Time-based function back-off

US 8,806,219 B2
Filed: 08/23/2006
Issued: 08/12/2014
Est. Priority Date: 08/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying a security token associated with a user;

receiving an authentication attempt in a log-in user interface at a client machine, the authentication attempt comprising a credential associated with the security token;

determining a time interval between the authentication attempt and a previous authentication attempt;

comparing the time interval to a reset time limit;

in response to the time interval being less than the reset time limit, maintaining, by the client machine, a number of authentication attempts in a counter;

determining that the authentication attempt has failed;

calculating, by a processing device of the client machine, using at least one of an exponential function or a linear function, a delay for accepting further authentication attempts associated with the security token in view of the number of authentication attempts;

determining whether the calculated delay exceeds a limit value;

reducing the calculated delay to the limit value in response to the calculated delay exceeding the limit value;

adding a wait time specified by the security token to the calculated delay to calculate a total delay for accepting further authentication attemptsdetecting, by the client machine, a removal of the security token from the client machine; and

in response to the removal, resetting, by the client machine, the number of authentication attempts in the counter.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment generally relates to a method of increasing user convenience. The method includes displaying a log-in user interface and receiving an authentication attempt in the log-in user interface. The method also includes determining a status of the authentication attempt and delaying a completion of an authentication attempt by a time-based function in response to a status being a failed authentication attempt.

Citations

26 Claims

1. A method comprising:
- identifying a security token associated with a user;
  
  receiving an authentication attempt in a log-in user interface at a client machine, the authentication attempt comprising a credential associated with the security token;
  
  determining a time interval between the authentication attempt and a previous authentication attempt;
  
  comparing the time interval to a reset time limit;
  
  in response to the time interval being less than the reset time limit, maintaining, by the client machine, a number of authentication attempts in a counter;
  
  determining that the authentication attempt has failed;
  
  calculating, by a processing device of the client machine, using at least one of an exponential function or a linear function, a delay for accepting further authentication attempts associated with the security token in view of the number of authentication attempts;
  
  determining whether the calculated delay exceeds a limit value;
  
  reducing the calculated delay to the limit value in response to the calculated delay exceeding the limit value;
  
  adding a wait time specified by the security token to the calculated delay to calculate a total delay for accepting further authentication attemptsdetecting, by the client machine, a removal of the security token from the client machine; and
  
  in response to the removal, resetting, by the client machine, the number of authentication attempts in the counter.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising logging in a user in response to the authentication attempt succeeding.
  - 3. The method of claim 1, further comprising calculating the delay in view of a time-based function, wherein the time-based function is an exponential function.
  - 4. The method of claim 3, wherein the exponential function comprises a base value and a variable is a number of authentication attempts.
  - 5. The method of claim 1, wherein calculating the delay comprises:
    - determining a number of authentication attempts; and
      
      determining the delay in view of the base value and the number of authentication attempts.
  - 6. The method of claim 1, further comprising:
    - in response to the time interval being greater than the reset time limit, resetting the number of authentication attempts in the counter.

7. A non-transitory machine-readable storage medium storing instructions which, when executed, cause a processing device to perform operations comprising:
- identifying a security token associated with a user;
  
  receiving an authentication attempt in a log-in user interface at a client machine, the authentication attempt comprising a credential associated with the security token;
  
  determining a time interval between the authentication attempt and a previous authentication attempt;
  
  comparing the time interval to a reset time limit;
  
  in response to the time interval being less than the reset time limit, maintaining, by the processing device of the client machine, a number of authentication attempts in a counter;
  
  determining by the processing device of the client machine that the authentication attempt has failed;
  
  calculating, by the processing device of the client machine, using at least one of an exponential function or a linear function, a delay for accepting further authentication attempts associated with the security token in view of the number of authentication attempts;
  
  determining whether the calculated delay exceeds a limit value;
  
  reducing the calculated delay to the limit value in response to the calculated delay exceeding the limit value;
  
  adding a wait time specified by the security token to the calculated delay to calculate a total delay for accepting further authentication attemptsdetecting, by the processing device of the client machine, a removal of the security token from the client machine; and
  
  in response to the removal, resetting, by the processing device of the client machine, the number of authentication attempts in the counter.
- View Dependent Claims (8)
- - 8. The non-transitory machine-readable storage medium of claim 7, wherein the operations further comprise:
    - in response to the time interval being greater than the reset time limit, resetting the number of authentication attempts in the counter.

9. A system comprising:
- a server to provide application and data services to a plurality of users;
  
  and at least one client comprising a processing device and a memory to store a delay module to interface with the server, wherein the delay module to;
  
  identify a security token associated with a user of the plurality of users;
  
  monitor a number of authentication attempts by the user for the at least one client, each of the authentication attempts comprising a credential associated with the security token;
  
  determine a time interval between a current authentication attempt and a previous authentication attempt;
  
  compare the time interval to a reset time limit;
  
  in response to the time interval being less than the reset time limit, maintain the number of authentication attempts in a counter;
  
  calculate, using at least one of an exponential function or a linear function, a delay for accepting further authentication attempts associated with the security token, wherein the delay is calculated in view of the number of authentication attempts;
  
  determine whether the calculated delay exceeds a limit value;
  
  reduce the calculated delay to the limit value in response to the calculated delay exceeding the limit value;
  
  add a wait time specified by the security token to the calculated delay to calculate a total delay for accepting further authentication attemptsdetect a removal of the security token from the client machine; and
  
  in response to the removal, reset the number of authentication attempts in the counter.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The system of claim 9, wherein the delay module is further to determine whether an authentication attempt has failed.
  - 11. The system of claim 10, wherein the delay module is further to increase the counter for a number of failed authentication attempts.
  - 12. The system of claim 11, wherein the time-based function is a linear function in view of the base value multiplied by the counter for the number of failed authentication attempts.
  - 13. The system of claim 9, further comprising calculating the delay by a time-based function, wherein the time-based function is a mathematical expression where an interval increases between successive values.
  - 14. The system of claim 9, wherein the time-based function is an exponential function.
  - 15. The system of claim 14, wherein the exponential function comprises the base value and a variable is the counter.
  - 16. The system of claim 9, wherein the at least one client is further to log in to the server in response to a valid authentication attempt.
  - 17. The system of claim 9, wherein the delay module is further to:
    - reset the number of authentication attempts in the counter in response to the time interval being greater than the reset time limit.

18. An apparatus, comprising:
- a memory to store a delay module, to interface with an existing log-in process executing on a computing platform of a client machine, and a counter to maintain a number of failed authentication attempts; and
  
  a processing device, operatively coupled to the memory, the processing device to execute the delay module to;
  
  identify a security token associated with a user;
  
  determine a time interval between a current authentication attempt and a previous authentication attempt, the current authentication attempt and the previous authentication attempt each comprising a credential associated with the security token;
  
  compare the time interval to a reset time limit;
  
  in response to the time interval being less than the reset time limit, maintain the number of failed authentication attempts in the counter;
  
  monitor each authentication attempt to determine whether the authentication attempt has failed;
  
  calculate, using at least one of an exponential function or a linear function, a delay for further authentication attempts associated with the security token in view of the number of failed authentication attempts in response to the authentication having failed;
  
  determine whether the calculated delay exceeds a limit value;
  
  reduce the calculated delay to the limit value in response to the calculated delay exceeding the limit value;
  
  adding a wait time specified by the security token to the calculated delay to calculate a total delay for accepting further authentication attemptsdetect a removal of the security token from the client machine; and
  
  in response to the removal, reset the number of authentication attempts in the counter.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The apparatus of claim 18, further comprising a counter to monitor a number of failed authentication attempts during a log-in procedure.
  - 20. The apparatus of claim 19, wherein the delay module is further to calculate the delay in view of the counter.
  - 21. The apparatus of claim 18, wherein the delay module is further to calculate the delay by a time-based function, wherein the time-based function is a mathematical expression where an interval increases between successive values.
  - 22. The apparatus of claim 21, wherein the time-based function is an exponential function.
  - 23. The apparatus of claim 21, wherein the time-based function is a linear function.
  - 24. The apparatus of claim 18, wherein the delay module resets after a user-specified length of time and no authentication attempts have occurred during the user-specified length of time.
  - 25. The apparatus of claim 18, wherein the delay module resets after a successful authentication attempt.
  - 26. The apparatus of claim 18, wherein the delay module is further to:
    - reset the number of failed authentication attempts in the counter in response to the time interval being greater than the reset time limit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Relyea, Robert, Lord, Robert B., Parkinson, Steven William
Primary Examiner(s)
Holder, Bradley
Assistant Examiner(s)
OLION, BRIAN L

Application Number

US11/466,691
Publication Number

US 20080072283A1
Time in Patent Office

2,911 Days
Field of Search

713182-186, 235/380, 726 2- 21, 726 27- 30
US Class Current

713/182
CPC Class Codes

G06F 21/31 User authentication

H04L 63/0853 using an additional device,...

Time-based function back-off

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Time-based function back-off

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links