Search

US-12627648-B2 - System and a method for determining an attempt to gain unauthorized access to a system or a service

US12627648B2US 12627648 B2US12627648 B2US 12627648B2US-12627648-B2

Abstract

An authentication system. The authentication system includes at least one memory and at least one processor coupled with the at least one memory. Executable instructions for the processor generate and send a false verification code to an authorized user.

Inventors

  • Janek Mroczek

Assignees

  • GOVERNMENT OF THE UNITED STATES AS REPRESENTED BY THE SECRETARY OF THE AIR FORCE

Dates

Publication Date
20260512
Application Date
20240813

Claims (20)

  1. 1 . An authentication system, comprising: at least one memory; and at least one processor coupled with the at least one memory; and executable instructions for the processor to: generate a false verification code, the false verification code configured to inform a system configured to communicate with the authentication system for authentication that a provider of the false verification code is not an authentic user of the system; and send a message including the false verification code to an authorized user, the message including an indication that the false verification code is false.
  2. 2 . The authentication system of claim 1 , further comprising executable instructions for the processor to: generate a true verification code, the true verification code configured to inform the system configured to communicate with the authentication system for authentication that a provider of the true verification code is an authentic user of the system; and send a message including the true verification code to the authorized user, the message including an indication that the true verification code is true.
  3. 3 . The authentication system of claim 1 , wherein the false verification code and the true verification code are distinct codes generated with a random code generator.
  4. 4 . The authentication system of claim 1 , further comprising a random code generator to generate the false verification code.
  5. 5 . The authentication system of claim 1 , wherein the authentication system includes executable instructions to check if the false verification code has been provided to the authentication system.
  6. 6 . The authentication system of claim 1 , wherein the authentication system determines from receipt of the false verification code that an attempt to gain unauthorized access to a system is in progress and starts an alert procedure.
  7. 7 . The authentication system of claim 6 , wherein the alert procedure includes informing authorities.
  8. 8 . A system comprising: at least one memory; and at least one processor coupled with the at least one memory; and executable instructions for the processor to: receive a request for a verification code from a user; generate a false verification code based on the request for a verification code, the false verification code configured to inform the system that a provider of the false verification code may not be an authentic user of the system; send a message including the false verification code to the user, the message including an indication discernable by the user whether the verification code is false; and detect the false verification code based on receipt of the false verification code.
  9. 9 . The authentication system of claim 8 , further comprising executable instructions for the processor to generate and send a true verification code to the user.
  10. 10 . The authentication system of claim 8 , further comprising executable instructions for the processor to generate and send a true verification code and a false verification code to the user based on a user request.
  11. 11 . The authentication system of claim 8 , further comprising a random code generator to generate a verification code.
  12. 12 . The authentication system of claim 8 , wherein the authentication system includes executable instructions to check if the false verification code has been provided to the authentication system.
  13. 13 . The authentication system of claim 8 , wherein the authentication system determines from receipt of the false verification code that an attempt to gain unauthorized access to a system is in progress and starts an alert procedure.
  14. 14 . The authentication system of claim 13 , wherein the alert procedure includes informing authorities.
  15. 15 . A method for determining an unauthorized user of a system, comprising: providing an authentication system, the authentication system comprising: at least one memory; and at least one processor coupled with the at least one memory; and executable instructions for the processor to: generate a true verification code and a false verification code; and send a message including the true verification code and the false verification code to a user; and detecting receipt of the false verification code.
  16. 16 . The method for determining an unauthorized user of a system of claim 15 , including the step of sending, by the authorized user, the false verification code to another user.
  17. 17 . The method for determining an unauthorized user of a system of claim 15 , including the step of sending, by an unauthorized user, the false verification code.
  18. 18 . The method for determining an unauthorized user of a system of claim 15 , including the step of alerting authorities of receipt of a false verification.
  19. 19 . The method for determining an unauthorized user of a system of claim 15 , including the step of determining the IP address of a user using a false verification code.
  20. 20 . The method for determining an unauthorized user of a system of claim 15 , including the step of blocking access of a user using a false verification code.

Description

RIGHTS OF THE GOVERNMENT The invention described herein may be manufactured and used by or for the Government of the United States for all governmental purposes without the payment of any royalty. TECHNICAL FIELD The disclosure generally relates to the field of information systems, cyber security, and banking systems, more particularly, relates to systems using verification codes or personal identification number for authorized access. BACKGROUND System login verification codes add additional security when accessing systems, such as an information system or computer system. In general, a system that uses verification codes to authenticate users will send a verification code via an authentication application, a text message service to a phone number, or to an e-mail. An authentication system may also use a regular voice call to provide a verification code. Unauthorized users of systems often try to gain access to computer systems, applications (apps) and other secure electronic systems. Unauthorized users who gain access to computer systems can perform various actions, such as, but not limited to, locking out authorized users and demanding ransom, gathering any information available on the information system, or committing identity and data theft. Such unauthorized access causes business disruptions, as well as cost. IBM's most recent annual Cost of a Data Breach Report revealed the global average cost of a data breach reached $4.88 million in 2024, as breaches grow more disruptive and further expand demands on cyber teams. There is a continuing need for methods and systems for ensuring only authorized users access computer systems. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings illustrate only some aspects of the disclosure and are not to be considered limiting of the disclosure scope. FIG. 1 is a diagram illustrating an example operation of an authentication system. FIG. 2 is a diagram illustrating an example operation of an authentication system. FIG. 3 is a diagram illustrating an example of networked computer systems. FIG. 4 is a diagram illustrating examples of a message sent from an authentication system to an authorized user. FIG. 5 is an example flow chart of an embodiment of the disclosure. The embodiments set forth in the drawings are illustrative in nature and not intended to be limiting. Moreover, individual features of the drawings and the disclosure will be more fully apparent and understood in view of the detailed description. DETAILED DESCRIPTION Various non-limiting embodiments of the present disclosure will now be described to provide an overall understanding of the principles of the structure, function, and use of the apparatuses, systems, methods, and processes disclosed herein. One or more examples of these non-limiting embodiments are illustrated in the accompanying drawings. Those of ordinary skill in the art will understand that systems and methods specifically described herein and illustrated in the accompanying drawings are non-limiting embodiments. The features illustrated or described in connection with one non-limiting embodiment may be combined with the features of other non-limiting embodiments. Such modifications and variations are intended to be included within the scope of the present disclosure. Reference throughout the specification to “various embodiments,” “some embodiments,” “one embodiment,” “some example embodiments,” “one example embodiment,” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with any embodiment is included in at least one embodiment. Thus, appearances of the phrases “in various embodiments,” “in some embodiments,” “in one embodiment,” “some example embodiments,” “one example embodiment, or “in an embodiment” in places throughout the specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures or characteristics may be combined in any suitable manner in one or more embodiments. The examples discussed herein are examples only and are provided to assist in the explanation of the apparatuses, devices, systems, and methods described herein. None of the features or components shown in the drawings or discussed below should be taken as mandatory for any specific implementation of any of these the apparatuses, devices, systems, or methods unless specifically designated as mandatory. For ease of reading and clarity, certain components, modules, or methods may be described solely in connection with a specific FIG. Any failure to specifically describe a combination or sub-combination of components should not be understood as an indication that any combination or sub-combination is not possible. Also, for any methods described, regardless of whether the method is described in conjunction with a flow diagram, it should be understood that unless otherwise specified or required by context, any explicit or implicit ordering of steps perfor