Patent · US Active

Detecting compromised credentials in a credential stuffing attack

US11044261B2 · kind B2 · utility

0Cited by

3References

8Claims

0Family size

Assignee

Shape Security, Inc. · US

Inventors

Daniel G. Moen · Sunnyvale, US
Carl Schroeder · Los Altos, US

Key dates

Filing date	Jun 29, 2018
Grant date	Jun 22, 2021
Priority date	—
Expiry date	Jul 24, 2039

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/083
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Techniques are provided for detecting compromised credentials in a credential stuffing attack. A set model is trained based on a first set of spilled credentials. The set model does not comprise any credential of the first set of spilled credentials. A first request is received from a client computer with a first candidate credential to login to a server computer. The first candidate credential is tested for membership in the first set of spilled credentials using the set model. In response to determining the first set of spilled credentials includes the first candidate credential using the set model, one or more negative actions is performed.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.