs said steps a), b), c) and d) each time the log-in operation is performed to transfer judgment result of said step d) to said managing computer through said communication network.
  - 7. A method according to claim 5, wherein said computer system includes a plurality of user computers, a managing computer for managing said user computers and a communication network connecting said plurality of user computers and said managing computer, and said user computer performs said steps a), b) and c) to transfer result information of said steps a), b) and c) relative to all of log-in operations through said communication network to said managing computer, which performs said step d) on the basis of said transferred information.
  - 8. A method according to claim 7, wherein when an illegal access is detected in said step d), a processing program to be next executed is transferred through said communication network to said user computer in which said illegal access is made and said user computer performs said processing program.
  - 9. A method according to claim 8, wherein said processing program to be next executed includes processing for limiting or invalidating use of said user authentication information registered in said computer system.
  - 10. A method according to claim 7, further comprising the step of displaying said plurality of user computers connected to said managing computer in a picture screen of a display unit by means of an icon image and displaying in said display screen, when an illegal access is detected in said step d), a user computer in which said illegal access is made so that said user computer can be specified.

11. A computer program product comprising:
- a computer usable medium having computer readable program code means embodied in said computer usable medium for detecting an illegal access to a computer system, said computer readable program code means comprising;
  
  means for collating user identification information inputted from an input unit in one or more log-in operations with user authentication information registered in said computer system;
  
  means for detecting a number of times that said user identification information is not coincident with said user authentication information in a series of log-in operations within a predetermined time;
  
  means for obtaining final log-in information indicating whether said identification information is coincident with said authentication information in a final log-in operation; and
  
  means for comparing the number of times with respect to the incoincidence and said final log-in information with a predetermined judgment standard to thereby detect the presence of the illegal access.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. A computer program product according to claim 11, wherein said series of log-in operations is defined to include log-in operations performed until the final log-in operation is successful or until the number of times of failures in the log-in operations within said predetermined time does not reach a predetermined value while successively shifting said predetermined time every log-in operation.
  - 13. A computer program product according to claim 11, wherein said illegal access is detected when the number of times with respect to the incoincidence reaches a predetermined number of times in said series of log-in operations within said predetermined time and said final log-in information represents the incoincidence.
  - 14. A computer program product according to claim 11, wherein said computer system includes a plurality of user computers, and a managing computer connected to said user computers through a communication network for managing said user computers.
  - 15. A computer program product according to claim 14, wherein said computer readable program code means further comprises means for enabling a visual display of said plurality of user computers connected to said managing computer on a display screen by means of an icon image, when said illegal access is detected.
  - 16. A computer program product according to claim 11, wherein said computer readable program code means further comprises means for enabling a visual display of said plurality of user computers connected to said managing computer on a display screen by means of an icon image, when said illegal access is detected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi Information Networks Limited, Hitachi, Ltd.
Original Assignee
Hitachi Information Networks Limited, Hitachi, Ltd.
Inventors
Morita, Shinji, Miyazaki, Satoshi, Hirata, Toshiaki, Yamada, Mitsugu, Urano, Akihiro, Fujino, Shuji, Morikawa, Kazuyoshi, Niimura, Miki
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Bonzo, Bryce P.

Application Number

US09/058,177
Time in Patent Office

1,068 Days
Field of Search

713/200, 713/201, 713/202, 709/225, 380/4
US Class Current

726/22
CPC Class Codes

G06F 21/316 by observing the pattern of...

G06F 2221/2111 Location-sensitive, e.g. ge...

Detection method of illegal access to computer system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

117 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Detection method of illegal access to computer system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

117 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links