Detecting and responding to attempts to gain unauthorized access to user accounts in an online system
US11012468B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 30, 2018 |
| Grant date | May 18, 2021 |
| Priority date | — |
| Expiry date | May 29, 2039 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04W12/122
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
In response to detected attempts to gain unauthorized access to user accounts of an online system, a security module of an online system applies an attack response policy to take actions in response to the attempts. Possible responses of the policy include reordering credential types requested by the online system during multi-factor authentication-enabled login, switching to a mode in which login requests are accepted but login is not permitted for the requesting user, and logging information about the login requests. Logged information may be applied to enhance the ability to prevent future unauthorized accesses, such as adding credential values to a list of common credential values and prohibiting users from associating those values with their accounts, or training a model based on the logged information to predict a probability that a given login request is unauthorized.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.