User authorization management system using a meta-password and method for same

US 20030005299A1
Filed: 06/29/2001
Published: 01/02/2003
Est. Priority Date: 06/29/2001
Status: Active Grant

First Claim

Patent Images

1. A method for management of user authentication information, comprising:

receiving a first meta-password from an associated user;

maintaining a repository including a list of network addresses and associated handles, each handle having an associated encoded password;

intercepting a user authentication response sent by the associated user;

identifying a network address to which the authentication response is directed;

generating a modified authentication response based upon the user authentication response and based upon contents of the repository corresponding to said network address; and

transmitting the modified authentication response to the identified network address via the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user authentication information management method receives a meta-password from a user. A repository (34) lists network addresses (36) and associated handles (38), each handle having an associated encoded password. An authentication response from the user is intercepted. A modified authentication response is generated by identifying a network address to which the response is directed (208), searching for the identified network address (210) in the repository (34), identifying a handle (212) corresponding to the address based on the searching (210), decoding the password associated with the handle using the meta-password as a decoding key (214), and substituting the decoded password for the meta-password in the authentication response (216). The method also generates pseudo-random passwords (124) consistent with password rules (128). The repository (34) can reside on a client device (14), a proxy server, a local area network, or a security server having an Internet protocol (IP) address. The repository (34) can also be disposed at a database service.

Citations

39 Claims

1. A method for management of user authentication information, comprising:
- receiving a first meta-password from an associated user;
  
  maintaining a repository including a list of network addresses and associated handles, each handle having an associated encoded password;
  
  intercepting a user authentication response sent by the associated user;
  
  identifying a network address to which the authentication response is directed;
  
  generating a modified authentication response based upon the user authentication response and based upon contents of the repository corresponding to said network address; and
  
  transmitting the modified authentication response to the identified network address via the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 2. The management method according to claim 1, wherein generating a modified authentication response further includes:
    - searching for the identified network address in the repository;
      
      identifying a handle corresponding to the network address based on the searching step;
      
      decoding the encoded password associated with the identified handle using the first meta-password as a decoding key; and
      
      generating the modified authentication response by substituting the decoded password for the first meta-password in the authentication response.
  - 3. The management method according to claim 2 further including:
    - receiving a second meta-password from the associated user together with a request for meta-password update;
      
      using said first meta-password as a key, decoding each of said passwords associated with said list of network addresses as decoded passwords;
      
      using said second meta-password as a key, encoding each of said decoded passwords as re-encoded passwords; and
      
      storing the re-encoded passwords in said registry.
  - 4. The management method according to claim 3 further including registering said second meta-password in an associated storage location.
  - 5. The management method according to claim 1, wherein generating a modified authentication response further includes:
    - receiving a handle selection from the associated user, said handle selection being selected from the handles contained in the repository;
      
      entering the identified network address into the repository;
      
      in the repository, associating the identified network address with the received handle selection;
      
      decoding the encoded password associated with the received handle using the first meta-password as a decoding key; and
      
      generating the modified authentication response by combining the decoded password with the authentication response.
  - 6. The management method according to claim 5, wherein receiving a handle selection from the associated user further includes:
    - displaying a handle selection dialog box including displaying the handles stored in the repository; and
      
      receiving a handle selection from the associated user via the selection dialog box.
  - 7. The management method according to claim 1, further including:
    - searching for the identified network address in the repository;
      
      recognizing, based upon the searching step, that the network address is not associated with a handle in the repository; and
      
      when the network address is not associated with the handle in the repository, displaying a handle selection dialog box.
  - 8. The management method according to claim 1, further including:
    - accessing a handle management dialog box;
      
      in the handle management dialog box, receiving a new handle from the associated user, said new handle not being included in the repository;
      
      establishing a collection of password rules;
      
      generating a password consistent with the established password rules;
      
      encoding the generated password using the first meta-password as an encoding key;
      
      storing the network address in the repository;
      
      in the repository, associating the network address with the new handle; and
      
      in the repository, associating the encoded password with the new handle.
  - 9. The management method according to claim 8, wherein generating a password includes generating a password using a pseudo-random number generator.
  - 10. The management method according to claim 9, wherein generating a password further includes:
    - obtaining a system time;
      
      mathematically combining the system time and the meta-password to obtain a seed value;
      
      applying the seed value to an operation of the pseudo-random number generator to generate a pseudo-random number sequence; and
      
      using the pseudo-random number sequence to generate a character sequence as said password.
  - 11. The management method according to claim 9, wherein generating a password using a pseudo-random number generator further includes:
    - obtaining a system time;
      
      applying the system time as a seed to an operation of the pseudo-random number generator to generate a pseudo-random number sequence; and
      
      , using the pseudo-random number sequence to generate a character sequence.
  - 12. The management method according to claim 8, wherein establishing a collection of password rules includes receiving a collection of password rules from the associated user.
  - 13. The management method according to claim 1, further including:
    - establishing a collection of password rules for a first handle in the repository;
      
      generating a password consistent with the collection of password rules;
      
      updating the user password to correspond with the generated password on a secure service provider with which the first handle is associated;
      
      encoding the generated password using the first meta-password as an encoding key; and
      
      associating, in the repository, the encoded password with the first handle.
  - 14. The management method according to claim 13, further including:
    - receiving an update period for the first handle from the associated user;
      
      associating the update period with the first handle; and
      
      repeating, coincident with a recurrence of the update period, the generating, the updating, the encoding, and the associating.
  - 15. The management method according to claim 1 wherein generating a modified authentication response further includes:
    - verifying that the authentication response includes the first meta-password; and
      
      conditional upon the verifying step not locating the first meta-password in the authentication response, generating a modified authentication response which includes substantially no changes relative to the authentication response.
  - 17. The system as set forth in claim 16, wherein the repository resides on one of:
    - an associated client device, an associated proxy server, an associated local area network, and an associated security server having an Internet protocol (IP) address.
  - 18. The system as set forth in claim 16, wherein the repository is disposed at an associated database service.
  - 19. The system as set forth in claim 16, further comprising:
    - a maintenance processor for enabling user maintenance of the address table.
  - 20. The system as set forth in claim 16, further comprising:
    - a password generator for generating a password based upon a pseudo-random quantity; and
      
      a password encoder for encoding a password using the meta-password as an encoding key.
  - 21. The system as set forth in claim 20, wherein the pseudo-random quantity is constructed from the first meta-password and a system clock value.
  - 22. The system as set forth in claim 16, wherein:
    - the repository includes a handle table for associating each handle with an encoded password.
  - 23. The system as set forth in claim 16, wherein the handle table includes a user ID associated with each handle.
  - 24. The system as set forth in claim 16, wherein the handle table includes a collection of password rules associated with each handle.
  - 26. The article of manufacture according to claim 25, wherein generating a modified authentication response further includes:
    - searching for the identified network address in the repository;
      
      identifying a handle corresponding to the network address based on the searching step;
      
      decoding the encoded password associated with the identified handle using the first meta-password as a decoding key; and
      
      generating the modified authentication response by substituting the decoded password for the first meta-password in the authentication response.
  - 27. The article of manufacture according to claim 26 further including:
    - receiving a second meta-password from the associated user together with a request for meta-password update;
      
      using said first meta-password as a key, decoding each of said passwords associated with said list of network addresses as decoded passwords;
      
      using said second meta-password as a key, encoding each of said decoded passwords as re-encoded passwords; and
      
      storing the re-encoded passwords in said registry.
  - 28. The article of manufacture according to claim 27 further including registering said second meta-password in an associated storage location.
  - 29. The article of manufacture according to claim 25, wherein generating a modified authentication response further includes:
    - receiving a handle selection from the associated user, said handle selection being selected from the handles contained in the repository;
      
      entering the identified network address into the repository;
      
      in the repository, associating the identified network address with the received handle selection;
      
      decoding the encoded password associated with the received handle using the first meta-password as a decoding key; and
      
      generating the modified authentication response by combining the decoded password with the authentication response.
  - 30. The article of manufacture according to claim 29, wherein receiving a handle selection from the associated user further includes:
    - displaying a handle selection dialog box including displaying the handles stored in the repository; and
      
      receiving a handle selection from the associated user via the selection dialog box.
  - 31. The article of manufacture according to claim 25, further including:
    - searching for the identified network address in the repository;
      
      recognizing, based upon the searching step, that the network address is not associated with a handle in the repository; and
      
      when the network address is not associated with the handle in the repository, displaying a handle selection dialog box.
  - 32. The article of manufacture according to claim 25, further including:
    - accessing a handle management dialog box;
      
      in the handle management dialog box, receiving a new handle from the associated user, said new handle not being included in the repository;
      
      establishing a collection of password rules;
      
      generating a password consistent with the established password rules;
      
      encoding the generated password using the first meta-password as an encoding key;
      
      storing the network address in the repository;
      
      in the repository, associating the network address with the new handle; and
      
      in the repository, associating the encoded password with the new handle.
  - 33. The article of manufacture according to claim 32, wherein generating a password includes generating a password using a pseudo-random number generator.
  - 34. The article of manufacture according to claim 33, wherein generating a password further includes:
    - obtaining a system time;
      
      mathematically combining the system time and the meta-password to obtain a seed value;
      
      applying the seed value to an operation of the pseudo-random number generator to generate a pseudo-random number sequence; and
      
      using the pseudo-random number sequence to generate a character sequence as said password.
  - 35. The article of manufacture according to claim 33, wherein generating a password using a pseudo-random number generator further includes:
    - obtaining a system time;
      
      applying the system time as a seed to an operation of the pseudo-random number generator to generate a pseudo-random number sequence; and
      
      , using the pseudo-random number sequence to generate a character sequence.
  - 36. The article of manufacture according to claim 32, wherein establishing a collection of password rules includes receiving a collection of password rules from the associated user.
  - 37. The article of manufacture according to claim 25, further including:
    - establishing a collection of password rules for a first handle in the repository;
      
      generating a password consistent with the collection of password rules;
      
      updating the user password to correspond with the generated password on a secure service provider with which the first handle is associated;
      
      encoding the generated password using the first meta-password as an encoding key; and
      
      associating, in the repository, the encoded password with the first handle.
  - 38. The article of manufacture according to claim 37, further including:
    - receiving an update period for the first handle from the associated user;
      
      associating the update period with the first handle; and
      
      repeating, coincident with a recurrence of the update period, the generating, the updating, the encoding, and the associating.
  - 39. The article of manufacture according to claim 25 wherein generating a modified authentication response further includes:
    - verifying that the authentication response includes the first meta-password; and
      
      conditional upon the verifying step not locating the first meta-password in the authentication response, generating a modified authentication response which includes substantially no changes relative to the authentication response.

16. A system for managing user authentication information, the system operating in conjunction with an associated interfacing program which interfaces an associated user with a plurality of associated secure services, the system comprising:
- a repository containing at least an address table wherein each address has an associated handle and each handle has an associated encoded password;
  
  a software hook by which an authentication response sent by the interfacing program is intercepted; and
  
  a processor for processing the intercepted authentication response by combining a password extracted from the repository with the intercepted authentication response, said processing being selectively performed upon receipt from the user of a meta-password associated with the repository.

25. An article of manufacture comprising a program storage medium readable by a computer and embodying one or more instructions executable by the computer for performing a method for management of user authentication information, comprising:
- receiving a first meta-password from an associated user;
  
  maintaining a repository including a list of network addresses and associated handles, each handle having an associated encoded password;
  
  intercepting a user authentication response sent by the associated user;
  
  identifying a network address to which the authentication response is directed;
  
  generating a modified authentication response based upon the user authentication response and based upon contents of the repository corresponding to said network address; and
  
  transmitting the modified authentication response to the identified network address via the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Malloy, William Earl, Xia, Chenhong

Granted Patent

US 7,103,912 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

G06F 21/31 User authentication

G06F 2221/2115 Third party

User authorization management system using a meta-password and method for same

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

User authorization management system using a meta-password and method for same

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links