Systems and methods for detecting man-in-the-middle attacks
First Claim
1. A computer-implemented method for detecting man-in-the-middle attacks, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- registering a mobile device of a user within a computing environment as an authenticated mobile device that corresponds to the user;
receiving an authentication request to log into a secure computing resource as the user;
transmitting, in response to receiving the authentication request, an out-of-band push authentication prompt to the registered mobile device of the user through a different channel than a channel through which the authentication request was received;
comparing a geolocation indicated by the authentication request with a geolocation indicated by the registered mobile device in response to the out-of-band push authentication prompt by comparing a measure of proximity with a proximity threshold that distinguishes between matching and nonmatching geolocations; and
performing a remedial action in response to detecting a man-in-the-middle attack based on a determination that the geolocation indicated by the authentication request and the geolocation indicated by the registered mobile device do not match.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for detecting man-in-the-middle attacks may include (1) registering a mobile device of a user within a computing environment as an authenticated mobile device that corresponds to the user, (2) receiving an authentication request to log into a secure computing resource as the user, (3) transmitting, in response to receiving the authentication request, an out-of-band push authentication prompt to the registered mobile device of the user through a different channel than a channel through which the authentication request was received, (4) comparing a geolocation indicated by the authentication request with a geolocation indicated by the registered mobile device, and (5) performing remedial action in response to detecting a man-in-the-middle attack based on a determination that the geolocation indicated by the authentication request and the geolocation indicated by the registered mobile device do not match. Various other methods, systems, and computer-readable media are also disclosed.
13 Citations
20 Claims
-
1. A computer-implemented method for detecting man-in-the-middle attacks, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
registering a mobile device of a user within a computing environment as an authenticated mobile device that corresponds to the user; receiving an authentication request to log into a secure computing resource as the user; transmitting, in response to receiving the authentication request, an out-of-band push authentication prompt to the registered mobile device of the user through a different channel than a channel through which the authentication request was received; comparing a geolocation indicated by the authentication request with a geolocation indicated by the registered mobile device in response to the out-of-band push authentication prompt by comparing a measure of proximity with a proximity threshold that distinguishes between matching and nonmatching geolocations; and performing a remedial action in response to detecting a man-in-the-middle attack based on a determination that the geolocation indicated by the authentication request and the geolocation indicated by the registered mobile device do not match. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for detecting man-in-the-middle attacks, the system comprising:
-
a registration module, stored in memory, that registers a mobile device of a user within a computing environment as an authenticated mobile device that corresponds to the user; a reception module, stored in memory, that receives an authentication request to log into a secure computing resource as the user; a transmission module, stored in memory, that transmits, in response to receiving the authentication request, an out-of-band push authentication prompt to the registered mobile device of the user through a different channel than a channel through which the authentication request was received; a comparison module, stored in memory, that compares a geolocation indicated by the authentication request with a geolocation indicated by the registered mobile device in response to the out-of-band push authentication prompt by comparing a measure of proximity with a proximity threshold that distinguishes between matching and nonmatching geolocations; a performance module, stored in memory, that performs a remedial action in response to detecting a man-in-the-middle attack based on a determination that the geolocation indicated by the authentication request and the geolocation indicated by the registered mobile device do not match; and at least one physical processor configured to execute the registration module, the reception module, the transmission module, the comparison module, and the performance module. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
register a mobile device of a user within a computing environment as an authenticated mobile device that corresponds to the user; receive an authentication request to log into a secure computing resource as the user; transmit, in response to receiving the authentication request, an out-of-band push authentication prompt to the registered mobile device of the user through a different channel than a channel through which the authentication request was received; compare a geolocation indicated by the authentication request with a geolocation indicated by the registered mobile device in response to the out-of-band push authentication prompt by comparing a measure of proximity with a proximity threshold that distinguishes between matching and nonmatching geolocations; and perform a remedial action in response to detecting a man-in-the-middle attack based on a determination that the geolocation indicated by the authentication request and the geolocation indicated by the registered mobile device do not match.
-
Specification