Defeating real-time trojan login attack with delayed interaction with fraudster
US8452980B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 29, 2010 |
| Grant date | May 28, 2013 |
| Priority date | — |
| Expiry date | Oct 3, 2031 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2135
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method of detecting a fraudulent login attempt across a network is provided. The method includes (a) receiving, at some time, a login request from a client, the login request including (1) a username associated with a user account, (2) a static password associated with the user account, and (3) a one-time password provided by a token, (b) calculating whether the time is more than a predetermined amount of time after a most-recent login to the account, (c) when the time is more than the predetermined time since the most-recent login, accepting the login request according to a first mode, and (d) when the first time is not more than the predetermined time since the most-recent login, accepting the login request according to a second mode, the second mode rejecting a greater proportion of login attempts than the first mode rejects. An apparatus and computer program product are also provided.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.