Method and system for detection of clone authenticator
First Claim
1. A method of operating a data processing system to respond to potential use of a clone authenticator capable of mimicking behavior of a legitimate authenticator known to an authentication system of the data processing system, comprising:
- by the authentication system, engaging in a series of authentication operations, each authentication operation involving apparent use of the legitimate authenticator based on an authenticator identifier supplied to the authentication system therefor, each authentication operation including receiving and storing corresponding values of one or more authenticator variables that normally change in a known authenticator-specific way during the series of authentication operations; and
by the authentication system, for each of the authentication operations as a current authentication operation;
applying a risk analysis function to the stored values of the authenticator variables to generate a risk indicator signal indicating a level of risk that the clone authenticator is in use, the risk analysis function including detection of an abnormal change of the authenticator variables during the series of authentication operations; and
outputting the risk indicator signal to an access controller that operates, based on the level of risk indicated by the risk indicator signal, to selectively inhibit an otherwise successful current authentication operation involving apparent use of the legitimate authenticator,wherein each of the series of authentication operations is performed as part of a corresponding one of a series of separate accesses to a service provided by a service system of the data processing system, each authentication operation including a respective application of the risk analysis function and outputting of the risk indicator signal based on values of the authenticator variables received and stored over corresponding preceding authentication operations, and wherein the otherwise successful authentication operation selectively inhibited by the risk indicator signal is a most recent one of the series of authentication operations.
9 Assignments
0 Petitions
Accused Products
Abstract
A method includes engaging in authentication operations each involving apparent use of a legitimate authenticator. Values of one or more authenticator variables are received and stored, where the authenticator variable(s) normally change in a known authenticator-specific way during the authentication operations, such as being calculated from a monotonically increasing dynamic variable. A risk analysis function is applied to the stored values to generate a risk indicator signal indicating a level of risk that the clone authenticator is in use. The risk analysis function includes detection of an abnormal change of the authenticator variable(s), such as use of non-monotonic dynamic variable values. The risk indicator signal is output to an access controller that operates, based on the level of risk indicated by the risk indicator signal, to selectively inhibit an otherwise successful authentication operation involving apparent use of the legitimate authenticator.
9 Citations
24 Claims
-
1. A method of operating a data processing system to respond to potential use of a clone authenticator capable of mimicking behavior of a legitimate authenticator known to an authentication system of the data processing system, comprising:
-
by the authentication system, engaging in a series of authentication operations, each authentication operation involving apparent use of the legitimate authenticator based on an authenticator identifier supplied to the authentication system therefor, each authentication operation including receiving and storing corresponding values of one or more authenticator variables that normally change in a known authenticator-specific way during the series of authentication operations; and by the authentication system, for each of the authentication operations as a current authentication operation; applying a risk analysis function to the stored values of the authenticator variables to generate a risk indicator signal indicating a level of risk that the clone authenticator is in use, the risk analysis function including detection of an abnormal change of the authenticator variables during the series of authentication operations; and outputting the risk indicator signal to an access controller that operates, based on the level of risk indicated by the risk indicator signal, to selectively inhibit an otherwise successful current authentication operation involving apparent use of the legitimate authenticator, wherein each of the series of authentication operations is performed as part of a corresponding one of a series of separate accesses to a service provided by a service system of the data processing system, each authentication operation including a respective application of the risk analysis function and outputting of the risk indicator signal based on values of the authenticator variables received and stored over corresponding preceding authentication operations, and wherein the otherwise successful authentication operation selectively inhibited by the risk indicator signal is a most recent one of the series of authentication operations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An authentication system usable in a data processing system and operable to respond to potential use of a clone authenticator capable of mimicking behavior of a legitimate authenticator known to the authentication system, comprising:
-
one or more server computers each including one or more processors, memory, input/output circuitry, and interconnect circuitry coupling the processors, memory and input/output circuitry together, the input/output circuitry to be used to couple the server computers to other components of the data processing system including a service system with which the authentication system is to engage in authentication operations; and program instructions stored in the memory of the server computers and executable by the processors of the server computers to constitute an authentication controller and a risk analyzer, the authentication controller and risk analyzer being co-operative to; engage in a series of authentication operations, each authentication operation involving apparent use of the legitimate authenticator based on an authenticator identifier supplied to the authentication system therefor, each authentication operation including receiving and storing corresponding values of one or more authenticator variables that normally change in a known authenticator-specific way during the series of authentication operations; and for each of the authentication operations as a current authentication operation; (1) apply a risk analysis function to the stored values of the authenticator variables to generate a risk indicator signal indicating a level of risk that the clone authenticator is in use, the risk analysis function including detection of an abnormal change of the authenticator variables during the series of authentication operations; and (2) output the risk indicator signal to an access controller that operates, based on the level of risk indicated by the risk indicator signal, to selectively inhibit an otherwise successful current authentication operation involving apparent use of the legitimate authenticator, wherein each of the series of authentication operations is performed as part of a corresponding one of a series of separate accesses to a service provided by a service system of the data processing system, each authentication operation including a respective application of the risk analysis function and outputting of the risk indicator signal based on values of the authenticator variables received and stored over corresponding preceding authentication operations, and wherein the otherwise successful authentication operation selectively inhibited by the risk indicator signal is a most recent one of the series of authentication operations. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification