Preventing user enumeration by an authentication server
US8875255B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 28, 2012 |
| Grant date | Oct 28, 2014 |
| Priority date | — |
| Expiry date | Oct 4, 2032 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2127
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
An enumeration prevention technique involves receiving an authentication session request which includes a validation result indicating whether a user identifier supplied by the user identifies a valid user entry in a user database. The technique further involves providing a genuine authentication session response when the validation result indicates that the user identifier does identify a valid user entry in the user database. The genuine authentication session response includes a user-expected set of artifacts to confirm authenticity of the authentication server to the user. The technique further involves providing a faux authentication session response when the validation result indicates that the user identifier does not identify a valid user entry in the user database. The faux authentication session response includes a machine-selected set of artifacts enabling the faux authentication session response to resemble a genuine authentication session response.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.