System and method for blocking unauthorized network log in using stolen password
First Claim
1. A method for selectively granting a user access to data, comprising:
- receiving, at an authentication server, communication that has been transferred, transparently to the user of a user computer, from an information server that is separate from the authentication server and in response to a valid user name and password being received by the information server, wherein the communication is with the user computer; and
at the authentication server, responsive to determining that a cookie previously deposited on the user computer includes a machine ID matching a test machine ID at the authentication server and a login key matching a test login key at the authentication server,transparently to the user of the user computer transferring communication with the user computer back to the information server that is configured to grant the user computer access to the data in response to communication with the user computer being transferred back to the information server; and
refreshing the login key on the user computer by depositing a new cookie on the user computer to replace the cookie, wherein the new cookie comprises the machine ID and a new login key.
4 Assignments
0 Petitions
Accused Products
Abstract
When a user successfully logs in to an information server such as an online banking server, an e-commerce server, or a VPN server, for greater security communication is transferred transparently to the user to an authentication server for additional authentication. The additional authentication can include comparing elements of a previously deposited cookie on the user computer to test elements, and if the elements, match, granting access and transparently transferring the user computer back to the information server. If the secondary authentication fails, however, the user may be asked questions as tertiary authentication, or a PIN code can be sent to the user'"'"'s cell phone, which PIN code can then be input on the user computer to gain access.
147 Citations
19 Claims
-
1. A method for selectively granting a user access to data, comprising:
-
receiving, at an authentication server, communication that has been transferred, transparently to the user of a user computer, from an information server that is separate from the authentication server and in response to a valid user name and password being received by the information server, wherein the communication is with the user computer; and at the authentication server, responsive to determining that a cookie previously deposited on the user computer includes a machine ID matching a test machine ID at the authentication server and a login key matching a test login key at the authentication server, transparently to the user of the user computer transferring communication with the user computer back to the information server that is configured to grant the user computer access to the data in response to communication with the user computer being transferred back to the information server; and refreshing the login key on the user computer by depositing a new cookie on the user computer to replace the cookie, wherein the new cookie comprises the machine ID and a new login key. - View Dependent Claims (2, 3, 4)
-
-
5. A system comprising:
-
an information server configured for transferring, transparently to a user of a user computer, communication with the user computer to an authentication server in response to determining that a user name and password received from the user computer are valid, wherein the authentication server is separate from the information server; and the authentication server configured for transferring, transparently to the user of the user computer, communication with the user computer back to the information server in response to determining that a cookie previously deposited on the user computer includes (i) a machine ID matching a test machine ID at the authentication server and (ii) a login key matching a test login key at the authentication server, the authentication server being further configured to refresh the login key on the user computer by depositing a new cookie on the user computer to replace the cookie in response to determining that the cookie previously deposited on the user computer includes (i) the machine ID matching the test machine ID at the authentication server and (ii) the login key matching the test login key at the authentication server, wherein the new cookie comprises the machine ID and a new login key, wherein the information server is configured for allowing the user computer to access data in response to the authentication server transferring communication with the user computer back to the information server. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An authentication system comprising:
-
a user computer; and an authentication server configured for; receiving communication that has been transferred, transparently to a user of the user computer, from an information server that is separate from the authentication server and in response to a valid user name and password being received by the information server, wherein the communication is with the user computer; and responsive to determining that a cookie previously deposited on the user computer includes (i) a machine ID matching a test machine ID at the authentication server and (ii) a login key matching a test login key at the authentication server, transparently to the user of the user computer transferring communication with the user computer back to the information server that is configured to grant the user computer access to the data in response to communication with the user computer being transferred back to the information server; and refreshing the login key on the user computer by depositing a new cookie on the user computer to replace the cookie, wherein the new cookie comprises the machine ID and a new login key. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification