Browse Prior Art Database

Regaining control of an hijacked account

IP.com Disclosure Number: IPCOM000247530D
Publication Date: 2016-Sep-14
Document File: 2 page(s) / 26K

Publishing Venue

The IP.com Prior Art Database

Abstract

Careful usage of a password out of multiple pre-defined passwords to regain control of hijacked account in a timely fashion

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

Regaining control of an hijacked account

This publication describes a novel way in which an orderly, well defined usage of multiple pre-fabricated passwords can be used to regain control of a hijacked account in a self-sufficient manner, without requiring the involvement of an external entity to ascertain the authenticity of the genuine user. This eliminate the many hoops that a valid user typically needs jump through to recover their account. The simplicity of recovering an account is reduced to a single step.

Our method is based on the ability to define, in advance, a number of valid passwords, such that when the user and/or the system deems that the incumbent password was compromised, the next password can be used seamlessly, without forcing the creation of a new password and using a convoluted authentication process to ensure the creator of the new password is the genuine user .

At the time the genuine user creates a new password for a service, he can create, instead of a single password, a series of them to be stored in the target system, as well as in a local password vault. Once the multiple passwords are saved on the target system, those passwords can no longer be accessed or changed using the incumbent password which is currently used to gain access to the account. Thus, even when an account is compromised and hijacked by an eavesdropper or where the password was stolen by using a key-logger, the thief cannot access these passwords nor change them. The thief cannot possibly steal any of the saved passwords as they were never been in use.

If/when a genuine user suspects that her password was compromised she can simply use the next password in the vault. By using the new password it makes it the incumbent one and the previous password (which could have been compromised) is of no use. That way one regains control of her account without any outside help. Only upon the first time a new password is used, can the (genuine) user create new passwords and add them to the system storage (as well as to the vault) for future use.

Starting off with a brand new account; the user of that account is considered to be the genuine owner. Upon logging into the account, the user is required to change the temporary password with a new password. Using this novel method, the user will in fact create n passwords (where n > 1). The first password that was created is the one the user will start using from that point on, until it expires or the user suspects that it was compromised.

For example:

The first time Alice enters her password, 'eagle', she can also store the additional passwords 'rabbit', 'turtle', and 'bird' (the system will insist on having at least one password in the vault). Later, if something goes wrong, she can enter 'turtle', which tak...