Credential input detection and threat analysis

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Paresh Maisuria · Issaquah, US
• Ali ALABBAS · Sammamish, US
• Abhishek Sagar · Wake Forest, US
• Mara Beth Fortini · Sammamish, US
• Rupo Zhang · Redmond, US
• Christian Stockwell · Seattle, US
• Michael D. McCormack · Plano, US
• Jason Weber · Peoria, US
• Charles J. Strempler · Seattle, US
• Sinclaire Renee Hamilton · Sammamish, US
• Brian Keith Catlin · Kilauea, US
• Richard Joseph Murillo · Issaquah, US
• Robert G. Lefferts · Redmond, US
• Eric P. Douglas · Kirkland, US
• Christian Seifert · Seattle, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2117
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The technology described herein identifies and mitigates phishing attempts by analyzing user input received at the operating system level. Initially, a credential, such as a username or password, is registered with the threat detection system. The technology described herein intercepts user input at the operating system level, generates a hash of the input, and compares it with a hash of a credential being monitored. A credential entry is detected when a hash for the character string entered matches a hash for a credential being monitored. The technology described herein will perform a threat assessment when a secret entry is detected. The threat assessment may use the application context and the network context as inputs to the assessment. Various mitigation actions may be taken when a threat is detected.