Method and system for detecting and preventing an intrusion in multiple platform computing environments
First Claim
1. An authentication intrusion detection system responsive to an attempted intrusion into a local computer system to which access is gained by prospective users entering a personal identifier followed by a secret authenticator, said authentication intrusion detection system comprising:
- a local computer system authenticator file communicating with said local computer system and having stored therein the secret authenticators corresponding to the personal identifiers entered by prospective users;
an authenticator broker system to intercept and redirect the identifier and secret authenticator of a prospective user from the local computer system;
an authenticator broker file communicating with said authenticator broker system and having stored therein the secret authenticators corresponding to the personal identifiers entered by the prospective users at the local computer system and stored in the local computer system authenticator file, whereby a prospective user can gain access to the local computer system when the authenticator entered by the prospective user matches the authenticator stored in said authenticator broker file; and
a decoy authenticator file communicating with the authenticator broker system to assign a decoy authenticator for the secret authenticator entered by the prospective user at the local computer system and stored in the local computer system authenticator file, wherein said decoy authenticator file is a mapping file and wherein a replacement identifier is randomly assigned by said mapping file for the identifier entered by the prospective user and intercepted by said authenticator broker system.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and a system by which to achieve authentication intrusion detection so as to effectively detect and prevent unauthorized access to and use of a local computer system, or the like, and take appropriate measures. The local system authentication process is redirected to an authenticator broker system (i.e. a secondary authentication system) that makes use of the local system authentication process paths and the local system authenticator file. The authenticator broker system includes an authenticator broker system file having stored therein secret authenticators of prospective users, a mapping file to assign a replacement identifier for the identifier entered by a particular user at the local system and redirected to the secondary system, and a decoy authenticator file to assign a decoy authenticator for the secret authenticator entered by the user and originally stored in the local system authentication file. It is the decoy authenticator that is captured and unknowingly used by the intruder to give away his or her presence. By way of example, the authenticator broker system may be a mainframe computer that is responsible for authentication and access control with respect to a local computer system.
56 Citations
12 Claims
-
1. An authentication intrusion detection system responsive to an attempted intrusion into a local computer system to which access is gained by prospective users entering a personal identifier followed by a secret authenticator, said authentication intrusion detection system comprising:
-
a local computer system authenticator file communicating with said local computer system and having stored therein the secret authenticators corresponding to the personal identifiers entered by prospective users; an authenticator broker system to intercept and redirect the identifier and secret authenticator of a prospective user from the local computer system; an authenticator broker file communicating with said authenticator broker system and having stored therein the secret authenticators corresponding to the personal identifiers entered by the prospective users at the local computer system and stored in the local computer system authenticator file, whereby a prospective user can gain access to the local computer system when the authenticator entered by the prospective user matches the authenticator stored in said authenticator broker file; and a decoy authenticator file communicating with the authenticator broker system to assign a decoy authenticator for the secret authenticator entered by the prospective user at the local computer system and stored in the local computer system authenticator file, wherein said decoy authenticator file is a mapping file and wherein a replacement identifier is randomly assigned by said mapping file for the identifier entered by the prospective user and intercepted by said authenticator broker system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for detecting a compromise by an intruder to a local computer system that requires authorized users to log onto the local computer system by means of successfully entering a personal identifier and a secret authenticator for purposes of user authentication, said method comprising the steps of:
-
intercepting the secret authenticator entered by the authorized user at the local computer system and forwarding the secret authenticator to an authenticator broker system; transmitting from the authenticator broker system to the local computer system a decoy password in substitution of the secret authenticator of the authorized user; and logging the authorized user onto the local computer system on the basis of the decoy password transmitted to the local computer system from the authenticator broker system; whereby an intruder who breaks into the local computer system will capture and enter the authorized user'"'"'s personal identifier and the decoy password substituted for the authorized user'"'"'s secret authenticator to be forwarded to the authenticator broker system by which to provide an indication that the local computer system has been compromised, and wherein the authorized user accesses a plurality of local computer systems, each local computer system being identified in a system identifier mapped to each decoy password and secret authenticator, and wherein the identification of a compromised local computer system is determined by the system identifier thereof. - View Dependent Claims (8, 9)
-
-
10. A method for detecting unauthorized access and an intrusion into a local computer to which access is gained by a user signing on with a local identifier and a secret authenticator to identify himself to the local computer, said method comprising the steps of:
-
transmitting the user'"'"'s local identifier and secret authenticator to an authentication broker system and associating the secret authenticator with a corresponding mapped identifier stored on the authentication broker system; verifying on the authentication broker system the mapped identifier with the secret authenticator to authenticate the user; retrieving a decoy authenticator and returning the decoy authenticator and the verification of the user to the local computer; assigning a random replacement identifier for the local identifier entered by the user during sign on; and associating the decoy authenticator with the local identifier at the local computer. - View Dependent Claims (11, 12)
-
Specification