Systems and methods for protecting against password attacks by concealing the use of honeywords in password files
US-11438378-B1 · Sep 6, 2022 · US
System and method to detect and prevent keylogging attacks
US2025220013A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2025220013-A1 |
| Application number | US-202318400092-A |
| Country | US |
| Kind code | A1 |
| Filing date | Dec 29, 2023 |
| Priority date | Dec 29, 2023 |
| Publication date | Jul 3, 2025 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In an first aspect of the disclosure, there is a computer-implemented method which includes: obtaining, by a computing device, a password entered by an account user, placing, by the computing device, the password in memory of a device; generating, by the computing device, a fake password by randomly injecting characters into the password; storing, by the computing device, the fake password in a secure database; and deleting the password from the memory.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method, comprising: obtaining, by a computing device, a password entered by an account user; placing, by the computing device, the password in memory of a device; generating, by the computing device, a fake password by randomly injecting characters into the password; storing, by the computing device, the fake password in a secure database; and deleting the password from the memory. 2 . The method of claim 1 , further comprising detecting, by the computing device, a login screen and, upon detection, monitoring keystrokes associated with the password and keystrokes from a virtual keyboard which generates the fake password. 3 . The method of claim 2 , wherein the keystrokes associated with the password are obtained from a physical keyboard and the virtual keyboard provides random keystrokes when the user types the password. 4 . The method of claim 3 , wherein the virtual keyboard is indistinguishable from the physical keyboard. 5 . The method of claim 3 , wherein the virtual keyboard injects the random characters into the password to generate the fake password. 6 . The method of claim 5 , wherein the fake password is generated by deleting characters from the password. 7 . The method of claim 1 , further comprising deleting processes of the login screen with the password from the memory. 8 . The method of claim 1 , further comprising providing the fake password to a third party. 9 . The method of claim 1 , further comprising, upon entry of the password into a login screen for the user's account, comparing the password to the fake password stored in the secure database. 10 . The method of claim 9 , further comprising providing a security action when the password matches the fake password stored in the secure database. 11 . The method of claim 10 , wherein the security action comprises at least one of locking an account and requesting a multifactor authentication. 12 . The method of claim 1 , wherein the computing device includes software provided as a service in a cloud environment. 13 . A computer program product comprising one or more computer readable storage media having program instructions collectively stored on the one or more computer readable storage media, the program instructions executable to: detect a login screen of a user's account; monitor keystrokes of a password entered into the login screen; monitor keystrokes of a virtual keyboard; generate a fake password by randomly injecting the monitored keystrokes of the virtual keyboard into the password; store the fake password in a secure database; compare a second password entered into the login screen of the user's account against the fake password; and provide a security action when the second password matches the fake password. 14 . The computer program product of claim 13 , wherein the security action comprises locking access to the user's account. 15 . The computer program product of claim 13 , wherein a combination of the keystrokes from a physical keyboard and the virtual keyboard generate the fake password. 16 . The computer program product of claim 15 , wherein the virtual keyboard is indistinguishable from the physical keyboard by a computing device. 17 . The computer program product of claim 13 , further comprising deleting processes of the login screen with the password from the memory. 18 . The computer program product of claim 13 , wherein the fake password is generated by deleting characters from the password. 19 . A system comprising: a processor, a computer readable memory, one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions executable to: monitor keystrokes of a password entered into a login screen of a user's account; generate a fake password by randomly injecting the keystrokes from a virtual keyboard into the password; store the fake password in a secure database; compare a second password entered into the login screen of the user's account against the fake password; and provide a security action when the second password matches the fake password. 20 . The system of claim 19 , further comprising detecting the login screen of a user's account and deleting the password and processes of the login screen upon request to access the user's account.
Assignees
Inventors
Classifications
using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment · CPC title
- H04L63/083Primary
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
applying multi-factor authentication · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2025220013A1 cover?
- In an first aspect of the disclosure, there is a computer-implemented method which includes: obtaining, by a computing device, a password entered by an account user, placing, by the computing device, the password in memory of a device; generating, by the computing device, a fake password by randomly injecting characters into the password; storing, by the computing device, the fake password in a…
- Who is the assignee on this patent?
- Kyndryl Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/083. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jul 03 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).