Apple's intelligent security system can tell intruders apart from mistyped passwords

Posted:
in General Discussion edited January 2014
An Apple patent granted by the U.S. Patent and Trademark Office on Tuesday describes a technique of determining with acceptable accuracy whether an incorrectly entered credential, such as a password, was the result of a mistake or a legitimate threat to a secure network.

While similar systems exist, Apple's U.S. Patent No. 8,412,931 for "Techniques for credential strength analysis via failed intruder access attempts" details a "credential analysis service" that can establish a certain strength of security access in response to a failed access attempt.

Invented with server products, data centers and secure Intranets in mind, the patent can also be used on other platforms as necessary, including wired and wireless networks.

Credential Service
Flowchart of credential analysis service. | Source: USPTO


In operation, the credential analysis service is fairly straightforward. As an example, the patent uses an enterprise's secure network, where the system first interacts with a password or security service. Users attempting to access the network require authentications, such as tokens or other means of identification, with a number of roles and levels of security rights.

When an invalid or failed authentication occurs, the system acquires said credential from the authentication service and determines if the invalid login is from a certified user or an intruder. Because users sometimes forget part of their password or enter errant keystrokes, a predefined threshold is employed to help determine if the failed attempt should be processed.

For example,the credential analysis service can retrieve an identifier used with the failed authentication and compare it with an existing valid credential for the identifier. The service then calculates a numeric distance between the two credentials and compares the result with the defined threshold of tolerance. If the number is inside the threshold, no further action is taken, but if the result is outside the tolerated metric, steps are taken to dynamically modify security strength.

One of the steps could be the recording of the failed credential, wherein a counter is employed to track the number of times a certain failed password is used. This recording warrants a heightened ranking for the specific authenticator. In another embodiment, the analysis service compares a pattern associated with the failed attempt with attempted access patterns of known intruders.

In addition to other metrics, the credential analysis service can dynamically change the strength attributes relating to the given credential. An authenticator can be permanently blocked according to some embodiments, or downgraded based on policy.

In still other embodiments, an intruder analysis service that uses many of the same techniques described above determines whether an unauthorized user is attempting to access a network. Intruder trends can be monitored and policy changed based on the findings and historical data as well as patterns.

Apple's credential service patent was first filed for in 2007 and credits Srinivas Vedula and Cameron Craig Morris as its inventors.

Comments

  • Reply 1 of 4
    cash907cash907 Posts: 893member
    Uh huh. This from the company that autocorrects "gave" to "have" and "do" to "so" because it somehow thinks it knows better than me what word I meant.
    Excuse me if I doubt the reliability of this system.
  • Reply 2 of 4
    iaeeniaeen Posts: 588member
    Don't like it. Security should be zero tolerance. The inconvenience or re entering a password does not justify lower security.
  • Reply 3 of 4
    curtis hannahcurtis hannah Posts: 1,833member
    Well there are these slight improvements that will hopefully help when you have this mistake ten times in a row so no major problems.
  • Reply 4 of 4
    tallest skiltallest skil Posts: 43,388member


    Originally Posted by Cash907 View Post

    Uh huh. This from the company that autocorrects "gave" to "have" and "do" to "so" because it somehow thinks it knows better than me what word I meant.

    Excuse me if I doubt the reliability of this system.


     


    The system is based on your reliability. This does not happen on my devices. Your typing has caused this.

Sign In or Register to comment.