System and method for preventing large-scale account lockout
First Claim
1. A system for preventing large-scale account lockout, the system comprising:
- a processor;
a memory coupled to the processor, wherein the memory comprises program instructions executable by the processor to;
receive one or more access requests for access to a user account associated with a user, wherein each access request includes an authorization code;
provide a count that indicates a number of incorrect account access requests that have been received, wherein each incorrect access request is one of said one or more access requests indicating an incorrect authorization code;
in response to determining that the count has reached a warning threshold that specifies a plurality of incorrect account access requests have been received, the warning threshold being less than a lockout threshold;
contact the user through a registered communication channel to alert the user that the warning threshold has been reached, wherein the registered communication channel is a communication channel specified by the user prior to said receiving one or more access requests; and
to prevent an attacker from locking access to the user account, place the user account in a hold state such that additional correct and incorrect access requests for the user account that are received while the user account is in the hold state are rejected, the hold state being removable responsive to receipt of valid account verification information;
subsequent to contacting the user and while the user account is in the hold state, receive account verification information specified by the user after being alerted;
in response to determining the received account verification information is valid, remove the user account from the hold state; and
in response to determining that the count has reached the lockout threshold, lock access to the user account such that unlocking the user account requires a different set of verification information than is required to remove the user account from the hold state.
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments of a system and method for preventing large-scale account lockout are described. The system and method for preventing large-scale account lockout may include an account access control component configured to prevent fraudulent individuals from locking access to user accounts. The account access control component may lock access to an account after a lockout threshold is tripped. To prevent an account from being locked by fraudulent individuals, the account access control component may utilize a warning threshold. When the account access control component detects a number of incorrect authorization attempts equal to the warning threshold, the control component may perform various actions to prevent a fraudulent individual from locking an account holder'"'"'s account, including, but not limited to, contacting the account holder through a registered communication channel to inform the user that the warning threshold has been reached or placing the account holder'"'"'s account in a particular hold state.
66 Citations
21 Claims
-
1. A system for preventing large-scale account lockout, the system comprising:
-
a processor; a memory coupled to the processor, wherein the memory comprises program instructions executable by the processor to; receive one or more access requests for access to a user account associated with a user, wherein each access request includes an authorization code; provide a count that indicates a number of incorrect account access requests that have been received, wherein each incorrect access request is one of said one or more access requests indicating an incorrect authorization code; in response to determining that the count has reached a warning threshold that specifies a plurality of incorrect account access requests have been received, the warning threshold being less than a lockout threshold; contact the user through a registered communication channel to alert the user that the warning threshold has been reached, wherein the registered communication channel is a communication channel specified by the user prior to said receiving one or more access requests; and to prevent an attacker from locking access to the user account, place the user account in a hold state such that additional correct and incorrect access requests for the user account that are received while the user account is in the hold state are rejected, the hold state being removable responsive to receipt of valid account verification information; subsequent to contacting the user and while the user account is in the hold state, receive account verification information specified by the user after being alerted; in response to determining the received account verification information is valid, remove the user account from the hold state; and in response to determining that the count has reached the lockout threshold, lock access to the user account such that unlocking the user account requires a different set of verification information than is required to remove the user account from the hold state. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for preventing large-scale account lockout, the method comprising:
-
receiving one or more access requests for access to a user account associated with a user, wherein each access request includes an authorization code; providing a count that indicates a number of incorrect account access requests that have been received, wherein each incorrect access request is one of said one or more access requests indicating an incorrect authorization code; in response to determining that the count has reached a warning threshold that specifies a plurality of incorrect account access requests have been received, the warning threshold being less than a lockout threshold; contacting the user through a registered communication channel to alert the user that the warning threshold has been reached, wherein the registered communication channel is a communication channel specified by the user prior to said receiving one or more access requests; and to prevent an attacker from locking access to the user account, placing the user account in a hold state such that additional correct and incorrect access requests for the user account that are received while the user account is in the hold state are rejected, the hold state being removable responsive to receipt of valid account verification information; subsequent to contacting the user and while the user account is in the hold state, receiving account verification information specified by the user after being alerted; in response to determining the received account verification information is valid, removing the user account from the hold state; and providing a lock component configured to, in response to determining that the count has reached the lockout threshold, lock access to the user account such that unlocking the user account requires a different set of verification information than is required to remove the user account from the hold state. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium, comprising program instructions computer-executable to:
-
receive one or more access requests for access to a user account associated with a user, wherein each access request includes an authorization code; provide a count that indicates a number of incorrect account access requests that have been received, wherein each incorrect access request is one of said one or more access requests indicating an incorrect authorization code; in response to determining that the count has reached a warning threshold that specifies a plurality of incorrect account access requests have been received, the warning threshold being less than a lockout threshold; contact the user through a registered communication channel to alert the user that the warning threshold has been reached, wherein the registered communication channel is a communication channel specified by the user prior to said receiving one or more access requests; and to prevent an attacker from locking access to the user account, place the user account in a hold state such that additional correct and incorrect access requests for the user account that are received while the user account is in the hold state are rejected, the hold state being removable responsive to receipt of valid account verification information; subsequent to contacting the user and while the user account is in the hold state, receive account verification information specified by the user after being alerted; in response to determining the received account verification information is valid, remove the user account from the hold state; and provide a lock component configured to, in response to determining that the count has reached the lockout threshold, lock access to the user account such that unlocking the user account requires a different set of verification information than is required to remove the user account from the hold state. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification