US 12,132,760 B2
Credential input detection and threat analysis
Paresh Maisuria, Issaquah, WA (US); Ali Alabbas, Sammamish, WA (US); Abhishek Sagar, Wake Forest, NC (US); Mara Beth Fortini, Sammamish, WA (US); Rupo Zhang, Redmond, WA (US); Christian Stockwell, Seattle, WA (US); Michael David McCormack, Redmond, WA (US); Jason Joseph Weber, Bainbridge Island, WA (US); Charles J. Strempler, Seattle, WA (US); Sinclaire R. Hamilton, Sammamish, WA (US); Brian Keith Catlin, Princeville, HI (US); Richard Joseph Murillo, Issaquah, WA (US); Robert G. Lefferts, Redmond, WA (US); Eric P. Douglas, Kirkland, WA (US); and Christian Seifert, Seattle, WA (US)
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed by MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed on Mar. 3, 2022, as Appl. No. 17/685,697.
Claims priority of provisional application 63/245,598, filed on Sep. 17, 2021.
Prior Publication US 2023/0283633 A1, Sep. 7, 2023
Int. Cl. G06F 21/00 (2013.01); H04L 9/40 (2022.01)
CPC H04L 63/1483 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1466 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. One or more computer storage media comprising computer-executable instructions that when executed by a computing device cause an operating system component of the computing device to perform a method of detecting and analyzing a credential input, the method comprising:
receiving an input at the computing device, the input addressed to an application;
determining that the input corresponds to a credential;
determining a present network context for the application from data provided by an operating system network sensor;
detecting a mismatch between an active URL in the present network context and one or more URLs that are part of an expected network context for the application during credential entry;
identifying a threat in response to the mismatch; and
in response to the identifying, initiating a security mitigation.