Authorizations For Computing Devices To Access A Protected Resource
US-2016248773-A1 · Aug 25, 2016 · US
Techniques for detecting unauthorized access to cloud applications based on velocity events
US2017155652A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2017155652-A1 |
| Application number | US-201514954136-A |
| Country | US |
| Kind code | A1 |
| Filing date | Nov 30, 2015 |
| Priority date | Nov 30, 2015 |
| Publication date | Jun 1, 2017 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method for detecting unauthorized access to cloud applications based on velocity events are presented. The method includes identifying a first access attempt to a cloud application at a first time and from a first location; identifying a second access attempt to a cloud application at a second time and from a second location; computing a velocity between the first access attempt and the second access attempt based on the first time, the second time, the first location, and the second location; checking if the computed velocity is greater than a velocity threshold; and generating a velocity event when the computed velocity is greater than the velocity threshold, wherein the velocity event indicates that an access attempt is unauthorized.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method for detecting unauthorized access to cloud applications based on velocity events, comprising: identifying a first access attempt to a cloud application at a first time and from a first location; identifying a second access attempt to a cloud application at a second time and from a second location; computing a velocity between the first access attempt and the second access attempt based on the first time, the second time, the first location, and the second location; checking if the computed velocity is greater than a velocity threshold; and generating a velocity event when the computed velocity is greater than the velocity threshold, wherein the velocity event indicates that an access attempt is unauthorized. 2 . The method of claim 1 , wherein the velocity threshold is based on a velocity required to travel from the first location to the second location within the difference between the first time and the second time. 3 . The method of claim 1 , further comprising: upon determining that the required velocity is not above the velocity threshold, determining that the second access attempt is authorized. 4 . The method of claim 1 , wherein the first access attempt and the second access attempt are for the same cloud application. 5 . The method of claim 1 , wherein the first access attempt and the second access attempt are for different cloud applications. 6 . The method of claim 1 , further comprising: determining whether the velocity event is a false positive; upon determining that the velocity event is a false positive, determining that the second access attempt is authorized; and upon determining that the velocity event is not a false positive, determining that an access attempt is unauthorized. 7 . The method of claim 6 , wherein determining whether the velocity event is a false positive further comprises: computing a risk score using a decision tree, wherein the determination is based on the risk score. 8 . The method of claim 7 , wherein the decision tree is generated based on at least information related to legitimate access attempts by the user, wherein the decision tree is updated as legitimate access attempts by the user are detected. 9 . The method of claim 1 , further comprising: upon generating a velocity event, activating at least one protective measure based on at least one rule. 10 . The method of claim 9 , wherein each protective measure is any of: blocking access, raising a security alert, ignoring the velocity event, granting limited access, and logging out a user designated by the same username initiated the first access attempt and the second access attempt. 11 . The method of claim 10 , wherein each of the first location and the second location is identified based on at least one rule for resolving locations. 12 . A non-transitory computer readable medium having stored thereon instructions for causing one or more processing units to execute the method according to claim 1 . 13 . A system for detecting unauthorized access to cloud applications, comprising: a processing unit; and a memory, the memory containing instructions that, when executed by the processing unit, configure the system to: identify a first access attempt to a cloud application at a first time and from a first location; identify a second access attempt to a cloud application at a second time and from a second location; compute a velocity between the first access attempt and the second access attempt based on the first time, the second time, the first location, and the second location; check if the computed velocity is greater than a velocity threshold; and generate a velocity event when the computed velocity is greater than the velocity threshold, wherein the velocity event indicates that an access attempt is unauthorized. 14 . The system of claim 13 , wherein the velocity threshold is based on a velocity required to travel from the first location to the second location within the difference between the first time and the second time. 15 . The system of claim 13 , wherein the system is further configured to: upon determining that the required velocity is not above the velocity threshold, determine that the second access attempt is authorized. 16 . The system of claim 13 , wherein the first access attempt and the second access attempt are for the same cloud application. 17 . The system of claim 13 , wherein the first attempt and the second access attempt are for different cloud applications. 18 . The system of claim 13 , wherein the system is further configured to: determine whether the velocity event is a false positive; upon determining that the velocity event is a false positive, determine that the second access attempt is authorized; and upon determining that the velocity event is not a false positive, determine that an access attempt is unauthorized. 19 . The system of claim 13 , wherein the system is further configured to: compute a risk score using a decision tree, wherein the determination is based on the risk score. 20 . The system of claim 19 , wherein the decision tree is generated based on at least information related to legitimate access attempts by the user, wherein the decision tree is updated as legitimate access attempts by the user are detected. 21 . The system of claim 13 , wherein the system is further configured to: upon generating a velocity event, activate at least one protective measure based on at least one rule. 22 . The system of claim 21 , wherein each protective measure is any of: blocking access, raising a security alert, ignoring the velocity event, granting limited access, and logging out a user designated by the same username initiated the first access attempt and the second access attempt. 23 . The system of claim 13 , wherein each of the first location and the second location is identified based on at least one rule for resolving locations.
Assignees
Inventors
Classifications
- H04L63/10Primary
for controlling access to devices or network resources · CPC title
Threshold monitoring · CPC title
Proxies · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Network utilisation, e.g. volume of load or congestion level · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2017155652A1 cover?
- A system and method for detecting unauthorized access to cloud applications based on velocity events are presented. The method includes identifying a first access attempt to a cloud application at a first time and from a first location; identifying a second access attempt to a cloud application at a second time and from a second location; computing a velocity between the first access attempt an…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jun 01 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).