System for managing transactional data
US-2018349643-A1 · Dec 6, 2018 · US
Mitigating against malicious login attempts
US2019190934A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2019190934-A1 |
| Application number | US-201715847388-A |
| Country | US |
| Kind code | A1 |
| Filing date | Dec 19, 2017 |
| Priority date | Dec 19, 2017 |
| Publication date | Jun 20, 2019 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are disclosed for mitigating against malicious login attempts. In some examples, a computer system receives a plurality of login attempts to the system, the plurality of login attempts being originated from an Internet Protocol (IP) subnet. The computer system determines a ratio of successful login attempts to unsuccessful login attempts of the plurality of login attempts. Then, in response to determining that the ratio of a number of successful login attempts to total login attempts is below a predetermined threshold, the computer system denies a future login attempt to the system that is associated with the IP subnet for a first time period.
First claim
Opening claim text (preview).
What is claimed is: 1 . A system, comprising: at least one processor; and memory including a plurality of computer-executable components that are executable by the at least one processors to perform a plurality of actions, the plurality of actions comprising: receiving a plurality of login attempts to the system, the plurality of login attempts being originated from an Internet Protocol (IP) subnet; determining a ratio of a number of successful login attempts to total login attempts of the plurality of login attempts; and in response to determining that the ratio of a number of successful login attempts to total login attempts is below a predetermined threshold, denying a future login attempt to the system that is associated with the IP subnet for a first time period. 2 . The system of claim 1 , wherein the actions further comprise: randomizing a value for the first time period. 3 . The system of claim 1 , wherein the actions further comprise: randomizing an amount of time associated with responding to the plurality of login attempts. 4 . The system of claim 1 , wherein the denying the future login attempt includes denying the future login attempt to an account of the system that is associated with an IP subnet for the first time period. 5 . The system of claim 1 , wherein the actions further comprise: determining the ratio of the number of successful login attempts to total login attempts of the plurality of login attempts that have occurred over a second time period. 6 . The system of claim 1 , wherein the determining the ratio includes determining the ratio of the number of successful login attempts to total login attempts of the plurality of login attempts independent of when the successful login attempts and total login attempts occurred. 7 . The system of claim 1 , wherein the actions further comprise: determining a value for the first time period based on an amount of times that login attempts to the system that are associated with the IP subnet have previously been denied temporarily. 8 . A method, comprising: receiving a plurality of login attempts to a computer system, the plurality of login attempts being originated from an Internet Protocol (IP) subnet; determining a ratio of a number of successful login attempts to total login attempts of the plurality of login attempts; and denying a future login attempt to the computer system that is associated with the IP subnet for a first time period at least in response to determining that the ratio of the number of successful login attempts to total login attempts is below a predetermined threshold. 9 . The method of claim 8 , wherein the plurality of login attempts to the computer system are received across a plurality of front-end servers of the computer system, and where the plurality of front-end servers deny the future login attempt to the computer system that is associated with the IP subnet for a first time period. 10 . The method of claim 9 , wherein determining the ratio of the number of successful login attempts to total login attempts of the plurality of login attempts is performed by a computing device that is separate from the plurality of front-end servers. 11 . The method of claim 8 , wherein denying the future login attempt includes denying the future login attempt to the computer system that is associated with the IP subnet for the first time period in response to the ratio being below the predetermined threshold and a determination that a geographical location from which at least one of the plurality of login attempts originated corresponds to a particular geographical location. 12 . The method of claim 8 , wherein denying the future login attempt includes denying the future login attempt to the computer system that is associated with the IP subnet for the first time period in response to the ratio being below the predetermined threshold and a determination that a telecommunications network associated with a mobile device from which at least one of the plurality of login attempts originated corresponds to a particular telecommunication network. 13 . The method of claim 8 , wherein denying the future login attempt includes denying the future login attempt to the computer system that is associated with the IP subnet for the first time period in response to the ratio below the predetermined threshold and an internet service provider (ISP) associated with an IP address from which at least one of the plurality of login attempts originated corresponds to a particular ISP. 14 . The method of claim 8 , wherein denying the future login attempt includes denying the future login attempt to the computer system that is associated with the IP subnet for the first time in response to the ratio being below the predetermined threshold and the login attempts are associated with a historical bad actor. 15 . A non-transitory computer-readable storage medium, bearing computer-executable instructions that, when executed upon a computing device, cause the computing device at least to: receive a plurality of login attempts to a computer system, the plurality of login attempts being originated from an Internet Protocol (IP) subnet; determine a ratio of a number of successful login attempts to total login attempts of the plurality of login attempts; and deny a future login attempt to the computer system that is associated with the IP subnet for a first time period in response to at least determining that the ratio of the number of successful login attempts to total login attempts is below a predetermined threshold. 16 . The non-transitory computer-readable storage medium of claim 15 , wherein the plurality of login attempts are originated from a first IP address of the IP subnet. 17 . The non-transitory computer-readable storage medium of claim 15 , wherein the IP subnet comprises a Class D subnet. 18 . The non-transitory computer-readable storage medium of claim 15 , wherein the IP subnet comprises a Class C subnet. 19 . The non-transitory computer-readable storage medium of claim 15 , wherein denying the future login attempt includes denying the future login attempt to the computer system in response to the ratio being below the predetermined threshold and a determination that an end user identification associated with the plurality of login attempts corresponds to a particular end user identification. 20 . The non-transitory computer-readable storage medium of claim 19 , wherein the end user identification indicates a category, an operation, a status, or an account.
Assignees
Inventors
Classifications
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
involving long-term monitoring or reporting · CPC title
- H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2019190934A1 cover?
- Techniques are disclosed for mitigating against malicious login attempts. In some examples, a computer system receives a plurality of login attempts to the system, the plurality of login attempts being originated from an Internet Protocol (IP) subnet. The computer system determines a ratio of successful login attempts to unsuccessful login attempts of the plurality of login attempts. Then, in r…
- Who is the assignee on this patent?
- T Mobile Usa Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jun 20 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).