Account hijacking counter-measures
US8707407B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 4, 2009 |
| Grant date | Apr 22, 2014 |
| Priority date | — |
| Expiry date | Mar 17, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/08
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method for providing an additional layer of authentication prior to accessing a user's account even though the user's credentials have previously been verified. User accounts are often accessed via a sign-in page that verifies the user's credentials. Upon detecting a device accessing the sign-in page, an identifier associated with the device is obtained. One such type of identifier is the IP address assigned to the device. Based on the identifier, it is determined whether the device is trusted or not. Even thought the user's credentials are verified via the sign-in page, if the device is not trusted, a second authentication page is presented to the user prior to proceeding to the account. The second authentication page presents at least one security question. The security question is based on information contained in the user's account (e.g., contact information, event information, electronic messages, etc.). The user is required to correctly answer the security question in order to access the account.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.