System and method for blocking unauthorized network log in using stolen password

US 8,079,070 B2
Filed: 03/11/2005
Issued: 12/13/2011
Est. Priority Date: 07/15/2004
Status: Active Grant

First Claim

Patent Images

1. A method for selectively granting a user access to data, comprising:

receiving, at an authentication server, communication that has been transferred, transparently to the user of a user computer, from an information server that is separate from the authentication server and in response to a valid user name and password being received by the information server, wherein the communication is with the user computer; and

at the authentication server, responsive to determining that a cookie previously deposited on the user computer includes a machine ID matching a test machine ID at the authentication server and a login key matching a test login key at the authentication server,transparently to the user of the user computer transferring communication with the user computer back to the information server that is configured to grant the user computer access to the data in response to communication with the user computer being transferred back to the information server; and

refreshing the login key on the user computer by depositing a new cookie on the user computer to replace the cookie, wherein the new cookie comprises the machine ID and a new login key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When a user successfully logs in to an information server such as an online banking server, an e-commerce server, or a VPN server, for greater security communication is transferred transparently to the user to an authentication server for additional authentication. The additional authentication can include comparing elements of a previously deposited cookie on the user computer to test elements, and if the elements, match, granting access and transparently transferring the user computer back to the information server. If the secondary authentication fails, however, the user may be asked questions as tertiary authentication, or a PIN code can be sent to the user'"'"'s cell phone, which PIN code can then be input on the user computer to gain access.

147 Citations

19 Claims

1. A method for selectively granting a user access to data, comprising:
- receiving, at an authentication server, communication that has been transferred, transparently to the user of a user computer, from an information server that is separate from the authentication server and in response to a valid user name and password being received by the information server, wherein the communication is with the user computer; and
  
  at the authentication server, responsive to determining that a cookie previously deposited on the user computer includes a machine ID matching a test machine ID at the authentication server and a login key matching a test login key at the authentication server,transparently to the user of the user computer transferring communication with the user computer back to the information server that is configured to grant the user computer access to the data in response to communication with the user computer being transferred back to the information server; and
  
  refreshing the login key on the user computer by depositing a new cookie on the user computer to replace the cookie, wherein the new cookie comprises the machine ID and a new login key.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - responsive to determining that the machine ID does not match the test machine ID at the authentication server, performing an additional authentication.
  - 3. The method of claim 1, further comprising:
    - responsive to determining that the machine ID matches the test machine ID at the authentication server and the login key does not match the test login key at the authentication server, causing an account associated with the user to be disabled.
  - 4. The method of claim 2, wherein the additional authentication comprises:
    - causing a PIN code to be outputted to a wireless telephone number associated with the user; and
      
      receiving from the user computer the PIN code from the user obtained from a wireless telephone associated with the wireless telephone number.

5. A system comprising:
- an information server configured for transferring, transparently to a user of a user computer, communication with the user computer to an authentication server in response to determining that a user name and password received from the user computer are valid, wherein the authentication server is separate from the information server; and
  
  the authentication server configured for transferring, transparently to the user of the user computer, communication with the user computer back to the information server in response to determining that a cookie previously deposited on the user computer includes (i) a machine ID matching a test machine ID at the authentication server and (ii) a login key matching a test login key at the authentication server, the authentication server being further configured to refresh the login key on the user computer by depositing a new cookie on the user computer to replace the cookie in response to determining that the cookie previously deposited on the user computer includes (i) the machine ID matching the test machine ID at the authentication server and (ii) the login key matching the test login key at the authentication server, wherein the new cookie comprises the machine ID and a new login key,wherein the information server is configured for allowing the user computer to access data in response to the authentication server transferring communication with the user computer back to the information server.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
- - 6. The system of claim 5, wherein the authentication server is configured to deposit the new cookie on the user computer to replace the cookie without using software on the user computer.
  - 7. The system of claim 5, wherein the authentication server is further configured to cause a PIN code to be outputted to a wireless telephone number associated with the user in response to determining that the machine ID does not match the test machine ID at the authentication server.
  - 8. The system of claim 7, wherein the authentication server is further configured to transfer, transparently to the user of the user computer, communication with the user computer back to the information server in response to receiving the PIN code from the user computer.
  - 9. The system of claim 5, wherein the authentication server is further configured to disable an account associated with the user in response to determining that the machine ID matches the test machine ID and that the login key does not match the test login key.
  - 10. The system of claim 9, wherein the authentication server is configured to disable the account associated with the user by associating a flag with the account in a database.
  - 11. The system of claim 5, wherein the information server is at least one of:
    - an online banking server;
      
      an e-commerce server;
      
      ora virtual private network (VPN) server.
  - 12. The system of claim 5, wherein the authentication server is configured for:
    - allocating N>
      
      1 user computers to the user that are usable to access data,responsive to determining that at most N−
      
      1 user computers allocated to the user have previously accessed the server, generating a second new cookie and causing the second new cookie to be stored on the user computer, the second new cookie comprising (i) a second machine ID that is different from the machine ID and (ii) a second login key that is different than the login key.
  - 13. The system of claim 12, wherein the authentication server is configured for generating the second new cookie and causing the second new cookie to be stored on the user computer by:
    - outputting an email addressed to the user, the email comprising a hyperlink to a Web site at which the second new cookie is downloadable to the user computer for storage.

14. An authentication system comprising:
- a user computer; and
  
  an authentication server configured for;
  
  receiving communication that has been transferred, transparently to a user of the user computer, from an information server that is separate from the authentication server and in response to a valid user name and password being received by the information server, wherein the communication is with the user computer; and
  
  responsive to determining that a cookie previously deposited on the user computer includes (i) a machine ID matching a test machine ID at the authentication server and (ii) a login key matching a test login key at the authentication server,transparently to the user of the user computer transferring communication with the user computer back to the information server that is configured to grant the user computer access to the data in response to communication with the user computer being transferred back to the information server; and
  
  refreshing the login key on the user computer by depositing a new cookie on the user computer to replace the cookie, wherein the new cookie comprises the machine ID and a new login key.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The authentication system of claim 14, wherein the authentication server is configured to deposit the new cookie on the user computer to replace the cookie without using software on the user computer.
  - 16. The system of claim 14, wherein the authentication server is further configured to:
    - cause a PIN code to be outputted to a wireless telephone number associated with the user in response to determining that the machine ID does not match the test machine ID at the authentication server; and
      
      transfer, transparently to the user of the user computer, communication with the user computer back to the information server in response to receiving the PIN code from the user computer.
  - 17. The system of claim 14, wherein the information server is at least one of:
    - an online banking server;
      
      an e-commerce server;
      
      ora virtual private network (VPN) server.
  - 18. The system of claim 14, wherein the authentication server is configured for:
    - allocating N>
      
      1 user computers to the user that are usable to access data; and
      
      responsive to determining that at most N−
      
      1 user computers allocated to the user have previously accessed the server, generating a new cookie and causing the new cookie to be stored on the user computer, the new cookie comprising (i) a second machine ID that is different from the machine ID and (ii) a second login key that is different than the login key.
  - 19. The system of claim 18, wherein the authentication server is configured for generating the new cookie and causing the new cookie to be stored on the user computer by:
    - outputting an email addressed to the user, the email comprising a hyperlink to a Web site at which the new cookie is downloadable to the user computer for storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Anakam, Inc. (Equifax, Inc.)
Original Assignee
Anakam, Inc. (Equifax, Inc.)
Inventors
Camaisa, Allan, Samuelsson, Jonas
Primary Examiner(s)
Dinh, Minh
Assistant Examiner(s)
Okeke, Izunna

Application Number

US11/077,948
Publication Number

US 20060015743A1
Time in Patent Office

2,468 Days
Field of Search

726/2, 726/3, 726/5, 726/7, 726/10, 713/155, 713/168, 713/185, 709/219, 709/225, 709/229
US Class Current

726/10
CPC Class Codes

G06F 21/31   User authentication

H04L 63/083   using passwords cryptograph...

H04L 63/1441   Countermeasures against mal...

H04L 67/02   based on web technology, e....

System and method for blocking unauthorized network log in using stolen password

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

147 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for blocking unauthorized network log in using stolen password

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

147 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links