Privileged shared account password sanitation

US 10,237,266 B2
Filed: 02/10/2016
Issued: 03/19/2019
Est. Priority Date: 03/03/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for sanitizing passwords, comprising:

providing, by a computer, a password of a shared account to a user;

identifying, by the computer, a first machine logged into using the password;

determining, by the computer, when the first machine enters an inconsistent state, including by determining that a predetermined time period has elapsed since a first memory area associated with the first machine was modified by replacing each occurrence of the password with a first predetermined recognizable marker;

in response to determining the first machine enters the inconsistent state, identifying, in the first memory area associated with the first machine, one or more occurrences of the password; and

modifying, by the computer, the first memory area associated with the first machine by replacing each occurrence of the password with the first predetermined recognizable marker in order to eliminate occurrences of the password in the first memory area.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Sanitizing passwords used in a shared, privileged account includes providing a password of a shared account to a user; identifying a first machine logged into using the password; determining when the first machine enters an inconsistent state; and modifying a memory area associated with the first machine to eliminate occurrences of the password in the memory area.

Citations

19 Claims

1. A computer-implemented method for sanitizing passwords, comprising:
- providing, by a computer, a password of a shared account to a user;
  
  identifying, by the computer, a first machine logged into using the password;
  
  determining, by the computer, when the first machine enters an inconsistent state, including by determining that a predetermined time period has elapsed since a first memory area associated with the first machine was modified by replacing each occurrence of the password with a first predetermined recognizable marker;
  
  in response to determining the first machine enters the inconsistent state, identifying, in the first memory area associated with the first machine, one or more occurrences of the password; and
  
  modifying, by the computer, the first memory area associated with the first machine by replacing each occurrence of the password with the first predetermined recognizable marker in order to eliminate occurrences of the password in the first memory area.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - receiving, by the computer, a request from the user for the password.
  - 3. The method of claim 2, further comprising:
    - determining, by the computer, that the request originated from a second machine different than the first machine.
  - 4. The method of claim 3, further comprising:
    - determining, by the computer, when the second machine enters an inconsistent state;
      
      identifying, in a second memory area associated with the second machine, one or more occurrences of the password; and
      
      modifying, by the computer, the second memory area associated with the second machine by replacing each occurrence of the password with a second predetermined recognizable marker in order to eliminate occurrences of the password in the second memory area.
  - 5. The method of claim 1, wherein the first machine is one of a virtual machine and a physical machine.
  - 6. The method of claim 1, wherein the first machine is a virtual machine and the inconsistent state is a virtual machine snapshot of the first machine.
  - 7. The method of claim 1, wherein the inconsistent state is an operating system crash.
  - 8. The method of claim 1, wherein the inconsistent state is an application crash.
  - 9. The method of claim 1, further comprising:
    - identifying in the first memory area one or more occurrences of the first predetermined recognizable marker; and
      
      modifying, by the computer, the first memory area associated with the first machine to replace occurrences of the first predetermined recognizable marker with the password.

10. A system for sanitizing passwords, comprising:
- a computer processor; and
  
  a memory in communication with the computer processor storing instructions that when executed by the computer processor;
  
  provide a password of a shared account to a user;
  
  identify a first machine logged into using the password;
  
  determine when the first machine enters an inconsistent state, including by determining that a predetermined time period has elapsed since a first memory area associated with the first machine was modified by replacing each occurrence of the password with a first predetermined recognizable marker;
  
  in response to the first machine entering the inconsistent state, identify, in the first memory area associated with the first machine, one or more occurrences of the password; and
  
  modify the first memory area associated with the first machine by replacing each occurrence of the password with the first predetermined recognizable marker in order to eliminate occurrences of the password in the first memory area.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein:
    - the memory in communication with the computer processor stores further instructions that, when executed by the computer processor, receive a request from the user for the password.
  - 12. The system of claim 11, wherein the memory in communication with the computer processor stores further instructions that, when executed by the computer processor, determine that the request originated from a second machine different than the first machine.
  - 13. The system of claim 12, wherein the memory in communication with the computer processor stores further instructions that, when executed by the computer processor:
    - determine when the second machine enters an inconsistent state;
      
      identify, in a second memory area associated with the second machine, one or more occurrences of the password; and
      
      modify the second memory area associated with the second machine by replacing each occurrence of the password with a second predetermined marker in order to eliminate occurrences of the password in the second memory area associated with the second machine.
  - 14. The system of claim 10, wherein the first machine is one of a virtual machine and a physical machine.
  - 15. The system of claim 10, wherein the first machine is a virtual machine and the inconsistent state is a virtual machine snapshot of the first machine.
  - 16. The system of claim 10, wherein the inconsistent state is an operating system crash.
  - 17. The system of claim 10, wherein the inconsistent state is an application crash.
  - 18. The system of claim 10, wherein the memory in communication with the computer processor stores further instructions that, when executed by the computer processor:
    - identify in the first memory area one or more occurrences of the first predetermined recognizable marker; and
      
      modify the first memory area associated with the first machine to replace occurrences of the first predetermined recognizable marker with the password.

19. A computer program product for sanitizing passwords, comprising:
- a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;
  
  computer readable program code for providing a password of a shared account to a user;
  
  computer readable program code for identifying a first machine logged into using the password;
  
  computer readable program code for determining when the first machine enters an inconsistent state, including by determining that a predetermined time period has elapsed since a first memory area associated with the first machine was modified by replacing each occurrence of the password with a first predetermined recognizable marker;
  
  computer readable program code for in response to determining the first machine enters the inconsistent state, identifying;
  
  in the first memory area associated with the first machine, one or more occurrences of the password; and
  
  computer readable program code for modifying the first memory area associated with the first machine by replacing each occurrence of the password with a first predetermined recognizable marker in order to eliminate occurrences of the password in the first memory area.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Fadida, Itzhak, Balzam, Guy, Jerbi, Amir, Barak, Nir
Primary Examiner(s)
Kim, Jung W
Assistant Examiner(s)
Stoica, Adrian

Application Number

US15/040,137
Publication Number

US 20160191495A1
Time in Patent Office

1,133 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/53   by executing in a restricte...

G06F 21/62   Protecting access to data v...

G06F 21/78   to assure secure storage of...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

Privileged shared account password sanitation

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Privileged shared account password sanitation

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links