×

Automatic key management using enterprise user identity management

  • US 10,348,727 B2
  • Filed: 02/13/2015
  • Issued: 07/09/2019
  • Est. Priority Date: 02/13/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method implemented by at least one data processor, comprising:

  • receiving from a user device an identification that uniquely identifies in an enterprise the user device by which a user accesses at least one server of the enterprise, an enterprise password of the user associated with the user device, and a list of the enterprise'"'"'s servers that are to be accessible by the user via the user device and a server access function;

    forming a key pair for the user, the key pair comprising a public key and a private key that is unique to the user and that is encrypted using a passphrase comprised of the received enterprise password of the user verified by the enterprise'"'"'s directory and the identification that uniquely identifies in the enterprise the user device by which the user accesses the enterprise'"'"'s servers, where the encrypted private key is comprised of the passphrase;

    storing the encrypted private key in the user device and storing the public key in each of the enterprise'"'"'s servers that are identified in the received list of the enterprise'"'"'s servers;

    subsequently, when the user accesses the at least one enterprise server appearing in the list of the enterprise'"'"'s servers, providing the encrypted private key, that was stored in the user device, from the user device to the server access function in conjunction with the password and the identification that uniquely identifies in the enterprise the user device by which the user accesses the enterprise;

    decrypting at the server access function the encrypted private key using the provided password and the identification that uniquely identifies in the enterprise the user device to obtain from the decrypted private key the password and the identification that uniquely identifies in the enterprise the user device;

    comparing the provided password and the identification that uniquely identifies in the enterprise the user device with the password and the identification that uniquely identifies in the enterprise the user device that are obtained from the decrypted private key; and

    granting the user access to the at least one enterprise server via the user device and the server access function only if the provided password and the identification that uniquely identifies in the enterprise the user device matches with the password and the identification that uniquely identifies in the enterprise the user device that are obtained from the decrypted private key.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×