System and method for controlling invalid password attempts

US 20030101359A1
Filed: 11/29/2001
Published: 05/29/2003
Est. Priority Date: 11/29/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method of managing invalid password attempts, said method comprising:

receiving a message from a computer system, wherein the message includes a distinguished name, the distinguished name corresponding to a failed login attempt;

calculating a total failed login attempt number corresponding to the distinguished name;

identifying a failed login attempt allowed number;

determining whether the total failed login attempt number is greater than the failed login attempt allowed number; and

revoking a password corresponding to the distinguished name based on the determination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for controlling invalid password attempts in a multiple replica computer system environment is presented. A centralized strikeout server receives failed login attempts from the multiple replica servers over a secure sockets layer (SSL) connection. The centralized strikeout server tracks the number of failed login attempts over a configurable login tracking period. If the number of failed login attempts exceeds the number of failed login attempts allowed, the centralized server revokes the password corresponding to the user id which exceeded the number of failed login attempts allowed. Password revocation message are sent to one or more login servers. Cleanup processing removes older failed login attempts that occurred outside the login tracking period. Digital signatures, or certificates, are used to authenticate computer systems to one another.

Citations

20 Claims

1. A method of managing invalid password attempts, said method comprising:
- receiving a message from a computer system, wherein the message includes a distinguished name, the distinguished name corresponding to a failed login attempt;
  
  calculating a total failed login attempt number corresponding to the distinguished name;
  
  identifying a failed login attempt allowed number;
  
  determining whether the total failed login attempt number is greater than the failed login attempt allowed number; and
  
  revoking a password corresponding to the distinguished name based on the determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as described in claim 1 wherein the message is received from a plurality of servers.
  - 3. The method as described in claim 1 further comprising:
    - establishing a secure connection with the computer system; and
      
      verifying a digital certificate corresponding to the computer system, wherein the digital certificate is included in the message.
  - 4. The method as described in claim 1 wherein the determining further comprises:
    - configuring parameters, wherein the parameters include a login tracking period;
      
      storing a record in a failed login data store, the record including the distinguished name and a timestamp corresponding to a time the message was received; and
      
      removing one or more records from the failed login data store in response to one or more corresponding timestamps being older than the tracking period.
  - 5. The method as described in claim 1 wherein the revoking further includes:
    - preparing a password revocation message, the password revocation message identifying the distinguished name; and
      
      sending the password revocation message to one or more login servers, wherein the login servers include the computer system.
  - 6. The method as described in claim 5 further comprising:
    - establishing a secure connection to each of the login servers; and
      
      including a digital signature identifying a sending computer system in the password revocation message.
  - 7. The method as described in claim 5 wherein the password revocation message is sent in response to determining that the password was not previously revoked;
    - and wherein the password revocation message is not sent in response to determining that the password was previously revoked.

8. An information handling system comprising:
- one or more processors;
  
  a memory accessible by the processors;
  
  one or more nonvolatile storage devices accessible by the processors;
  
  a password managing tool to process invalid password attempts, the password managing tool including;
  
  means for receiving a message from a computer system, wherein the message includes a distinguished name, the distinguished name corresponding to a failed login attempt;
  
  means for calculating a total failed login attempt number corresponding to the distinguished name;
  
  means for identifying a failed login attempt allowed number;
  
  means for determining whether the total failed login attempt number is greater than the failed login attempt allowed number; and
  
  means for revoking a password corresponding to the distinguished name based on the determination.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The information handling system as described in claim 8 wherein the message is received from a plurality of servers.
  - 10. The information handling system as described in claim 8 further comprising:
    - means for establishing a secure connection with the computer system; and
      
      means for verifying a digital certificate corresponding to the computer system, wherein the digital certificate is included in the message.
  - 11. The information handling system as described in claim 8 wherein the determining further comprises:
    - means for configuring parameters, wherein the parameters include a login tracking period;
      
      means for storing a record in a failed login data store, the record including the distinguished name and a timestamp corresponding to a time the message was received; and
      
      means for removing one or more records from the failed login data store in response to one or more corresponding timestamps being older than the tracking period.
  - 12. The information handling system as described in claim 8 wherein the revoking further includes:
    - means for preparing a password revocation message, the password revocation message identifying the distinguished name; and
      
      means for sending the password revocation message to one or more login servers, wherein the login servers include the computer system.
  - 13. The information handling system as described in claim 12 further comprising:
    - means for establishing a secure connection to each of the login servers; and
      
      means for including a digital signature identifying a sending computer system in the password revocation message.

14. A computer program product stored in a computer operable media for processing invalid password attempts, said computer program product comprising:
- means for receiving a message from a computer system, wherein the message includes a distinguished name, the distinguished name corresponding to a failed login attempt;
  
  means for calculating a total failed login attempt number corresponding to the distinguished name;
  
  means for identifying a failed login attempt allowed number;
  
  means for determining whether the total failed login attempt number is greater than the failed login attempt allowed number; and
  
  means for revoking a password corresponding to the distinguished name based on the determination.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer program product as described in claim 14 wherein the message is received from a plurality of servers.
  - 16. The computer program product as described in claim 14 further comprising:
    - means for establishing a secure connection with the computer system; and
      
      means for verifying a digital certificate corresponding to the computer system, wherein the digital certificate is included in the message.
  - 17. The computer program product as described in claim 14 wherein the determining further comprises:
    - means for configuring parameters, wherein the parameters include a login tracking period;
      
      means for storing a record in a failed login data store, the record including the distinguished name and a timestamp corresponding to a time the message was received; and
      
      means for removing one or more records from the failed login data store in response to one or more corresponding timestamps being older than the tracking period.
  - 18. The computer program product as described in claim 14 wherein the revoking further includes:
    - means for preparing a password revocation message, the password revocation message identifying the distinguished name; and
      
      means for sending the password revocation message to one or more login servers, wherein the login servers include the computer system.
  - 19. The computer program product as described in claim 18 further comprising:
    - means for establishing a secure connection to each of the login servers; and
      
      means for including a digital signature identifying a sending computer system in the password revocation message.
  - 20. The computer program product as described in claim 18 wherein the password revocation message is sent in response to determining that the password was not previously revoked;
    - and wherein the password revocation message is not sent in response to determining that the password was previously revoked.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Olore, Brian Paul, Quintero, Christine Lynn, Aschen, Sean Edward, Doran, James R.

Application Number

US09/998,389
Publication Number

US 20030101359A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/55   Detecting local intrusion o...

H04L 63/083   using passwords cryptograph...

H04L 63/1408   by monitoring network traff...

System and method for controlling invalid password attempts

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for controlling invalid password attempts

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links