Patent · US Active

Detecting compromised credentials in a credential stuffing attack

US12126631B2 · kind B2 · utility

0Cited by

2References

16Claims

0Family size

Assignee

Shape Security, Inc. · US

Inventors

Daniel G. Moen · Sunnyvale, US
Carl Schroeder · Los Altos, US

Key dates

Filing date	Apr 16, 2021
Grant date	Oct 22, 2024
Priority date	—
Expiry date	Oct 16, 2041

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/083
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Techniques are provided for detecting compromised credentials in a credential stuffing attack. A set model is trained based on a first set of spilled credentials. The set model does not comprise any credential of the first set of spilled credentials. A first request is received from a client computer with a first candidate credential to login to a server computer. The first candidate credential is tested for membership in the first set of spilled credentials using the set model. In response to determining the first set of spilled credentials includes the first candidate credential using the set model, one or more negative actions is performed.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.