Updating stored passwords
First Claim
1. A client device comprising:
- an input/output device;
a processor communicatively coupled to the input/output device;
a memory storing executable instructions that, when executed by the processor,instantiate an authentication client module and a re-authentication client module, the authentication client module configured to;
generate a plain-text password;
generate a first hash value based on the plain-text password, the first hash value generated according to a first hash generating scheme, the first hash generating scheme defining a first hash function that generates a first hash value based on an input value;
request, via the input/output device, access to a network comprising a network access device according to an authentication protocol;
send, via the input/output device, the first hash value to the network access device;
modify the first hash generating scheme to produce a second hash generating scheme, the second hash generating scheme defining a second hash function different than the first hash function that generates a second hash value based on the input value; and
generate a second hash value based on the plain-text password according to the second hash generating scheme; and
the re-authentication client module configured to;
in response to a policy server operating on the network receiving both the first hash value and the second hash value from the client device and failing to authenticate both the first hash value and the second hash value, establish, via the input/output device, a secure HTTP connection between the client device and the policy server; and
transmit, via the input/output device, the plain-text password from the client device to the policy server over the secure HTTP connection.
10 Assignments
0 Petitions
Accused Products
Abstract
A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.
82 Citations
21 Claims
-
1. A client device comprising:
-
an input/output device; a processor communicatively coupled to the input/output device; a memory storing executable instructions that, when executed by the processor, instantiate an authentication client module and a re-authentication client module, the authentication client module configured to; generate a plain-text password; generate a first hash value based on the plain-text password, the first hash value generated according to a first hash generating scheme, the first hash generating scheme defining a first hash function that generates a first hash value based on an input value; request, via the input/output device, access to a network comprising a network access device according to an authentication protocol; send, via the input/output device, the first hash value to the network access device; modify the first hash generating scheme to produce a second hash generating scheme, the second hash generating scheme defining a second hash function different than the first hash function that generates a second hash value based on the input value; and generate a second hash value based on the plain-text password according to the second hash generating scheme; and the re-authentication client module configured to; in response to a policy server operating on the network receiving both the first hash value and the second hash value from the client device and failing to authenticate both the first hash value and the second hash value, establish, via the input/output device, a secure HTTP connection between the client device and the policy server; and transmit, via the input/output device, the plain-text password from the client device to the policy server over the secure HTTP connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 21)
-
-
14. A method comprising:
-
generating, by an authentication client module of a client device comprising at least one hardware processor, a plain-text password; generating, by the authentication client module, a first hash value based on the plain-text password according to a first hash generating scheme, the first hash generating scheme defining a first hash function that generates a first hash value based on an input value; requesting, via an input/output device of the client device, access to a network comprising a network access device according to an authentication protocol; sending, via the input/output device, the first hash value to the network access device; modifying, by the authentication client module, the first hash generating scheme to produce a second hash generating scheme, the second hash generating scheme defining a second hash function different than the first hash function that generates a second hash value based on the input value; generating, by the authentication client module, a second hash value based on the plain-text password according to the second hash generating scheme; establishing, by a policy server communicatively coupled to the client device via a network, a secure HTTP connection between a re-authentication module of the client device and the policy server in response to the policy server receiving both the first hash value and the second hash value and failing to authenticate both the first hash value and the second hash value from the client device; and transmitting, by the re-authentication client module via the input/output device, the plain-text password from the client device to the policy server over the secure HTTP connection. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification