Detection and tracking of unauthorized computer access attempts

US 8,880,435 B1
Filed: 10/26/2007
Issued: 11/04/2014
Est. Priority Date: 10/26/2007
Status: Active Grant

First Claim

Patent Images

1. A method of tracking unauthorized computer access attempts using honeytoken data, the method comprising:

storing, by a computing device, honeytoken data in a secure customer information database comprising authentic customer data of a financial institution;

identifying, by the computing device, a format of the authentic customer data of a financial institution;

saving, by a computing device, the honeytoken data in the same format as the identified authentic customer data in the secure customer information database, and wherein the honeytoken data is not associated with an existing customer of the financial institution;

identifying, by the computing device, a login attempt at a web site of the financial institution;

determining, by the computing device, that credentials used in the login attempt correspond to the honeytoken data;

based on the determination that the honeytoken data was used in the login attempt, providing, by the computing device, a user interface indicating that the credentials used in the login attempt are valid;

receiving, by the computing device, additional data via the web site of the financial institution relating to the login attempt; and

storing, by the computing device, the additional data relating to the login attempt.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

False honeytoken data is generated, stored, and disseminated to a criminal organization such as an online banking fraud ring. After dissemination of the data, access attempts using the false honeytoken data are identified at an online banking web server or other organization resource. Data associated with the fraudulent access attempt, such as a source IP address, physical address, or related customer account numbers, are retrieved and stored so that this data may be compiled, analyzed, and used for tracking fraud rings.

Citations

25 Claims

1. A method of tracking unauthorized computer access attempts using honeytoken data, the method comprising:
- storing, by a computing device, honeytoken data in a secure customer information database comprising authentic customer data of a financial institution;
  
  identifying, by the computing device, a format of the authentic customer data of a financial institution;
  
  saving, by a computing device, the honeytoken data in the same format as the identified authentic customer data in the secure customer information database, and wherein the honeytoken data is not associated with an existing customer of the financial institution;
  
  identifying, by the computing device, a login attempt at a web site of the financial institution;
  
  determining, by the computing device, that credentials used in the login attempt correspond to the honeytoken data;
  
  based on the determination that the honeytoken data was used in the login attempt, providing, by the computing device, a user interface indicating that the credentials used in the login attempt are valid;
  
  receiving, by the computing device, additional data via the web site of the financial institution relating to the login attempt; and
  
  storing, by the computing device, the additional data relating to the login attempt.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 22, 24)
- - 2. The method of claim 1, further comprising:
    - identifying an externally created software application configured to gather customer information; and
      
      making the honeytoken data available to the externally created software application.
  - 3. The method of claim 2, wherein making the honeytoken data available to the externally created software application comprises:
    - providing the honeytoken data to one or more of a phishing site, a pharming site, a vishing application, a Trojan horse program, and a keystroke logging program.
  - 4. The method of claim 2, wherein making the honeytoken data available comprises providing the honeytoken data to a third party that delivers the honeytoken data to the externally software application using a network source address that is not affiliated with the financial institution.
  - 5. The method of claim 1, further comprising:
    - storing by the computing device an initial availability date associated with the honeytoken data, before identifying the login attempt;
      
      determining an age of the honeytoken data based on a time associated with the login attempt and the initial availability date, after identifying the login attempt; and
      
      storing, by the computing device, the age of the honeytoken data with the additional data relating to the login attempt.
  - 6. The method of claim 1, further comprising creating a valid account within the secure customer information database corresponding to the honeytoken data that is not associated with a customer of the financial institution, wherein providing the user interface comprises providing online access to said valid account.
  - 7. The method of claim 6, wherein creating the valid account within the secure customer information database comprises:
    - creating a deposit-only account or an account with restricted access to money transfers and withdrawals within the secure customer information database.
  - 8. The method of claim 1, wherein the honeytoken data comprises one or more of a social security number, a customer account number, and network login credential information.
  - 22. The method of claim 1, wherein receiving the additional data received relating to the login attempt comprises:
    - determining a source Internet Protocol (IP) address associated with the login attempt; and
      
      receiving a financial account number received via user input after the login attempt.
  - 24. The method of claim 1, wherein providing the user interface comprises returning an alternative error message that does not indicate that the credentials used in the login attempt are invalid.

9. A computing device that detects and tracks unauthorized computer access attempts, the computing device comprising:
- a processor controlling at least some operations of the computing device; and
  
  a memory storing computer executable instructions that, when executed by the processor, causes the processor to perform the steps of;
  
  storing honeytoken data in a secure customer information database comprising authentic customer data of a financial institution;
  
  identifying a format of the authentic customer data of a financial institution;
  
  saving the honeytoken data in the same format as the identified authentic customer data in the secure customer information database, and wherein the honeytoken data is not associated with an existing customer of the financial institution;
  
  identifying a login attempt at a web site of the financial institution;
  
  determining that credentials used in the login attempt correspond to the honeytoken data;
  
  based on the determination that the honeytoken data was used in the login attempt, providing a user interface indicating that the credentials used in the login attempt are valid;
  
  receiving additional data via the web site of the financial institution relating to the login attempt; and
  
  storing the additional data relating to the login attempt.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 23, 25)
- - 10. The computing device of claim 9, the memory storing further computer executable instructions that, when executed by the processor, cause the processor to perform the steps of:
    - identifying an externally-created software application configured to gather customer information; and
      
      making the honeytoken data available to the externally created software application.
  - 11. The computing device of claim 10, wherein the externally-created software application comprises one or more of a phishing site, a pharming site, a vishing application, a Trojan horse program, and a keystroke logging program.
  - 12. The computing device of claim 10, wherein making the honeytoken data available comprises providing the honeytoken data to a third party that delivers the honeytoken data to the externally-created software application using a network source address that is not affiliated with the financial institution.
  - 13. The computing device of claim 9, the memory storing further computer executable instructions that, when executed by the processor, cause the processor to perform the steps of:
    - storing an initial availability date associated with the honeytoken data;
      
      determining an age of the honeytoken data based on a time associated with the login attempt and the initial availability date, after identifying the login attempt; and
      
      storing the age of the honeytoken data with the additional data relating to the login attempt.
  - 14. The computing device of claim 9, the memory storing further computer executable instructions that, when executed by the processor, cause the processor to perform the steps of:
    - creating a valid account within the financial institution corresponding to the honeytoken data that is not associated with a customer of the financial institution, wherein providing the user interface comprises providing online access to said valid account.
  - 15. The computing device of claim 14, wherein the valid account is a deposit-only account or an account with restricted access to money transfers and withdrawals.
  - 16. The computing device of claim 9, wherein the honeytoken data comprises one or more of a social security number, a customer account number, and network login credential information.
  - 23. The computing device of claim 9, wherein receiving the additional data received relating to the login attempt comprises:
    - determining a source Internet Protocol (IP) address of the login attempt; and
      
      receiving a financial account number received via user input after the login attempt.
  - 25. The computing device of claim 9, wherein providing the user interface comprises returning an alternative error message that does not indicate that the credentials used in the login attempt are invalid.

17. One or more non-transitory computer-readable media storing computer-executable instructions which, when executed on a computer system, causes the computer system to perform the steps of:
- storing honeytoken data in a secure customer information database comprising authentic customer data of a financial institution;
  
  identifying a format of the authentic customer data of a financial institution;
  
  saving the honeytoken data in the same format as the identified authentic customer data in the secure customer information database, and wherein the honeytoken data is not associated with an existing customer of the financial institution;
  
  identifying a login attempt at a web site of the financial institution;
  
  determining that credentials used in the login attempt correspond to the honeytoken data;
  
  based on the determination that the honeytoken data was used in the login attempt, providing a user interface indicating that the credentials used in the login attempt are valid;
  
  receiving additional data via the web site of the financial institution relating to the login attempt; and
  
  storing the additional data relating to the login attempt.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The non-transitory computer-readable media of claim 17, wherein the computer-executable instructions, when executed on the computer system, causes the computer system to perform the steps of:
    - identifying an externally-created software application configured to gather customer information; and
      
      making the honeytoken data available to the externally created software application.
  - 19. The non-transitory computer-readable media of claim 18, wherein the externally-created software application comprises one or more of a phishing site, a pharming site, a vishing application, a Trojan horse program, and a keystroke logging program.
  - 20. The non-transitory computer-readable media of claim 17, wherein the computer-executable instructions, when executed on the computer system, causes the computer system to perform the steps of:
    - storing an initial availability date associated with the honeytoken data, before identifying the login attempt;
      
      determining an age of the honeytoken data based on a time associated with the login attempt and the initial availability date, after identifying the login attempt; and
      
      storing the age of the honeytoken data with the additional data relating to the login attempt.
  - 21. The non-transitory computer-readable media of claim 17, wherein the honeytoken data comprises one or more of a social security number, a customer account number, and network login credential information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
He, Xu, Catlett, Sean K.
Primary Examiner(s)
Ravetti, Dante

Application Number

US11/924,686
Time in Patent Office

2,566 Days
Field of Search

705/75, 705/16, 705/21, 705/59, 705/71
US Class Current

705/75
CPC Class Codes

G06Q 20/10   specially adapted for elect...

G06Q 40/02   Banking, e.g. interest calc...

G06Q 50/26   Government or public servic...

H04L 63/1491   using deception as counterm...

Detection and tracking of unauthorized computer access attempts

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Detection and tracking of unauthorized computer access attempts

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links