| 摘要 |
A method and system for detecting unauthorized account access. The system may operate in conjunction with known methods of remote access authentication. The system provides a unique account for each authorized person (i.e., each user) and a system sequence number and a user sequence number for each account. For each access to the account, the system updates the system sequence number corresponding to that account to the next number in a preselected sequence, and the user updates the user sequence number in like manner. The preselected sequence comprises a sequence of pseudorandom numbers and the update comprises selecting the next pseudorandom number using a pseudorandom number generator, but the sequence number may be updated using other techniques, so long as the system and the user are both capable of performing the same updates. The system and the user perform a handshake process, to assure that the system updates the system sequence number, and the user updates the user sequence number, in synchrony. Normally, the system sequence number and the user sequence number will be the same, but when there is an authorized access by third party the system will update the system sequence number and the user will not update the user sequence number, causing the two sequence numbers to be unequal. When the two sequence numbers are unequal, when the user next accesses the account, the user is made aware that an unauthorized access has occurred.
|
