Using trusted communication channel to combat user name/password theft
First Claim
1. A method for using a trusted communication channel to combat user name/password theft, comprising the steps of:
- logging in a user to a trusted instant messaging system via a network connection, said instant message system comprising at least one trusted communication channel;
detecting an access attempt from an untrusted system;
making an immediate contact with said user via said trusted communication channel by way of an instant message when said access attempt from said untrusted system is first detected;
asking said user to confirm whether or not access via said untrusted system should be authorized by way of a return instant message; and
enabling or denying said access via said untrusted system in response to said confirmation.
8 Assignments
0 Petitions
Accused Products
Abstract
A technique for defining a system with enhanced trust is disclosed, in which an immediate contact is made with the user on the enhanced trust system when a compromise is first detected. The service contacts the compromised user and asks for confirmation of the results. As a result, the true user on the enhanced trust machine is able to preclude a login or preclude a password change. In a first embodiment of the invention, an enhanced trust machine is a machine where the user is currently logged in at the time that the less trusted machine attempts a login. A second embodiment of the invention comprehends an enhanced trust machine where the user has logged in repeatedly over a course of numerous weeks, as compared with a lesser trusted machine that the user has never logged into before and which is now asking for a change of the password.
-
Citations
52 Claims
-
1. A method for using a trusted communication channel to combat user name/password theft, comprising the steps of:
-
logging in a user to a trusted instant messaging system via a network connection, said instant message system comprising at least one trusted communication channel; detecting an access attempt from an untrusted system; making an immediate contact with said user via said trusted communication channel by way of an instant message when said access attempt from said untrusted system is first detected; asking said user to confirm whether or not access via said untrusted system should be authorized by way of a return instant message; and enabling or denying said access via said untrusted system in response to said confirmation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for determining if a system is a trusted system, comprising the steps of:
-
detecting an access attempt at an untrusted system; using an instant messaging system to make immediate contact with a user of a trusted system; asking said user for confirmation with regard to one or more actions to be taken in connection with said untrusted system; and precluding said one or more actions if said user refuses to provide affirmative conformation. - View Dependent Claims (15)
-
-
16. An apparatus for using enhanced trust to combat user name/password theft in a network, comprising:
-
a mechanism for detecting an access attempt from an untrusted system; an instant messaging system for making an immediate contact with a user of a trusted system via a network connection when said access attempt from said untrusted system is first detected; a mechanism for asking said user to confirm whether or not access via said untrusted system should be authorized; and a mechanism for enabling or denying said access via said untrusted system in response to said confirmation. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. An apparatus for determining if a system is a trusted system, comprising:
-
a mechanism for logging a user into a trusted instant messaging system via a network connection, said instant message system comprising at least one trusted communication channel; a mechanism for detecting an access attempt at an untrusted system; a means for making immediate contact with a user of a trusted system with the messaging system using the at least one trusted communication channel; a mechanism for asking said user for confirmation with regard to one or more actions to be taken in connection with said untrusted system; and a mechanism for precluding said one or more actions if said user refuses to provide affirmative conformation. - View Dependent Claims (30)
-
-
31. A method for using a trusted communication channel to combat user name/password theft, comprising the steps of:
-
detecting an access attempt from an untrusted system; making an immediate contact with a user of a trusted system when said access attempt from said untrusted system is first detected; asking said user to confirm whether or not access via said untrusted system should be allowed; and permitting or denying said access via said untrusted system in response to said confirmation developing experience with regard to work patterns of said user and an expectation that a particular system is used by said user, recording a history of number of times said user has logged in from a particular system; and storing evidence of said history, optionally signed by a service to preclude forgery. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. An apparatus for using enhanced trust to combat user name/password theft, comprising:
-
a mechanism for detecting an access attempt from an untrusted system; a messaging system for making an immediate contact with a user of a trusted system when said access attempt from said untrusted system is first detected; a mechanism for asking said user to confirm whether or not access via said untrusted system should be allowed; and a mechanism for permitting or denying said access via said untrusted system in response to said confirmation; a mechanism for developing experience with regard to work patterns of said user, and an expectation that a particular system is used by said user; a mechanism for recording a history of number of times said user has logged in from a particular system; and a storage means for storing evidence of said history, optionally signed by a service to preclude forgery. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
Specification