IDENTIFYING UNAUTHORIZED ACCESS TO A NETWORK RESOURCE

Abstract

An online service gathers information about a user's access to an online account and makes that information available to the account owner and/or other authorized user. When an online account is accessed, the online service logs a time stamp, a network address from which the account was accessed, a port number, a user ID, routing data, and/or other access data. The online service may use the access information to obtain address ownership name, geographic location, and/or other ownership information associated with the account access. The accessing client also stores access data. The client, account owner, and/or another decision maker evaluates all, or portions of information to detect unauthorized access to the account. The decision maker may dynamically evaluate and display the access data or later compare log files of the online service and the account owner's local log file.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

Non-limiting and non-exhaustive embodiments of the present invention are described with reference to the following drawings. In the drawings, like reference numerals refer to like parts throughout the various figures unless otherwise specified.

For a better understanding of the present invention, reference will be made to the following Detailed Description of the Invention, which is to be read in association with the accompanying drawings, wherein:

FIG. 1 shows a functional block diagram illustrating one embodiment of an environment for practicing the invention;

FIG. 2 shows one embodiment of a client and/or server device that may be included in a system implementing the invention;

FIG. 3 illustrates an architecture and communication sequence for one embodiment of the present invention;

FIG. 4 illustrates a screen shot for one embodiment of the present invention;

FIG. 5 is a flow diagram illustrating example logic according to another embodiment of the present invention; and

FIG. 6 illustrates a screen shot for another embodiment of the present invention.

Claims

1. A method for identifying an unauthorized access, comprising: accessing received access information comprising a received timestamp, a received network internet protocol (IP) address, and a received TCP/UDP port identifier of an unverified accessing client that accessed a network resource using authorization information of an authorized user;accessing trusted access information comprising a trusted timestamp, a trusted network IP address, and a trusted TCP/UDP port identifier of a trusted accessing client that accesses the network resource by an authorized user;comparing the received access information to the trusted access information;identifying an unauthorized access if the received access information does not match the trusted access information.

2. The method of claim 1, wherein the trusted access information is accessed from one of the following: an authorized user; anda trusted storage that stores a copy of the received access information, wherein the copy is provided by the network resource to the trusted storage prior to comparing.

3. The method of claim 2, wherein the trusted storage comprises one of the following: a removable storage controlled by an authorized user and removably coupled to a trusted client in communication with the network resource to receive the copy of the received access information; anda trusted network node in communication with the network resource, wherein the trusted network node is accessible by an authorized user with additional authorization information.

4. The method of claim 1, further comprising: determining ownership information based on the received network IP address and on the received TCP/UDP port identifier, wherein the ownership information identifies an owner of the received network IP address; andproviding the ownership information to the unverified accessing client for at least one of the following; displaying to a user of the unverified accessing client and storing in a local storage coupled to the unverified accessing client.

5. The method of claim 4, wherein the ownership information comprises at least one of the following; an owner name and an owner location.

6. The method of claim 1, further comprising providing a warning that the unauthorized access is identified.

7. The method of claim 1, wherein the authorization information comprises at least one of the following; a password, a digital signature, and encrypted data.

8. The method of claim 1, wherein the network resource comprises one of the following; an online email account, an online financial account; a website, and a general computer user account.

9. The method of claim 1, wherein the received access information is detected based at least in part on intermediary access information of an intermediary network node coupled between the unverified accessing client and the network resource.

10. The method of claim 1, wherein the unverified accessing client is the trusted accessing client.

11. A computer readable medium, comprising executable instructions for causing a computing device to perform the actions of claim 1.

12. A system for identifying an unauthorized access, comprising: a communication interface in communication with a network;a memory for storing instructions; anda processor in communication with the communication interface and with the memory, wherein the processor performs actions based at least in part on the stored instructions, including:accessing received access information comprising a received timestamp, a received network internet protocol (IP) address, and a received TCP/UDP port identifier of an unverified accessing client that accessed a network resource using authorization information of an authorized user;accessing trusted access information comprising a trusted timestamp, a trusted network IP address, and a trusted TCP/UDP port identifier of a trusted accessing client that accesses the network resource by an authorized user;comparing the received access information to the trusted access information;identifying an unauthorized access if the received access information does not match the trusted access information.

13. The system of claim 12, wherein the trusted access information is accessed from one of the following: an authorized user; anda trusted storage in communication with the processor, wherein the trusted storage stores a copy of the received access information, and wherein the copy is provided by the network resource to the trusted storage prior to comparing.

14. The system of claim 13, wherein the trusted storage comprises one of the following: a removable storage controlled by an authorized user and removably coupled to a trusted client in communication with the network resource to receive the copy of the received access information; anda trusted network node in communication with the network resource, wherein the trusted network node is accessible by an authorized user with additional authorization information.

15. The system of claim 12, wherein the instructions further cause the processor to perform the operations of: determining ownership information based on the received network IP address and on the received TCP/UDP port identifier, wherein the ownership information identifies an owner of the received network IP address; andproviding the ownership information to the unverified accessing client for at least one of the following; displaying to a user of the unverified accessing client and storing in a local storage coupled to the unverified accessing client.

16. The system of claim 15, wherein the ownership information comprises at least one of the following; an owner name and an owner location.

17. The system of claim 12, wherein the instructions further cause the processor to perform the action of providing a warning that the unauthorized access is identified.

18. The system of claim 12, wherein the authorization information comprises at least one of the following; a password, a digital signature, and encrypted data.

19. The system of claim 12, wherein the network resource comprises one of the following; an online email account, an online financial account; a website, and a general computer user account.

20. The system of claim 12, wherein the received access information is detected based at least in part on intermediary access information of an intermediary network node coupled between the unverified accessing client and the network resource.