Account hijacking counter-measures

US 8,707,407 B2
Filed: 02/04/2009
Issued: 04/22/2014
Est. Priority Date: 02/04/2009
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user prior to providing access to a user'"'"'s account, the user'"'"'s account being accessible via a sign-in page upon verifying a user'"'"'s credentials, comprising:

determining that a device is accessing the sign-in page;

obtaining an identifier associated with the device accessing the sign-in page;

determining that the identifier associated with the device accessing the sign-in page is not associated with a trusted device;

identifying personal information data of at least one person other than the user contained in the user'"'"'s account wherein the personal information data of the at least one person other than the user contained in the user'"'"'s account includes at least one of the following;

a sender email address for at least one person other than the user as a sender, a recipient email address for at least one person other than the user as a recipient, contact information for at least one person other than the user stored in an address book, and a calendar invitee associated with a calendar event;

upon verifying the user'"'"'s credentials, generating at least one security question based on the personal information data of the at least one person other than the user randomly selected from the user'"'"'s account wherein the step of generating at least one security question comprises the steps of;

accessing the address book;

selecting at least one contact name for at least one person other than the user from the address book;

generating at least one fictitious contact name;

presenting the at least one contact name for at least one person other than the user selected from the address book and the at least one fictitious contact name to the user via an interface; and

requesting the user to select only the at least one contact name for at least one person other than the user selected from the address book; and

providing the at least one security question to the user via a user interface, wherein the user is required to correctly answer the at least one security question in order to access the user'"'"'s account.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing an additional layer of authentication prior to accessing a user'"'"'s account even though the user'"'"'s credentials have previously been verified. User accounts are often accessed via a sign-in page that verifies the user'"'"'s credentials. Upon detecting a device accessing the sign-in page, an identifier associated with the device is obtained. One such type of identifier is the IP address assigned to the device. Based on the identifier, it is determined whether the device is trusted or not. Even thought the user'"'"'s credentials are verified via the sign-in page, if the device is not trusted, a second authentication page is presented to the user prior to proceeding to the account. The second authentication page presents at least one security question. The security question is based on information contained in the user'"'"'s account (e.g., contact information, event information, electronic messages, etc.). The user is required to correctly answer the security question in order to access the account.

Citations

11 Claims

1. A method for authenticating a user prior to providing access to a user'"'"'s account, the user'"'"'s account being accessible via a sign-in page upon verifying a user'"'"'s credentials, comprising:
- determining that a device is accessing the sign-in page;
  
  obtaining an identifier associated with the device accessing the sign-in page;
  
  determining that the identifier associated with the device accessing the sign-in page is not associated with a trusted device;
  
  identifying personal information data of at least one person other than the user contained in the user'"'"'s account wherein the personal information data of the at least one person other than the user contained in the user'"'"'s account includes at least one of the following;
  
  a sender email address for at least one person other than the user as a sender, a recipient email address for at least one person other than the user as a recipient, contact information for at least one person other than the user stored in an address book, and a calendar invitee associated with a calendar event;
  
  upon verifying the user'"'"'s credentials, generating at least one security question based on the personal information data of the at least one person other than the user randomly selected from the user'"'"'s account wherein the step of generating at least one security question comprises the steps of;
  
  accessing the address book;
  
  selecting at least one contact name for at least one person other than the user from the address book;
  
  generating at least one fictitious contact name;
  
  presenting the at least one contact name for at least one person other than the user selected from the address book and the at least one fictitious contact name to the user via an interface; and
  
  requesting the user to select only the at least one contact name for at least one person other than the user selected from the address book; and
  
  providing the at least one security question to the user via a user interface, wherein the user is required to correctly answer the at least one security question in order to access the user'"'"'s account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as recited in claim 1, wherein the step of obtaining an identifier associated with a device comprises:
    - obtaining an internet protocol address associated with the device accessing the sign-in page.
  - 3. The method as recited in claim 1, wherein the step of obtaining an identifier associated with a device comprises the step of:
    - obtaining a device identification associated with the device accessing the sign-in page.
  - 4. The method as recited in claim 1, wherein the step of obtaining an identifier associated with a device comprises the step of:
    - determining a geographical location associated with the device accessing the sign-in page.
  - 5. The method as recited in claim 2, wherein the step of determining that the identifier associated with the device accessing the sign-in page is not associated with a trusted device comprises the steps of:
    - accessing a known bot database, wherein the known bot database contains a list of internet protocol addresses that have been associated with a bot;
      
      comparing the internet protocol address associated with the device accessing the sign-in page with the list contained in the know bot database; and
      
      determining that the internet protocol address associated with the device accessing the sign-in page is located on the list.
  - 6. The method as recited in claim 2, wherein the step of determining that the identifier associated with the device accessing the sign-in page is not associated with a trusted device comprises the steps of:
    - accessing a database containing internet protocol addresses associated with devices that have been associated with successfully accessing the user'"'"'s account;
      
      comparing the internet protocol address associated with the device accessing the sign-in page with the internet protocol addresses contained in the database; and
      
      determining that the internet protocol address associated with the device accessing the sign-in page is not located in the trusted device database.
  - 7. The method as recited in claim 1, further comprising:
    - if the security question is answered incorrectly, limiting access to the user'"'"'s account.
  - 8. The method of claim 7 wherein limiting the access to the user'"'"'s account further comprises granting read-only access to the user.

9. A method for authenticating a user prior to providing access to a user'"'"'s account, the user'"'"'s account being accessible via a sign-in page upon verifying a user'"'"'s credentials, comprising:
- determining that a device is accessing the sign-in page;
  
  obtaining an identifier associated with the device accessing the sign-in page;
  
  determining that the identifier associated with the device accessing the sign-in page is not associated with a trusted device;
  
  identifying personal information data of at least one person other than the user contained in the user'"'"'s account wherein the personal information data of the at least one person other than the user contained in the user'"'"'s account includes at least one of the following;
  
  a sender email address for at least one person other than the user as a sender, a recipient email address for at least one person other than the user as a recipient, contact information for at least one person other than the user stored in an address book, and a calendar invitee associated with a calendar event;
  
  upon verifying the user'"'"'s credentials, generating at least one security question based on the personal information data of the at least one person other than the user randomly selected from the user'"'"'s account wherein the step of generating at least one security question comprises the steps of;
  
  accessing electronic messages received by the user, wherein each electronic message received by the user includes a header containing a sender name of at least one person other than the user and a subject line;
  
  selecting at least one electronic message received by the user;
  
  obtaining the subject line from the header of each of the at least one selected electronic messages;
  
  generating at least one fictitious subject line;
  
  presenting the subject line obtained from the header of each of the selected electronic messages and the subject line from each one of the at least one fictitious subject lines to the user; and
  
  requesting the user to select only the subject lines from electronic message actually received by the user; and
  
  providing the at least one security question to the user via a user interface, wherein the user is required to correctly answer the at least one security question in order to access the user'"'"'s account.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9 wherein obtaining an identifier associated with the device accessing the sign-in page further comprisesobtaining at least one of the following identifiers associated with the device accessing the sign-in page:
    - Internet Protocol address, device identification, geographical location, subnet, network access identifier, and autonomous system number.
  - 11. The method of claim 10 determining that the identifier associated with the device accessing the sign-in page is not associated with a trusted device further comprisesidentifying the Internet Protocol address associated with the device accessing the sign-in page;
    - accessing a database containing Internet Protocol addresses previously associated with the user'"'"'s account;
      
      comparing the Internet Protocol address associated with the device accessing the sign-in page with the Internet Protocol addresses contained in the database; and
      
      determining that the Internet Protocol address associated with the device accessing the sign-in page is not located in the database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Craddock, Richard S., Vitaldevara, Krishna C.
Primary Examiner(s)
Gelagay, Shewaye

Application Number

US12/365,575
Publication Number

US 20100199338A1
Time in Patent Office

1,903 Days
Field of Search

None
US Class Current

726/7
CPC Class Codes

G06F 21/31   User authentication

G06F 21/40   by quorum, i.e. whereby two...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

Account hijacking counter-measures

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Account hijacking counter-measures

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links