Please download the dossier by clicking on the dossier button x
×

Account hijacking counter-measures

  • US 8,707,407 B2
  • Filed: 02/04/2009
  • Issued: 04/22/2014
  • Est. Priority Date: 02/04/2009
  • Status: Active Grant
First Claim
Patent Images

1. A method for authenticating a user prior to providing access to a user'"'"'s account, the user'"'"'s account being accessible via a sign-in page upon verifying a user'"'"'s credentials, comprising:

  • determining that a device is accessing the sign-in page;

    obtaining an identifier associated with the device accessing the sign-in page;

    determining that the identifier associated with the device accessing the sign-in page is not associated with a trusted device;

    identifying personal information data of at least one person other than the user contained in the user'"'"'s account wherein the personal information data of the at least one person other than the user contained in the user'"'"'s account includes at least one of the following;

    a sender email address for at least one person other than the user as a sender, a recipient email address for at least one person other than the user as a recipient, contact information for at least one person other than the user stored in an address book, and a calendar invitee associated with a calendar event;

    upon verifying the user'"'"'s credentials, generating at least one security question based on the personal information data of the at least one person other than the user randomly selected from the user'"'"'s account wherein the step of generating at least one security question comprises the steps of;

    accessing the address book;

    selecting at least one contact name for at least one person other than the user from the address book;

    generating at least one fictitious contact name;

    presenting the at least one contact name for at least one person other than the user selected from the address book and the at least one fictitious contact name to the user via an interface; and

    requesting the user to select only the at least one contact name for at least one person other than the user selected from the address book; and

    providing the at least one security question to the user via a user interface, wherein the user is required to correctly answer the at least one security question in order to access the user'"'"'s account.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×