US Patent No. 11140142 - Prepared by Attorney David Tran for Salesforce and filed by Dergosits & Noah LLP
Brief description: The login flow may start with operation 305 where a user (e.g., user 103) initiates a request to log in to the server computing system (e.g., server computing system 255. In operation 310, the server computing system 255 may then request the user 103 to provide user ID and password information. In operation 315, the user ID and password information is transmitted from the user to the server computing system. When there is a MITM attack, the user ID and password information may be intercepted along path 318. In operation 320, the server computing system verifies the user ID and password information. When a second level verification is required, the server computing system may send a second level question to the user (via user computing system) in operation 325 based on successful verification of the user ID and password information. In operation 330, the user may send a response to the second level question to the server computing system. When there is a MITM attack, the response to the second level question may be intercepted along path 335. In operation 340, the server computing system may enable a login session with the user based on successful second level question verification after the user ID, password and response to the second level question already intercepted by the MITM attack. In operation 415, the user ID is transmitted from the user to the server computing system. When there is a MITM attack, it may be possible that the user ID may be intercepted along path 418 but no user password is compromised. In operation 420, the server computing system verifies the user ID. When a second level verification is required, the server computing system may send a second level question to the user (via user computing system) in operation 425 based on successful verification of the user ID. The second level question may be encrypted based on a stored user's password. Since the second level question is encrypted, it is not exposed to the MITM attack.