An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Approach to Detecting Fraudulent Login Attempts Enhances Security

  • Published
  • By DAFT3

A newly patented invention could help the Department of the Air Force (DAF) detect fraudulent attempts to log in to secure computing systems and respond accordingly.

Dr. Janek Mroczek, a senior electronics engineer in the Air Force Research Laboratory (AFRL) Information and Spectrum Warfare Directorate (RF), recently secured a patent from the U.S. Patent and Trademark Office for a system and a method for detecting attempts to gain unauthorized access to a system or a service.

According to Dr. Mroczek, the idea for the innovation came to him a few years ago while he was engaged in online commerce. Someone he was communicating with about a potential deal asked Dr. Mroczek to provide a verification code that would come via text message. This person claimed that they needed to verify that Dr. Mroczek was not a robot or a scammer. However, Dr. Mroczek recognized that this was itself a scam, as someone was trying to set up an account using Dr. Mroczek’s credentials and needed Dr. Mroczek to provide the verification code to complete the process. Dr. Mroczek cut off communication with his correspondent, although there was little to be done beyond that.

This incident gave Dr. Mroczek a simple but revolutionary idea: What if there was a way to generate fake authentication codes that would alert stakeholders to fraudulent login attempts? Currently, if an inaccurate authentication code is entered into an online platform, the system will simply reject access. Platform owners have no way of knowing whether entry of an incorrect code is merely the result of a simple mistake by an authorized user or a deliberate attempt to gain unauthorized access. Dr. Mroczek realized, however, that special codes could alert online platforms that a login attempt is maliciously fraudulent. If an online platform receives such a code, the platform owner could pursue any number of actions, such as running additional checks, contacting law enforcement, or sending scammers to a fake portal that will collect their information.

The Department of War (DoW) operates secure online platforms that are subjected to constant attempts to gain unauthorized access. Because DoW has a profound interest in maintaining online security, Dr. Mroczek was able to pursue the idea in his professional capacity. The system and method he devised is easily implementable within existing software systems. It allows DoW to detect unauthorized login attempts and potentially to trace their points of origin, providing the department with valuable information about the activities of unfriendly actors. The innovation would therefore be useful in helping DoW to distinguish between simple mistakes and malign activities, which is valuable information to have.

Because of the nature of the invention, it has great potential for licensing to commercial entities. Small businesses and large companies could use it to keep their online customers safe. Furthermore, it also has applications related to physical “real world” situations. If someone was forced to access an Automated Teller Machine (ATM) or a secure area under duress, for example, entering an alternative code would alert security personnel, who could respond to danger. Dr. Mroczek’s invention is therefore easy to implement and has broad applications across many different use cases.

Dr. Mroczek’s patent application was facilitated by his local Office of Research and Technology Applications (ORTA). DAF ORTAs conduct outreach related to technology transfer and facilitate the development of formal technology transfer agreements, including patent licensing agreements, to ensure the protection of DAF’s intellectual property interests. The DAF Technology Transfer and Transition (T3) Program Office provides DAF ORTAs with training and guidance, and it also performs ORTA services for DAF laboratories lacking their own ORTA.

United States Patent and Trademark Office Patent #12,627,648

About AFRL

The Air Force Research Laboratory, or AFRL, is the primary scientific research and development center for the Department of the Air Force. AFRL plays an integral role in leading the discovery, development, and integration of affordable warfighting technologies for our air, space, and cyberspace forces. With a workforce spanning the globe, AFRL provides a diverse portfolio of science and technology ranging from fundamental to advanced research and technology development. For more information, visit www.afresearchlab.com.