Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-04-10
2001-03-13
Beausoliel, Jr., Robert W. (Department: 2785)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000
Reexamination Certificate
active
06202158
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to a personal authentication method relative to an operator of a computer system and more particularly to a computer system which performs authentication on the basis of the fact that a password inputted from an input unit such as a keyboard is equal to a previously registered password.
In order to authenticate whether a user has the right to operate a computer system or not when the user operates the computer system a system is widely used in which the user is caused to input a password from the keyboard or the like and which performs authentication on the basis of the fact that the inputted password is equal to a previously registered password. This authentication is heretofore utilized as detection measures of illegal utilization of a computer system. For example, as described in ON-LINE MANUAL, Login (
1
) of HP-UX 90, when incorrect passwords are inputted by a prescribed number of times such as three times continuously or when the authentication is not completed during a prescribed time such as, for example, one minute, connection between the terminal and the computer system is cut off and the event thereof is recorded. As described in Paragraph 2.2 Security Function “User Account Security” of Windows NT 3.5 Security/Superintendence Guide (written by Microsoft Corporation, editorially translated by ASCII Network Technology, translated by ASCII Techwrite and published by ASCII, ISBN4-1017-7), when an incorrect pass word is input by a prescribed number of times or more continuously, the occurrences are recorded and are notified to a supervisor or manager.
Further, information relative to a terminal operated by a user is recorded, while the information is not utilized for detection of an illegal access. In the TCP wrapper which is a free software available from ftp://ftp.aistnara.ac.jp/pub/Secruity/tools/tcp_wrappers on the Internet, for example, utilization by specific terminals or other terminals except specific terminals is judged as illegal.
Furthermore, Japanese Patent Application laid-open No. JP-A-6-6347 discloses a method of monitoring the security on a network concentratedly.
Moreover, Japanese Patent Application laid-open No. JP-A-7-264178 discloses a system which specifies a place on a LAN of occurrence of an illegal access by means of information obtained from a relay apparatus.
The above-described conventional methods have the following problems.
In the system in which if a user fails in log-in even once the failure is adapted to be recorded, a failure is recorded even when a just user inputs a wrong password. It is difficult for a manager to judge whether the failure is caused by illegal utilization or merely wrong inputting.
When an illegal user inputs wrong passwords by the number of times (for example, two times) smaller than a prescribed number of times continuously in the method that connection is cut off if a user inputs wrong passwords by the prescribed number of times (for example, three times) continuously or when an illegal user cuts off connection by himself within a time shorter than a prescribed time (for example, one minute) in the method that connection is cut off if authentication is not completed during the prescribed time, such an possible act of illegal utilization cannot be recorded and naturally it is impossible to judge whether intrusion is made actually by illegal action or not.
Further, when wrong passwords are continuously inputted over a prescribed number of times in the system in which when authentication using a password fails the failure is recorded in a log, a lot of failure data in authentication are outputted and other important messages are buried.
Furthermore, since a time interval of counting failures is not provided in the above prior art, intrusion events having an inclination to be generally concentrated in a specific time zone cannot be seized.
When accesses are made from a plurality of places by using an account given to the same person, such acts or events are considered to be illegal utilization, while there is not provided means for detecting such events effectively.
SUMMARY OF THE INVENTION
It is an object of the present invention to provide a method of improving the reliability of detection of an illegal access to a computer system.
It is another object of the present invention to provide a method capable of performing management of occurrent of an illegal access to a computer system effectively.
It is a further object of the present invention to provide a recording medium for storing therein a computer program for detecting an illegal access to a computer system.
According to one aspect of the present invention, the detection method of an illegal access to a computer system according to the present invention, comprises a step a) of collating user identification information inputted from an input unit in one or more log-in operations with user authentication information registered in the computer system, a step b) of detecting the number of times that the identification information is not coincident with the authentication information in a series of log-in operations within a predetermined term, a step c) of obtaining final log-in information indicating whether the identification information is coincident with the authentication information or not in a final log-in operation, and a step d) of comparing the number of times in respect to the incoincidence and the final log-in information with a predetermined judgment standard to thereby detect the presence of the illegal access.
According to another aspect of the present invention, the detection method of an illegal access to a computer system according to the present invention, comprises a step a) of recording user identification information inputted from an input unit in a log-in operation and terminal identification information of a computer terminal in which the log-in operation is performed, a step b) of detecting the number of computer terminals when log-in operations are performed from a plurality of computer terminals by using identical user identification information, and a step c) of judging that there is an illegal access when the number of computer terminals detected in the step b) reaches a predetermined reference value.
According to an aspect of the present invention, in a medium for recording a computer program for detecting an illegal access to a computer system, computer code means comprise means for collating user identification information inputted from an input unit in one or more log-in operations with user authentication information registered in the computer system, means for detecting the number of times that the identification information is not coincident with the authentication information in a series of log-in operations within a predetermined term, means for obtaining final log-in information indicating whether the identification information is coincident with the authentication information or not in a final log-in operation, and means for comparing the number of times in respect to the incoincidence and the final log-in information with a predetermined judgment standard to thereby detect the presence of the illegal access.
Other objects and embodiments of the present invention will become clear from detailed following description taken in connection with the accompanying drawings.
REFERENCES:
patent: 4962449 (1990-10-01), Sclhlesinger
patent: 5488715 (1996-01-01), Wainwright
patent: 6-6347 (1994-01-01), None
patent: 7-264178 (1995-10-01), None
On-Line Manual, Login (1), HP-UX 90.
User account Security, Windows NT 3.5, Security/superintendence Guide, Microsoft Corportation.
Fujino Shuji
Hirata Toshiaki
Miyazaki Satoshi
Morikawa Kazuyoshi
Morita Shinji
Antonelli Terry Stout & Kraus LLP
Beausoliel, Jr. Robert W.
Bonzo Bryce P.
Hitachi , Ltd.
LandOfFree
Detection method of illegal access to computer system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Detection method of illegal access to computer system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Detection method of illegal access to computer system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2462531