Dynamically mitigating a noncompliant password

US 20050235341A1
Filed: 04/16/2004
Published: 10/20/2005
Est. Priority Date: 04/16/2004
Status: Active Grant

First Claim

Patent Images

1. A method of dynamically mitigating a noncompliant password, the method comprising the machine-implemented steps of:

obtaining a password from a user when the user attempts to access a service;

determining whether the password meets quality criteria; and

if the password does not meet the quality criteria, performing one or more responsive actions that relate to accessing the service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for dynamically mitigating a noncompliant password. The techniques include obtaining a password from a user when the user attempts to access a service; determining whether the password meets quality criteria; and if the password does not meet the quality criteria, performing one or more responsive actions that relate to accessing the service.

92 Citations

View as Search Results

71 Claims

1. A method of dynamically mitigating a noncompliant password, the method comprising the machine-implemented steps of:
- obtaining a password from a user when the user attempts to access a service;
  
  determining whether the password meets quality criteria; and
  
  if the password does not meet the quality criteria, performing one or more responsive actions that relate to accessing the service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein the step of performing one or more responsive actions that relate to accessing the service comprises:
    - if the password meets the quality criteria, granting to the user a first level of access to the service, wherein the first level of access to the service is associated with the quality criteria;
      
      if the password meets a second quality criteria, granting to the user a second level of access to the service, wherein the second level of access to the service is associated with the second quality criteria, wherein the second quality criteria is distinct from the quality criteria and wherein, if a particular password meets the quality criteria, then the password meets the second quality criteria.
  - 3. The method of claim 1, wherein the step of performing one or more responsive actions that relate to accessing the service comprises performing one or more of:
    - logging information related to the password;
      
      sending a report about the password;
      
      generating an alert about the password;
      
      forcing a password change;
      
      or blocking the user'"'"'s access to the service.
  - 4. The method of claim 1, wherein the method further comprises, if the password does meet the quality criteria, providing user access to the service.
  - 5. The method of claim 1, wherein the step of determining whether the password meets quality criteria further comprises one or more of the steps of:
    - performing a dictionary look-up based on the one or more symbols used in the password;
      
      checking the length of the one or more symbols used in the password;
      
      checking the number of unique characters of the one or more symbols used in the password;
      
      checking the case of the characters in the one or more symbols used in the password;
      
      checking the sequencing of characters in the one or more symbols used in the password;
      
      or performing statistical analysis based on the one or more symbols used in the password.
  - 6. The method of claim 1, wherein the step of performing one or more responsive actions that relate to accessing the service comprises logging information related to the password.
  - 7. The method of claim 1, wherein the step of performing one or more responsive actions that relate to accessing the service comprises sending a report about the password.
  - 8. The method of claim 1, wherein the step of performing one or more responsive actions that relate to accessing the service comprises generating an alert about the password.
  - 9. The method of claim 1, wherein the step of performing one or more responsive actions that relate to accessing the service comprises forcing a password change.
  - 10. The method of claim 1, wherein the step of performing one or more responsive actions that relate to accessing the service comprises blocking the user'"'"'s access to the service.
  - 11. The method of claim 1, wherein obtaining the password from the user comprises obtaining the password from the user via a graphical user interface.
  - 12. The method of claim 1, wherein obtaining the password from the user comprises obtaining the password from the user via an electronic interface.
  - 13. The method of claim 1, wherein the method further comprises the step of determining a quality score for the password, and wherein the step of determining whether the password meets quality criteria comprises comparing the quality score to a predefined threshold value.
  - 14. The method of claim 1, further comprising the steps of:
    - obtaining the password from a repository of passwords;
      
      making a first determination whether the password meets quality criteria; and
      
      storing in a particular machine-readable medium an indication of the first determination for the password;
      
      wherein the step of determining whether the password meets quality criteria comprises accessing the particular machine-readable medium.
  - 15. The method of claim 1, wherein the user is associated with a particular user role, and wherein determining whether the password meets quality criteria comprises determining whether the password meets quality criteria for the particular user role.
  - 16. The method of claim 1, wherein determining whether the password meets quality criteria comprises determining whether the password meets quality criteria for the service.
  - 17. The method of claim 1, wherein the step of obtaining the password comprises an access service obtaining the password from the user when the user attempts to access the service, and wherein the access service comprises machine executable instructions executing on a particular machine, and the service comprises machine executable instruction executing on the same particular machine.
  - 18. The method of claim 1, wherein the step of obtaining the password comprises an access service obtaining the password from the user when the user attempts to access the service, and wherein the access service comprises machine executable instructions executing on a first machine and the service comprises machine executable instructions executing on a second machine, wherein the first machine is distinct from the second machine.

19. A method of dynamically mitigating a noncompliant password, the method comprising the machine-implemented steps of:
- obtaining a password from a user when the user attempts to access a service;
  
  determining whether the password meets quality criteria; and
  
  if the password does not meet the quality criteria, performing one or more of;
  
  forcing a password change;
  
  or blocking the user'"'"'s access to the service; and
  
  wherein the step of determining whether the password meets quality criteria further comprises one or more of the steps of;
  
  performing a dictionary look-up based on the one or more symbols used in the password;
  
  checking the length of the one or more symbols used in the password;
  
  checking the number of unique characters of the one or more symbols used in the password;
  
  checking the case of the characters in the one or more symbols used in the password;
  
  checking the sequencing of characters in the one or more symbols used in the password;
  
  or performing statistical analysis based on the one or more symbols used in the password.

20. A machine-readable medium carrying one or more sequences of instructions for dynamically mitigating a noncompliant password, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- obtaining a password from a user when the user attempts to access a service;
  
  determining whether the password meets quality criteria; and
  
  if the password does not meet the quality criteria, performing one or more responsive actions that relate to accessing the service.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 21. The machine-readable medium of claim 20, wherein the step of performing one or more responsive actions that relate to accessing the service comprises:
    - if the password meets the quality criteria, granting to the user a first level of access to the service, wherein the first level of access to the service is associated with the quality criteria;
      
      if the password meets a second quality criteria, granting to the user a second level of access to the service, wherein the second level of access to the service is associated with the second quality criteria, wherein the second quality criteria is distinct from the quality criteria and wherein, if a particular password meets the quality criteria, then the password meets the second quality criteria.
  - 22. The machine-readable medium of claim 20, wherein the step of performing one or more responsive actions that relate to accessing the service comprises performing one or more of:
    - logging information related to the password;
      
      sending a report about the password;
      
      generating an alert about the password;
      
      forcing a password change;
      
      or blocking the user'"'"'s access to the service.
  - 23. The machine-readable medium of claim 20, further comprising instructions which, when executed by the one or more processors, cause the one or more processors to carry out the step of, if the password does meet the quality criteria, providing user access to the service.
  - 24. The machine-readable medium of claim 20, wherein the step of determining whether the password meets quality criteria further comprises one or more of the steps of:
    - performing a dictionary look-up based on the one or more symbols used in the password;
      
      checking the length of the one or more symbols used in the password;
      
      checking the number of unique characters of the one or more symbols used in the password;
      
      checking the case of the characters in the one or more symbols used in the password;
      
      checking the sequencing of characters in the one or more symbols used in the password;
      
      or performing statistical analysis based on the one or more symbols used in the password.
  - 25. The machine-readable medium of claim 20, wherein the step of performing one or more responsive actions that relate to accessing the service comprises logging information related to the password.
  - 26. The machine-readable medium of claim 20, wherein the step of performing one or more responsive actions that relate to accessing the service comprises sending a report about the password.
  - 27. The machine-readable medium of claim 20, wherein the step of performing one or more responsive actions that relate to accessing the service comprises generating an alert about the password.
  - 28. The machine-readable medium of claim 20, wherein the step of performing one or more responsive actions that relate to accessing the service comprises forcing a password change.
  - 29. The machine-readable medium of claim 20, wherein the step of performing one or more responsive actions that relate to accessing the service comprises blocking the user'"'"'s access to the service.
  - 30. The machine-readable medium of claim 20, wherein obtaining the password from the user comprises obtaining the password from the user via a graphical user interface.
  - 31. The machine-readable medium of claim 20, wherein obtaining the password from the user comprises obtaining the password from the user via an electronic interface.
  - 32. The machine-readable medium of claim 20, further comprising instructions which, when executed by the one or more processors, cause the one or more processors to carry out the step of determining a quality score for the password, and wherein the step of determining whether the password meets quality criteria comprises comparing the quality score to a predefined threshold value.
  - 33. The machine-readable medium of claim 20, further comprising instructions which, when executed by the one or more processors, cause the one or more processors to carry out the steps of:
    - obtaining the password from a repository of passwords;
      
      making a first determination whether the password meets quality criteria; and
      
      storing in a particular machine-readable medium an indication of the first determination for the password;
      
      and wherein the step of determining whether the password meets quality criteria comprises accessing the particular machine-readable medium.
  - 34. The machine-readable medium of claim 20, wherein the user is associated with a particular user role, and wherein determining whether the password meets quality criteria comprises determining whether the password meets quality criteria for the particular user role.
  - 35. The machine-readable medium of claim 20, wherein determining whether the password meets quality criteria comprises determining whether the password meets quality criteria for the service.

36. An apparatus for dynamically mitigating a noncompliant password, comprising:
- means for obtaining a password from a user when the user attempts to access a service;
  
  means for determining whether the password meets quality criteria; and
  
  means for performing one or more responsive actions that relate to accessing the service if the password does not meet the quality criteria.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
- - 37. The apparatus of claim 36, wherein the means for performing one or more responsive actions that relate to accessing the service comprises:
    - means for granting to the user a first level of access to the service, if the password meets the quality criteria, wherein the first level of access to the service is associated with the quality criteria;
      
      means for granting to the user a second level of access to the service, if the password meets a second quality criteria, wherein the second level of access to the service is associated with the second quality criteria, wherein the second quality criteria is distinct from the quality criteria and wherein, if a particular password meets the quality criteria, then the password meets the second quality criteria.
  - 38. The apparatus of claim 36, wherein the means for performing one or more responsive actions that relate to accessing the service comprises one or more of:
    - means for logging information related to the password;
      
      means for sending a report about the password;
      
      means for generating an alert about the password;
      
      means for forcing a password change;
      
      or means for blocking the user'"'"'s access to the service.
  - 39. The apparatus of claim 36, wherein the apparatus further comprises means for providing user access to the service if the password does meet the quality criteria.
  - 40. The apparatus of claim 36, wherein the means for determining whether the password meets quality criteria further comprises one or more of:
    - means for performing a dictionary look-up based on the one or more symbols used in the password;
      
      means for checking the length of the one or more symbols used in the password;
      
      means for checking the number of unique characters of the one or more symbols used in the password;
      
      means for checking the case of the characters in the one or more symbols used in the password;
      
      means for checking the sequencing of characters in the one or more symbols used in the password;
      
      or means for performing statistical analysis based on the one or more symbols used in the password.
  - 41. The apparatus of claim 36, wherein the means for performing one or more responsive actions that relate to accessing the service comprises means for logging information related to the password.
  - 42. The apparatus of claim 36, wherein the means for performing one or more responsive actions that relate to accessing the service comprises means for sending a report about the password.
  - 43. The apparatus of claim 36, wherein the means for performing one or more responsive actions that relate to accessing the service comprises means for generating an alert about the password.
  - 44. The apparatus of claim 36, wherein the means for performing one or more responsive actions that relate to accessing the service comprises means for forcing a password change.
  - 45. The apparatus of claim 36, wherein the means for performing one or more responsive actions that relate to accessing the service comprises means for blocking the user'"'"'s access to the service.
  - 46. The apparatus of claim 36, wherein the means for obtaining the password from the user comprises means for obtaining the password from the user via a graphical user interface.
  - 47. The apparatus of claim 36, wherein the means for obtaining the password from the user comprises means for obtaining the password from the user via an electronic interface.
  - 48. The apparatus of claim 36, wherein the apparatus further comprises means for determining a quality score for the password, and wherein the means for determining whether the password meets quality criteria comprises means for comparing the quality score to a predefined threshold value.
  - 49. The apparatus of claim 36, further comprising:
    - means for obtaining the password from a repository of passwords;
      
      means for making a first determination whether the password meets quality criteria; and
      
      means for storing in a particular machine-readable medium an indication of the first determination for the password;
      
      and wherein the means for determining whether the password meets quality criteria comprises means for accessing the particular machine-readable medium.
  - 50. The apparatus of claim 36, wherein the user is associated with a particular user role, and wherein means for determining whether the password meets quality criteria comprises means for determining whether the password meets quality criteria for the particular user role.
  - 51. The apparatus of claim 36, wherein means for determining whether the password meets quality criteria comprises means for determining whether the password meets quality criteria for the service.
  - 52. The apparatus of claim 36, wherein the means for obtaining the password comprises means for an access service to obtain the password from the user when the user attempts to access the service, and wherein the access service comprises means for executing on a particular machine, and wherein the service comprises means for executing on the same particular machine.
  - 53. The apparatus of claim 36, wherein the means for obtaining the password comprises means for an access service to obtain the password from the user when the user attempts to access the service, and wherein the access service comprises means for executing on a first machine and the service comprises means for executing on a second machine, wherein the first machine is distinct from the second machine.

54. An apparatus for dynamically mitigating a noncompliant password, comprising:
- a network interface that is coupled to the data network for receiving one or more packet flows therefrom;
  
  a processor;
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  obtaining a password from a user when the user attempts to access a service;
  
  determining whether the password meets quality criteria; and
  
  if the password does not meet the quality criteria, performing one or more responsive actions that relate to accessing the service.
- View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
- - 55. The apparatus of claim 54, wherein the step of performing one or more responsive actions that relate to accessing the service comprises:
    - if the password meets the quality criteria, granting to the user a first level of access to the service, wherein the first level of access to the service is associated with the quality criteria;
      
      if the password meets a second quality criteria, granting to the user a second level of access to the service, wherein the second level of access to the service is associated with the second quality criteria, wherein the second quality criteria is distinct from the quality criteria and wherein, if a particular password meets the quality criteria, then the password meets the second quality criteria.
  - 56. The apparatus of claim 54, wherein the step of performing one or more responsive actions that relate to accessing the service comprises performing one or more of:
    - logging information related to the password;
      
      sending a report about the password;
      
      generating an alert about the password;
      
      forcing a password change;
      
      or blocking the user'"'"'s access to the service.
  - 57. The apparatus of claim 54, wherein the apparatus further comprises one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the step of, if the password does meet the quality criteria, providing user access to the service.
  - 58. The apparatus of claim 54, wherein the step of determining whether the password meets quality criteria comprises one or more of the steps of:
    - performing a dictionary look-up based on the one or more symbols used in the password;
      
      checking the length of the one or more symbols used in the password;
      
      checking the number of unique characters of the one or more symbols used in the password;
      
      checking the case of the characters in the one or more symbols used in the password;
      
      checking the sequencing of characters in the one or more symbols used in the password;
      
      or performing statistical analysis based on the one or more symbols used in the password.
  - 59. The apparatus of claim 54, wherein the step of performing one or more responsive actions that relate to accessing the service comprises logging information related to the password.
  - 60. The apparatus of claim 54, wherein the step of performing one or more responsive actions that relate to accessing the service comprises sending a report about the password.
  - 61. The apparatus of claim 54, wherein the step of performing one or more responsive actions that relate to accessing the service comprises generating an alert about the password.
  - 62. The apparatus of claim 54, wherein the step of performing one or more responsive actions that relate to accessing the service comprises forcing a password change.
  - 63. The apparatus of claim 54, wherein the step of performing one or more responsive actions that relate to accessing the service comprises blocking the user'"'"'s access to the service.
  - 64. The apparatus of claim 54, wherein obtaining the password from the user comprises obtaining the password from the user via a graphical user interface.
  - 65. The apparatus of claim 54, wherein obtaining the password from the user comprises obtaining the password from the user via an electronic interface.
  - 66. The apparatus of claim 54, wherein the apparatus further comprises one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the step of determining a quality score for the password, and wherein the step of determining whether the password meets quality criteria comprises comparing the quality score to a predefined threshold value.
  - 67. The apparatus of claim 54, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of:
    - obtaining the password from a repository of passwords;
      
      making a first determination whether the password meets quality criteria; and
      
      storing in a particular machine-readable medium an indication of the first determination for the password;
      
      and wherein the step of determining whether the password meets quality criteria comprises accessing the particular machine-readable medium.
  - 68. The apparatus of claim 54, wherein the user is associated with a particular user role, and wherein determining whether the password meets quality criteria comprises determining whether the password meets quality criteria for the particular user role.
  - 69. The apparatus of claim 54, wherein determining whether the password meets quality criteria comprises determining whether the password meets quality criteria for the service.
  - 70. The apparatus of claim 54, wherein the step of obtaining the password comprises an access service obtaining the password from the user when the user attempts to access the service, and wherein the access service comprises machine executable instructions executing on the apparatus, and the service comprises machine executable instruction executing on the same apparatus.
  - 71. The apparatus of claim 54, wherein the step of obtaining the password comprises an access service obtaining the password from the user when the user attempts to access the service, and wherein the access service comprises machine executable instructions executing on a first machine and the service comprises machine executable instructions executing on a second machine, wherein the first machine is distinct from the second machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Stieglitz, Jeremy, Potter, Darran

Granted Patent

US 7,934,101 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/46   by designing passwords or c...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

H04L 63/083   using passwords cryptograph...

H04L 63/0892   by using authentication-aut...

Dynamically mitigating a noncompliant password

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

92 Citations

71 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamically mitigating a noncompliant password

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

71 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links