The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jan. 12, 2016
Filed:
Sep. 26, 2013
Emc Corporation, Hopkinton, MA (US);
Yedidya Dotan, Newton, MA (US);
Lakshmi Suresh, Westford, MA (US);
John Watts, Medford, MA (US);
Paul Dennis, Wayland, MA (US);
EMC Corporation, Hopkinton, MA (US);
Abstract
Authentication employs a classification that monitors content of authentication requests and results and assigns and records risk values identifying low-risk sources making normal authentication requests and high-risk sources making abnormal authentication requests indicative of fraud activity. Then for low-risk sources, a normal authentication process is employed having differential success/fail behavior exposing information about an enumerable system resource, such as a user account. Example differential behavior includes (a) granting access when a request identifies a valid user account, and (b) otherwise denying access, enabling an attacker to learn whether a guessed value identifies an existing account. For high-risk sources, a false authentication process is employed having non-differential success/fail response behavior that does not expose the information, such as consistent presentation of a service denial message irrespective of whether the request identifies a valid existing user account, preventing an enumeration attack.