Automated process of managing and controlling identities on a remote computer machine

US 10,162,961 B1
Filed: 07/30/2018
Issued: 12/25/2018
Est. Priority Date: 08/01/2017
Status: Active Grant

First Claim

Patent Images

1. A method for managing an authentication credential of an identity of a machine of a computer system via a remote network connection with the machine, the method comprising:

accessing in the computer system, at least one credential parameter for an authentication process for the identity of the machine, the at least one credential parameter being included in an authentication file associated with the computer system;

determining a password complexity rule for the identity based at least on the at least one accessed credential parameter, thereby enabling automatic generation of a password consistent with the determined password complexity rule for a user associated with the identity of the machine;

determining a credential management protocol, based on interaction with the machine via the remote network connection; and

performing a security control operation for the identity based at least on the credential management protocol, the security control operation including at least one of;

enabling updating a password associated with the identity at the machine based on the automatically generated password;

enforcing a password change operation for the identity at the machine;

determining whether the password associated with the identity complies with a security policy;

ordetermining whether the determined password complexity rule complies with the security policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed embodiments include systems and methods for managing an authentication credential of an account of a machine of a computer system via a remote connection with the machine. A method includes accessing in the computer system, at least one credential parameter for an authentication process for the account of the machine, the at least one credential parameter being included in an authentication file associated with the computer system. The method also includes determining a password complexity rule for the account based at least on the at least one accessed credential parameter, thereby enabling automatic generation of a password consistent with the determined password complexity rule for a user associated with the account of the machine, and determining a credential management protocol, based on interaction with the machine via the remote network connection, thereby enabling updating a password for the account at the machine based on the automatically generated password.

23 Citations

23 Claims

1. A method for managing an authentication credential of an identity of a machine of a computer system via a remote network connection with the machine, the method comprising:
- accessing in the computer system, at least one credential parameter for an authentication process for the identity of the machine, the at least one credential parameter being included in an authentication file associated with the computer system;
  
  determining a password complexity rule for the identity based at least on the at least one accessed credential parameter, thereby enabling automatic generation of a password consistent with the determined password complexity rule for a user associated with the identity of the machine;
  
  determining a credential management protocol, based on interaction with the machine via the remote network connection; and
  
  performing a security control operation for the identity based at least on the credential management protocol, the security control operation including at least one of;
  
  enabling updating a password associated with the identity at the machine based on the automatically generated password;
  
  enforcing a password change operation for the identity at the machine;
  
  determining whether the password associated with the identity complies with a security policy;
  
  ordetermining whether the determined password complexity rule complies with the security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - generating a password consistent with the determined password complexity rule for the user associated with the identity of the machine, the generated password being configured to enable the user to access at least one access-controlled resource associated with the machine;
      
      establishing a remote network connection with the machine; and
      
      interacting with the machine, via the remote network connection, thereby updating a previous password of the identity of the machine with the generated password based on the determined credential management protocol.
  - 3. The method of claim 1, wherein the at least one credential parameter is included in the authentication file, the method further comprising querying from the machine, via the remote network connection, the at least one credential parameter.
  - 4. The method of claim 2, further comprising storing the generated password on the machine and modifying the authentication file to replace the previous password with the generated password.
  - 5. The method of claim 3, further comprising:
    - determining whether the password complexity rule is consistent with a predetermined password complexity policy; and
      
      when the password complexity rule is not consistent with the predetermined password complexity policy, modifying, via the remote network connection, at least one accessed credential parameter included in the authentication file, thereby modifying the password complexity rule.
  - 6. The method of claim 1, wherein establishing the remote network connection includes accessing the machine using a root identity.
  - 7. The method of claim 1, wherein the password complexity rule identifies at least one minimum requirement of the password associated with the identity, including a requirement for a minimum number of characters, digits, uppercase characters, lowercase characters, or valid special characters.
  - 8. The method of claim 1, further comprising determining a plurality of identity types of the machine, each identity type having different privileges in the computer system.
  - 9. The method of claim 8, further comprising determining a password complexity rule for each of the plurality of identity types of the machine.
  - 10. The method of claim 9, further comprising modifying a password complexity rule for at least one of the plurality of identity types based on the privileges associated with the at least one of the plurality of identity types.
  - 11. The method of claim 1, wherein the user is a human or an automated application.
  - 12. The method of claim 1, wherein the identity is an account associated with the machine.

13. A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for managing an authentication credential of an identity of a machine of a computer system via a remote network connection with the machine, the operations comprising:
- accessing in the computer system, at least one credential parameter for an authentication process for the identity of the machine, the at least one credential parameter being included in an authentication file associated with the computer system;
  
  determining a password complexity rule for the identity based at least on the at least one accessed credential parameter, thereby enabling automatic generation of a password consistent with the determined password complexity rule for a user associated with the identity of the machine;
  
  determining a credential management protocol, based on interaction with the machine via the remote network connection; and
  
  performing a security control operation for the identity based at least on the credential management protocol, the security control operation including at least one of;
  
  enabling updating a password associated with the identity at the machine based on the automatically generated password;
  
  enforcing a password change operation for the identity at the machine;
  
  determining whether the password associated with the identity complies with a security policy;
  
  ordetermining whether the determined password complexity rule complies with the security policy.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The non-transitory computer readable medium of claim 13, wherein the operations further comprise:
    - generating a password consistent with the determined password complexity rule for the user associated with the identity of the machine, the generated password being configured to enable the user to access at least one access-controlled resource associated with the machine;
      
      establishing a remote network connection with the machine; and
      
      interacting with the machine, via the remote network connection, thereby updating a previous password of the identity of the machine with the generated password based on the determined credential management protocol.
  - 15. The non-transitory computer readable medium of claim 13, wherein the at least one credential parameter is included in the authentication file, and the operations further comprise querying from the machine, via the remote network connection, the at least one credential parameter.
  - 16. The non-transitory computer readable medium of claim 14, wherein the operations further comprise storing the generated password on the machine and modifying the authentication file to replace the previous password with the generated password.
  - 17. The non-transitory computer readable medium of claim 15, wherein the operations further comprise:
    - determining whether the password complexity rule is consistent with a predetermined password complexity policy; and
      
      when the password complexity rule is not consistent with the predetermined password complexity policy, modifying, via the remote network connection, at least one accessed credential parameter included in the authentication file, thereby modifying the password complexity rule.
  - 18. The non-transitory computer readable medium of claim 13, wherein establishing the remote network connection includes accessing the machine using a root identity.
  - 19. The non-transitory computer readable medium of claim 13, wherein the password complexity rule identifies at least one minimum requirement of the password associated with the identity, including a requirement for a minimum number of characters, digits, uppercase characters, lowercase characters, or valid special characters.
  - 20. The non-transitory computer readable medium of claim 13, wherein the operations further comprise determining a plurality of identity types of the machine, each identity type having different privileges in the computer system.
  - 21. The non-transitory computer readable medium of claim 20, wherein the operations further comprise determining a password complexity rule for each of the plurality of identity types of the machine.
  - 22. The non-transitory computer readable medium of claim 21, wherein the operations further comprise modifying a password complexity rule for at least one of the plurality of identity types based on the privileges associated with the at least one of the plurality of identity types.
  - 23. The non-transitory computer readable medium of claim 13, wherein the user is a human or an automated application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CyberArk Software Ltd.
Original Assignee
CyberArk Software Ltd.
Inventors
Shitrit, Koby, Bazadka, Tal, Ben Tov, Eyal
Primary Examiner(s)
Mehedi, Morshed

Application Number

US16/049,020
Time in Patent Office

148 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/45   Structures or tools for the...

G06F 21/46   by designing passwords or c...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

Automated process of managing and controlling identities on a remote computer machine

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Automated process of managing and controlling identities on a remote computer machine

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links