Method and apparatus for detecting password attacks using modeling techniques

US 7,386,892 B2
Filed: 07/17/2003
Issued: 06/10/2008
Est. Priority Date: 07/17/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method of detecting intrusion attempts on a computing system, comprising:

creating a first mapping profile of a valid password, wherein the valid password is entered on a keyboard and the first mapping profile is dependent upon characters of the valid password;

storing the mapping profile in memory;

creating a second mapping profile of an entered password, wherein the entered password is entered on the keyboard and the second mapping profile is dependent upon characters of the entered password;

calculating a profile score by comparing the first mapping profile to the second mapping profile;

comparing the profile score to a threshold value; and

classifying the entered profile into one of two or more security classifications based upon the comparison between the profile score and the threshold value; and

wherein the first mapping and the second mapping each comprise;

comparing successive characters of the respective password;

assigning a value to each pair of successive characters based upon a keyboard characteristic corresponding to the pair of successive characters; and

generating a password mapping for the respective password based upon the assigned values andwherein the keyboard characteristic is the distance between keys of the keyboard representing the pair of characters.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is an apparatus and method for detecting fraudulent passwords so that computer break-in attempts can be distinguished from authorized users incorrectly entering their passwords. An actual password is mapped against a computer keyboard and the resultant data is stored in memory. The profile of an entered password is compared to the stored profile. If the profile of the entered password differs significantly from the stored profile, then the login attempt is flagged as an attempted intrusion. In one embodiment of the current invention, passwords are mapped according to the distance subsequent keystrokes are from each other. Different embodiments may have different mapping schemes. For example, mapping data may correspond to statistical data that corresponds to the likelihood that a particular character is typed by mistake when another character is intended.

37 Citations

View as Search Results

5 Claims

1. A method of detecting intrusion attempts on a computing system, comprising:
- creating a first mapping profile of a valid password, wherein the valid password is entered on a keyboard and the first mapping profile is dependent upon characters of the valid password;
  
  storing the mapping profile in memory;
  
  creating a second mapping profile of an entered password, wherein the entered password is entered on the keyboard and the second mapping profile is dependent upon characters of the entered password;
  
  calculating a profile score by comparing the first mapping profile to the second mapping profile;
  
  comparing the profile score to a threshold value; and
  
  classifying the entered profile into one of two or more security classifications based upon the comparison between the profile score and the threshold value; and
  
  wherein the first mapping and the second mapping each comprise;
  
  comparing successive characters of the respective password;
  
  assigning a value to each pair of successive characters based upon a keyboard characteristic corresponding to the pair of successive characters; and
  
  generating a password mapping for the respective password based upon the assigned values andwherein the keyboard characteristic is the distance between keys of the keyboard representing the pair of characters.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein at least one of the security classifications represents an intrusion attempt on the computing system.
  - 3. The method of claim 1, wherein the second mapping further comprises:
    - comparing the valid password to the entered password; and
      
      determining when a pair of characters in the entered password are a transposition of a corresponding pair of letters in the valid password; and
      
      , when there is a transposition, adjusting the profile score.
  - 4. The method of claim 1, wherein the computing system is a personal computer.
  - 5. The method of claim 1, wherein the computing system is a telephone voice response system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Gilfix, Michael, Okunseinde, Foluso Olaiya, Stading, Tyron Jerrod
Primary Examiner(s)
Moazzami, Nasser
Assistant Examiner(s)
Hoffman, Brandon S

Application Number

US10/621,928
Publication Number

US 20050015614A1
Time in Patent Office

1,790 Days
Field of Search

None
US Class Current

726/28
CPC Class Codes

G06F 21/31 User authentication

Method and apparatus for detecting password attacks using modeling techniques

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for detecting password attacks using modeling techniques

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links