公开(公告)号：US10911438B2

公开(公告)日：2021-02-02

申请号：US16025918

申请日：2018-07-02

Applicant: Shape Security, Inc.

Inventor： Zhipu Jin ,  Gautam Agrawal ,  Daniel G. Moen ,  Weiguo Liang ,  Xingang Wang

IPC: H04L29/06 ,  H04L9/06 ,  G06F16/951 ,  H04L9/08 ,  H04L9/32

Abstract: Techniques are provided for secure detection and management of compromised credentials. A first candidate credential is received, comprising a first username and a first password, wherein the first candidate credential was sent in a first request from a first client computer to log in to a first server computer. A first salt associated with the first username in a salt database is obtained. A first hashed credential is generated based on the first password and the first salt. The first hashed credential is transmitted to a set model server computer, wherein the set model server computer is configured to maintain a set model that represents a set of spilled credentials, determine whether the first hashed credential is represented in the set model, and in response to determining that the first hashed credential is represented in the set model, performing additional processing on the first hashed credential.

公开(公告)号：US20190007387A1

公开(公告)日：2019-01-03

申请号：US16025918

申请日：2018-07-02

Applicant: Shape Security, Inc.

Inventor： Zhipu Jin ,  Gautam Agrawal ,  Daniel G. Moen ,  Weiguo Liang ,  Xingang Wang

IPC: H04L29/06 ,  G06F17/30

Abstract: Techniques are provided for secure detection and management of compromised credentials. A first candidate credential is received, comprising a first username and a first password, wherein the first candidate credential was sent in a first request from a first client computer to log in to a first server computer. A first salt associated with the first username in a salt database is obtained. A first hashed credential is generated based on the first password and the first salt. The first hashed credential is transmitted to a set model server computer, wherein the set model server computer is configured to maintain a set model that represents a set of spilled credentials, determine whether the first hashed credential is represented in the set model, and in response to determining that the first hashed credential is represented in the set model, performing additional processing on the first hashed credential.