TECHNIQUES FOR REAL-TIME ADAPTIVE PASSWORD POLICIES

US 20090150677A1
Filed: 12/06/2007
Published: 06/11/2009
Est. Priority Date: 12/06/2007
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method, comprising:

enforcing a first password policy against users of a network service;

dynamically evaluating password patterns being used by the users; and

adapting in real-time to a second password policy in response to evaluation of the password patterns and enforcing the second password policy in place of the first password policy against the users.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques real-time adaptive password policies are presented. Patterns for passwords are regularly analyzed along with other factors associated with the patterns to dynamically determine password strength values. The strength values can change over time based on usage statistics. When a strength value falls below an acceptable threshold, passwords associated with that particular pattern can be downgraded or rejected in real-time and existing policy can be adapted to reflect the undesirability of that pattern.

73 Citations

View as Search Results

24 Claims

1. A machine-implemented method, comprising:
- enforcing a first password policy against users of a network service;
  
  dynamically evaluating password patterns being used by the users; and
  
  adapting in real-time to a second password policy in response to evaluation of the password patterns and enforcing the second password policy in place of the first password policy against the users.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein dynamically evaluating further includes detecting a base pattern being modified by a variety of the users, wherein a total number of modifications to the base pattern exceeds a threshold.
  - 3. The method of claim 2, wherein adapting further includes identifying that the first password policy permits the base pattern and modifying the first password policy to deny subsequent usage of the base pattern by the users for subsequent passwords and making the second password policy the modified first password policy that excludes usage of the base pattern.
  - 4. The method of claim 1, wherein dynamically evaluating further includes dynamically mining a password database to identify unique patterns in use within the password database for passwords.
  - 5. The method of claim 4, wherein dynamically mining further includes categorizing the unique patterns into groupings, each group associated with a particular user, a particular grouping of users, or the users as a whole.
  - 6. The method of claim 5 further comprising:
    - assigning frequency numbers to each grouping for each unique pattern; and
      
      adjusting a strength attribute for each password associated with each unique pattern in response to that unique pattern'"'"'s associated frequency number
  - 7. The method of claim 6 further comprising:
    - migrating to the second password policy in response to a threshold strength value when compared to the strength attributes for the unique patterns;
      
      denying a new password received as a modification password from one of the users or received from a new user when the new password is associated with a particular strength attribute that falls below the threshold strength value.

8. A machine-implemented method, comprising:
- prompting a user to change an existing password;
  
  receiving a new password from the user;
  
  analyzing past password patterns used by the user in view of a new pattern associated with the new password;
  
  dynamically adjusting password strength attributes for the past password patterns and the new pattern in response to a frequency of use for each past password pattern and the new pattern; and
  
  determining in real time whether the new password is to be accepted or denied in response to comparing the strength attribute associated with the new pattern against a threshold strength value.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein analyzing further includes, analyzing other password patterns used by a group of users to which the user is assigned and including the other password patterns when adjusting the password strength attributes.
  - 10. The method of claim 8 further comprising, dynamically and in real time modifying an existing password policy to exclude the new pattern when the new pattern is denied.
  - 11. The method of claim 8, wherein dynamically adjusting further includes resolving the new password'"'"'s strength attribute in response to:
    - a quality value for the new pattern as determined by characteristics of the new pattern defined in a quality policy;
      
      usage of the past password patterns by the user;
      
      group password pattern statistics that accounts for a number of users currently using the new pattern for the new password; and
      
      attributes of the new password including a length of the new password, variation in characters used in the new password, and variation in casing for the characters.
  - 12. The method of claim 8, wherein determining further includes, accepting the new pattern but advising the user that the strength attribute is close to being unacceptable when compared to the threshold strength value, wherein what is close is determined using another threshold representing a range of values for the difference between the strength attribute and the threshold strength value.
  - 13. The method of claim 8, wherein determining further includes, denying the new pattern and suggesting a particular password pattern to the user that is identified as having a particular strength value that is greater than the threshold strength value.
  - 14. The method of claim 8, wherein dynamically adjusting further includes downgrading the strength attribute associated with the new pattern when the new pattern represents a particular pattern that the user has repeated and used before, and wherein policy dictates whether the downgrading forces the strength attribute for the new pattern to fall below the threshold strength value or whether the strength attribute for the new pattern remains above the threshold strength value.

15. A system, comprising:
- a password pattern store residing in a machine-accessible and computer-readable medium and accessible to a password service that executes on a machine;
  
  the password service implemented in a machine-accessible and computer-readable medium and to process on the machine;
  
  wherein the password service stores password patterns received from users in the password pattern store and mines the password patterns to dynamically alter password strength attribute values associated with each particular password pattern, and wherein the password service dynamically and in real time adapts a password policy in response to changing password strength attribute values for the password patterns.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein each entry within the password pattern store includes a particular pattern, particular user identifications for users that are currently or have used the particular pattern, a particular group identification associated with a grouping of users that are currently or have used the particular pattern, a frequency of use number identifying a total number of active users or active groups that are using the particular pattern, and a particular strength attribute value that is dynamically altered and changed as conditions change within the password pattern store, wherein the password service makes the dynamic alternations or changes to the particular strength attribute value.
  - 17. The system of claim 15, wherein the password service mines the password pattern store to acquire a personal password history for a particular user that identifies each pattern for each password that the particular user has used.
  - 18. The system of claim 17, wherein the password service resolves a particular password strength attribute for the particular user in response to the personal password history and a new proposed password offered by the particular user.
  - 19. The system of claim 15, wherein the password service resolves a particular password strength attribute for a particular user in response to a group password history mined from the password pattern store in response to a new proposed password offered by the particular user, wherein the particular user is associated with a group to which the group password history belongs to.
  - 20. The system of claim 15, wherein the password service actively advises the users when the password strength attribute values are unacceptable by providing acceptable password patterns for the users to conform their passwords to.

21. A system, comprising:
- a password management service implemented in a machine-accessible and computer-readable medium and is to process on a machine; and
  
  an adaptive password policy service implemented in a machine-accessible and computer-readable medium and is to process on the machine or a different machine;
  
  wherein the password management service interacts with a user to receive a new password from the user when the user is newly registered or when the user is changing from an existing password to the new password, and wherein the password management service interacts with the adaptive password policy service to receive an indication as to whether the new password is permissible, and wherein the adaptive password policy service dynamically alters an existing policy in response to mining a history of passwords for the user and the new password and informs the password management service to reject the new password in response to the modified existing policy.
- View Dependent Claims (22, 23, 24)
- - 22. The system of claim 21, wherein the adaptive password policy service derives a pattern for the new password and compares that pattern against unique patterns associated with the history of passwords to assign a strength value to the new password.
  - 23. The system of claim 22, wherein the adaptive password policy service determines to reject the new password when the strength value falls below a threshold value.
  - 24. The system of claim 23, wherein the adaptive password policy service alters other strength values for the history of passwords in response to the pattern for the new password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Novell Intellectual Property Holdings, Inc.
Inventors
Vedula, Srinivas, Morris, Cameron Craig, Henderson, Larry Hal

Granted Patent

US 8,332,918 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/183
CPC Class Codes

G06F 21/46 by designing passwords or c...

G06F 2221/2101 Auditing as a secondary aspect

TECHNIQUES FOR REAL-TIME ADAPTIVE PASSWORD POLICIES

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR REAL-TIME ADAPTIVE PASSWORD POLICIES

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links