Method and apparatus to facilitate individual and global lockouts to network applications
First Claim
1. A method to facilitate locking an adversary out of a network application, comprising:
- receiving at a server a request, including an authentication credential, to access the network application, wherein the authentication credential includes a user identifier and a specific network address of a user device;
if the user identifier has been locked out from the specific network address,denying access to the network application; and
if the authentication credential is valid, allowing access to the network application, otherwise,logging a failed attempt in the audit log,imposing a lockout for the user identifier from only the specific network address after a threshold number of failed attempts from the specific network address,if a threshold number of specific network addresses are locked out for the user identifier, imposing a global lockout for the user identifier, anddenying access to the network application.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that facilitates locking an adversary out of a network application. The system operates by receiving a request at a server, which includes an authentication credential, to access the network application. This authentication credential includes a user identifier associated with a user and an address of a user device. The system examines an audit log to determine if the user identifier has been locked out from the address of the user device. If so, the system denies access to the network application. Otherwise, the system checks the authentication credential for validity. If the authentication credential is valid, the system allows access to the network application. Otherwise, the system logs a failed attempt in the audit log and denies access to the network application. After a threshold number of failed attempts, the user identifier is locked out from the network address.
-
Citations
14 Claims
-
1. A method to facilitate locking an adversary out of a network application, comprising:
-
receiving at a server a request, including an authentication credential, to access the network application, wherein the authentication credential includes a user identifier and a specific network address of a user device; if the user identifier has been locked out from the specific network address, denying access to the network application; and if the authentication credential is valid, allowing access to the network application, otherwise, logging a failed attempt in the audit log, imposing a lockout for the user identifier from only the specific network address after a threshold number of failed attempts from the specific network address, if a threshold number of specific network addresses are locked out for the user identifier, imposing a global lockout for the user identifier, and denying access to the network application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method to facilitate locking an adversary out of a network application, the method comprising:
-
receiving at a server a request, including an authentication credential, to access the network application, wherein the authentication credential includes a user identifier and a specific network address of a user device; if the user identifier has been locked out from the specific network address, denying access to the network application; and if the authentication credential is valid, allowing access to the network application, otherwise, logging a failed attempt in the audit log, imposing a lockout for the user identifier from only the specific network address after a threshold number of failed attempts from the specific network address, if a threshold number of network addresses are locked out for the user identifier, imposing a global lockout for the user identifier, and denying access to the network application. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification