Detection and tracking of unauthorized computer access attempts
First Claim
Patent Images
1. A method of tracking unauthorized computer access attempts using honeytoken data, the method comprising:
- storing, by a computing device, honeytoken data in a secure customer information database comprising authentic customer data of a financial institution;
identifying, by the computing device, a format of the authentic customer data of a financial institution;
saving, by a computing device, the honeytoken data in the same format as the identified authentic customer data in the secure customer information database, and wherein the honeytoken data is not associated with an existing customer of the financial institution;
identifying, by the computing device, a login attempt at a web site of the financial institution;
determining, by the computing device, that credentials used in the login attempt correspond to the honeytoken data;
based on the determination that the honeytoken data was used in the login attempt, providing, by the computing device, a user interface indicating that the credentials used in the login attempt are valid;
receiving, by the computing device, additional data via the web site of the financial institution relating to the login attempt; and
storing, by the computing device, the additional data relating to the login attempt.
1 Assignment
0 Petitions
Accused Products
Abstract
False honeytoken data is generated, stored, and disseminated to a criminal organization such as an online banking fraud ring. After dissemination of the data, access attempts using the false honeytoken data are identified at an online banking web server or other organization resource. Data associated with the fraudulent access attempt, such as a source IP address, physical address, or related customer account numbers, are retrieved and stored so that this data may be compiled, analyzed, and used for tracking fraud rings.
-
Citations
25 Claims
-
1. A method of tracking unauthorized computer access attempts using honeytoken data, the method comprising:
-
storing, by a computing device, honeytoken data in a secure customer information database comprising authentic customer data of a financial institution; identifying, by the computing device, a format of the authentic customer data of a financial institution; saving, by a computing device, the honeytoken data in the same format as the identified authentic customer data in the secure customer information database, and wherein the honeytoken data is not associated with an existing customer of the financial institution; identifying, by the computing device, a login attempt at a web site of the financial institution; determining, by the computing device, that credentials used in the login attempt correspond to the honeytoken data; based on the determination that the honeytoken data was used in the login attempt, providing, by the computing device, a user interface indicating that the credentials used in the login attempt are valid; receiving, by the computing device, additional data via the web site of the financial institution relating to the login attempt; and storing, by the computing device, the additional data relating to the login attempt. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 22, 24)
-
-
9. A computing device that detects and tracks unauthorized computer access attempts, the computing device comprising:
-
a processor controlling at least some operations of the computing device; and a memory storing computer executable instructions that, when executed by the processor, causes the processor to perform the steps of; storing honeytoken data in a secure customer information database comprising authentic customer data of a financial institution; identifying a format of the authentic customer data of a financial institution; saving the honeytoken data in the same format as the identified authentic customer data in the secure customer information database, and wherein the honeytoken data is not associated with an existing customer of the financial institution; identifying a login attempt at a web site of the financial institution; determining that credentials used in the login attempt correspond to the honeytoken data; based on the determination that the honeytoken data was used in the login attempt, providing a user interface indicating that the credentials used in the login attempt are valid; receiving additional data via the web site of the financial institution relating to the login attempt; and storing the additional data relating to the login attempt. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 23, 25)
-
-
17. One or more non-transitory computer-readable media storing computer-executable instructions which, when executed on a computer system, causes the computer system to perform the steps of:
-
storing honeytoken data in a secure customer information database comprising authentic customer data of a financial institution; identifying a format of the authentic customer data of a financial institution; saving the honeytoken data in the same format as the identified authentic customer data in the secure customer information database, and wherein the honeytoken data is not associated with an existing customer of the financial institution; identifying a login attempt at a web site of the financial institution; determining that credentials used in the login attempt correspond to the honeytoken data; based on the determination that the honeytoken data was used in the login attempt, providing a user interface indicating that the credentials used in the login attempt are valid; receiving additional data via the web site of the financial institution relating to the login attempt; and storing the additional data relating to the login attempt. - View Dependent Claims (18, 19, 20, 21)
-
Specification