Browse Prior Art Database

Method and System for Collaboratively Sharing Information related to Security Risks

IP.com Disclosure Number: IPCOM000239526D
Publication Date: 2014-Nov-13
Document File: 3 page(s) / 30K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method and system is disclosed for collaboratively sharing information related to security risks.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 32% of the total text.

Page 01 of 3

Method and System for Collaboratively Sharing Information related to Security Risks

Certain websites store sensitive user information such as, but not limited to, usernames, email addresses, passwords, security verification questions, credit card numbers and birth dates. When the user information is compromised at one site, the user information at other sites also becomes vulnerable as users tend to use the same information across multiple sites. Although users may have different authentication identifiers (IDs) for various sites such as user IDs, but users tend to reuse passwords. If one website is compromised, a user ID on another site can be at increased risk even though the user ID is different. Additionally, when a user is alerted regarding the compromised password, the compromised website is also revealed to the user. Such revelations may lead to lower usage of the website in the future and reduce brand loyalty of the website.

Disclosed is a method and system for collaboratively sharing information related to security risks. The method and system provides a registry where 'n' number of entities agree to anonymously share security breach events, wherein specific entities can optionally elect to form subgroups. If the security of a first entity is breached, a breached data message including a cryptographic hash value of compromised attributes is securely published. The message is delivered to other entities or optionally delivered to the subgroup. Upon receiving the breached data message, the cryptographic hash value of the identified attributes in the message is computed to determine whether the same authentication credential resides in systems of the other entities. If the same authentication credential is determined to reside in a system of a second entity, then an action to protect the authentication credential from being similarly compromised is initiated.

Further, the method and system creates a secure local password vault for each user containing user ID, password, other authentication credential and the website to which the credential applies. The local password vault is connected to 'n' number of websites identified in the vault via a secure subscription process. If there is a breach in the security of a website, a message containing a cryptographic hash value of compromised attributes is securely published to subscribing password vault(s). Upon receipt of the message, each vault computes the cryptographic hash value of the identified attributes. The computing is carried out to determine the number of website entries containing any portion of the authentication credential such as a password.

If two or more records are determined to contain the same authentication credential, the vault alerts the user that a breach of the authentication credential has occurred for one website. The method and system also informs the user that the credential needs to be changed or removed. An interface can be provided to change the cred...