Systems and methods for responding to security breaches

US 9,077,747 B1
Filed: 07/23/2013
Issued: 07/07/2015
Est. Priority Date: 07/23/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for responding to security breaches, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

receiving, via a security server, a notification that a website that provides network-based services has experienced a security breach;

identifying, via the security server, a first user account that is potentially affected by the security breach by;

identifying an account management database that stores users'"'"' account information for a plurality of different websites that provide network-based services;

searching the account management database for user accounts associated with the website that experienced the security breach;

identifying an account-access credential used to access the first user account, wherein the account-access credential used to access the first user account was potentially exposed during the security breach;

identifying, via the security server, a second user account that is potentially at risk as a result of the potential exposure of the account-access credential used to access the first user account by;

identifying a user associated with the first user account;

searching the account management database for additional accounts associated with the user;

while searching the account management database, determining that the second user account is associated with the user;

identifying an account-access credential used to access the second user account;

determining that the account access credential used to access the first account is not identical to the account access credential used to access the second user account;

determining a distance between the account-access credential used to access the first user account and the account-access credential used to access the second user account;

determining that the distance is below a predetermined threshold;

determining, based on the determination that the distance is below the predetermined threshold, that the second user account is potentially at risk as a result of the potential exposure of the account-access credential used to access the first user account;

performing, via the security server, for the first user account that is potentially affected by the security breach, a security action that addresses the security breach;

performing, via the security server, for the second user account, an additional security action that addresses the security breach in response to determining that the second user account is potentially at risk.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for responding to security breaches may include (1) receiving a notification that a service provider has experienced a security breach, (2) identifying a first user account that is potentially affected by the security breach by identifying an account management database that stores users'"'"' account information for a plurality of different service providers and searching the account management database for user accounts associated with the service provider that experienced the security breach, and (3) performing, for the first user account that is potentially affected by the security breach, a security action that addresses the security breach. Various other methods, systems, and computer-readable media are also disclosed.

52 Citations

View as Search Results

20 Claims

1. A computer-implemented method for responding to security breaches, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- receiving, via a security server, a notification that a website that provides network-based services has experienced a security breach;
  
  identifying, via the security server, a first user account that is potentially affected by the security breach by;
  
  identifying an account management database that stores users'"'"' account information for a plurality of different websites that provide network-based services;
  
  searching the account management database for user accounts associated with the website that experienced the security breach;
  
  identifying an account-access credential used to access the first user account, wherein the account-access credential used to access the first user account was potentially exposed during the security breach;
  
  identifying, via the security server, a second user account that is potentially at risk as a result of the potential exposure of the account-access credential used to access the first user account by;
  
  identifying a user associated with the first user account;
  
  searching the account management database for additional accounts associated with the user;
  
  while searching the account management database, determining that the second user account is associated with the user;
  
  identifying an account-access credential used to access the second user account;
  
  determining that the account access credential used to access the first account is not identical to the account access credential used to access the second user account;
  
  determining a distance between the account-access credential used to access the first user account and the account-access credential used to access the second user account;
  
  determining that the distance is below a predetermined threshold;
  
  determining, based on the determination that the distance is below the predetermined threshold, that the second user account is potentially at risk as a result of the potential exposure of the account-access credential used to access the first user account;
  
  performing, via the security server, for the first user account that is potentially affected by the security breach, a security action that addresses the security breach;
  
  performing, via the security server, for the second user account, an additional security action that addresses the security breach in response to determining that the second user account is potentially at risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, wherein receiving the notification that the website that provides network-based services has experienced the security breach comprises receiving a public message board notification that the website that provides network-based services has experienced the security breach.
  - 3. The computer-implemented method of claim 1, wherein receiving the notification comprises receiving a notification that the website that provides network-based services has experienced at least one of:
    - a loss of secure data to an untrusted environment;
      
      an unintentional disclosure of secure data;
      
      a loss of sensitive personal information to an untrusted environment;
      
      a loss of sensitive corporate information to an untrusted environment.
  - 4. The computer-implemented method of claim 1, wherein:
    - the account-access credential used to access the first user account comprises a first username and a first password;
      
      the account-access credential used to access the second user account comprises a second username and a second password.
  - 5. The computer-implemented method of claim 4, wherein:
    - the first password is stored in the account management database as a first fingerprint of an unencrypted version of the first password;
      
      the second password is stored in the account management database as a second fingerprint of an unencrypted version of the second password.
  - 6. The computer-implemented method of claim 1, wherein the additional security action comprises notifying the user that the second user account is potentially at risk as a result of the security breach.
  - 7. The computer-implemented method of claim 1, wherein:
    - the additional security action comprises automatically, in response to identifying the first user account as being potentially affected by the security breach, changing the account-access credential used to access the second user account.
  - 8. The computer-implemented method of claim 1, wherein receiving the notification that the website that provides network-based services has experienced the security breach comprises at least one of:
    - detecting the security breach by discovering loss of sensitive data stored by the website that provides network-based services;
      
      receiving the notification from the website that provides network-based services.
  - 9. The computer-implemented method of claim 1, further comprising maintaining the account management database by, for each user in a plurality of users:
    - receiving, from each user, user account information for multiple websites that provide network-based services;
      
      storing the user account information of each user and associating the user account information of each user with each respective user.

10. A system for responding to security breaches, the system comprising:
- a breach-detection module programmed to receive a notification that a website that provides network-based services has experienced a security breach;
  
  an account-identification module programmed to identify a first user account that is potentially affected by the security breach by;
  
  identifying an account management database that stores users'"'"' account information for a plurality of different websites that provide network-based services;
  
  searching the account management database for user accounts associated with the website that experienced the security breach;
  
  a security module programmed to;
  
  identify an account-access credential used to access the first user account, wherein the account-access credential used to access the first user account was potentially exposed during the security breach;
  
  identify a second user account that is potentially at risk as a result of the potential exposure of the account-access credential used to access the first user account by;
  
  identifying a user associated with the first user account;
  
  searching the account management database for additional accounts associated with the user;
  
  while searching the account management database, determining that the second user account is associated with the user;
  
  identifying an account-access credential used to access the second user account;
  
  determining that the account access credential used to access the first account is not identical to the account access credential used to access the second user account;
  
  determining a distance between the account-access credential used to access the first user account and the account-access credential used to access the second user account;
  
  determining that the distance is below a predetermined threshold;
  
  determining, based on the determination that the distance is below the predetermined threshold, that the second user account is potentially at risk as a result of the potential exposure of the account-access credential used to access the first user account;
  
  perform, for the first user account that is potentially affected by the security breach, a security action that addresses the security breach;
  
  perform for the second user account, an additional security action that addresses the security breach in response to determining that the second user account is potentially at risk;
  
  at least one hardware processor that executes the breach-detection module, the account-identification module, and the security module.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein breach-detection module is programmed to receive the notification that the website that provides network-based services has experienced the security breach by receiving a public message board notification that the website that provides network-based services has experienced the security breach.
  - 12. The system of claim 10, wherein the breach-detection module is programmed to receive the notification that the website that provides network-based services has experienced the security breach by receiving a notification that the website that provides network-based services has experienced at least one of:
    - a loss of secure data to an untrusted environment;
      
      an unintentional disclosure of secure data;
      
      a loss of sensitive personal information to an untrusted environment;
      
      a loss of sensitive corporate information to an untrusted environment.
  - 13. The system of claim 10, wherein:
    - the account-access credential used to access the first user account comprises a first username and a first password;
      
      the account-access credential used to access the second user account comprises a second username and a second password.
  - 14. The system of claim 13, wherein:
    - the account-identification module is programmed to store the first password in the account management database as a first fingerprint of an unencrypted version of the first password;
      
      the account-identification module is programmed to store the second password in the account management database as a second fingerprint of an unencrypted version of the second password.
  - 15. The system of claim 10, wherein the additional security action performed by the security module comprises notifying the user that the second user account is potentially at risk as a result of the security breach.
  - 16. The system of claim 10, wherein:
    - the security action performed by the security module comprises automatically, in response to the account-identification module identifying the first user account as being potentially affected by the security breach, changing the account-access credential used to access the second user account.
  - 17. The system of claim 10, wherein the breach-detection module is programmed to receive the notification that the website that provides network-based services has experienced the security breach by performing at least one of:
    - detecting the security breach by discovering loss of sensitive data stored by the website that provides network-based services;
      
      receiving the notification from the website that provides network-based services.
  - 18. The system of claim 10, wherein the account-identification module maintains the account management database by, for each user in a plurality of users:
    - receiving, from each user, user account information for multiple websites that provide network-based services;
      
      storing the user account information of each user and associating the user account information of each user with each respective user.

19. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- receive, via a security server, a notification that a website that provides network-based services has experienced a security breach;
  
  identify, via the security server, a first user account that is potentially affected by the security breach by;
  
  identifying an account management database that stores users'"'"' account information for a plurality of different websites that provide network-based services;
  
  searching the account management database for user accounts associated with the website that experienced the security breach;
  
  identify an account-access credential used to access the first user account, wherein the account-access credential used to access the first user account was potentially exposed during the security breach;
  
  identify, via the security server, a second user account that is potentially at risk as a result of the potential exposure of the account-access credential used to access the first user account by;
  
  identifying a user associated with the first user account;
  
  searching the account management database for additional accounts associated with the user;
  
  while searching the account management database, determining that the second user account is associated with the user;
  
  identifying an account-access credential used to access the second user account;
  
  determining that the account access credential used to access the first account is not identical to the account access credential used to access the second user account;
  
  determining a distance between the account-access credential used to access the first user account and the account-access credential used to access the second user account;
  
  determining that the distance is below a predetermined threshold;
  
  determining, based on the determination that the distance is below the predetermined threshold, that the second user account is potentially at risk as a result of the potential exposure of the account-access credential used to access the first user account;
  
  perform, via the security server, for the first user account that is potentially affected by the security breach, a security action that addresses the security breach;
  
  perform, via the security server, for the second user account, an additional security action that addresses the security breach in response to determining that the second user account is potentially at risk.
- View Dependent Claims (20)
- - 20. The non-transitory computer-readable medium of claim 19, wherein:
    - the account-access credential used to access the first user account comprises a first username and a first password;
      
      the account-access credential used to access the second user account comprises a second username and a second password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Chen, Joseph, Farrokh, Kamron
Primary Examiner(s)
Rahman, Mohammad L

Application Number

US13/949,222
Time in Patent Office

714 Days
Field of Search

726/23, 726/8
US Class Current

1/1
CPC Class Codes

H04L 63/083   using passwords cryptograph...

H04L 63/105   Multiple levels of security

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

Systems and methods for responding to security breaches

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for responding to security breaches

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links