Method and Apparatus for Securely Synchronizing Password Systems

US 20120072977A1
Filed: 11/23/2011
Published: 03/22/2012
Est. Priority Date: 03/31/2003
Status: Active Grant

First Claim

Patent Images

1-17. -17. (canceled)

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A centralized password repository (CPR) provides network users with a password portal through which the user can manage password access to domains and applications on the network. A subset of the domains and applications on the network may be required, by design, to maintain a separate password infrastructure. For these systems, the CPR establishes a secure and authenticated communication channel and software on the system interfaces with the password infrastructure to synchronize the password in the system password infrastructure with the password in the CPR. For other systems not required to maintain a separate password infrastructure, the CPR performs password services by responding to requests from those systems seeking to validate user IDs and passwords. The CPR enables an administrator to modify network privileges and enables a user to alter passwords on the network through a single interface.

11 Citations

View as Search Results

37 Claims

1-17. -17. (canceled)

18. A method of securely updating at least one password on a network connected to a plurality of password domains, the method comprising:
- maintaining a table associating user identifiers with password domains in which the user identifiers are used;
  
  receiving from a user a user identifier and password;
  
  authenticating the received user identifier and password;
  
  receiving from the authenticated user a communication requesting a password change;
  
  implementing the requested password change in the table;
  
  identifying at least one password domain associated with the authenticated user identifier; and
  
  when the user has been authenticated at a level acceptable to the at least one password domain in which the received user identifier is used;
  
  establishing an encrypted and authenticated network connection to the identified at least one password domain; and
  
  implementing the requested password change on a password database of the at least one identified password domain.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 19. The method of claim 18, further comprising, when the user has not been authenticated at a level acceptable to the at least one password domain in which the received user identifier is used, requiring the user to re-authenticate at a level at least as high as the authentication level required by the at least one password domain before establishing an encrypted and authenticated network connection to the identified at least one password domain and implementing the requested password change on the password database of the at least one identified password domain.
  - 20. The method of claim 18, wherein:
    - identifying at least one password domain associated with the authenticated user identifier comprises identifying plural password domains associated with the authenticated user identifier;
      
      establishing an encrypted and authenticated network connection to the identified at least one password domain comprises establishing a respective encrypted and authenticated network connection to each of the plural indentified password domains; and
      
      implementing the requested password change comprises implementing the requested password change on a respective password database of each of the plural identified password domains.
  - 21. The method of claim 18, wherein implementing the password change comprises implementing the password change on the password database of the at least one password domain using the authenticated user identifier and password.
  - 22. The method of claim 18, wherein implementing the password change comprises implementing the password change on the password database of the at least one password domain using a reset function.
  - 23. The method of claim 18, further comprising receiving from the at least one password domain a message confirming completion of the requested password change.
  - 24. The method of claim 23, further comprising sending the authenticated user a communication indicating success or failure of password change.
  - 25. The method of claim 18, further comprising providing a web interface to the authenticated user.
  - 26. The method of claim 25, wherein the web interface is operable by the authenticated user to send the communication requesting the password change.
  - 27. The method of claim 18, further comprising performing password services for password domains which do not maintain their own password databases.

28. A non-transitory, tangible, processor-readable storage medium having stored thereon instructions for securely updating at least one password on a network connected to a plurality of password domains, the instructions comprising instructions executable by a processor:
- to maintain a table associating user identifiers with password domains in which the user identifiers are used;
  
  to receive from a user a user identifier and password;
  
  to authenticate the received user identifier and password;
  
  to receive from the authenticated user a communication requesting a password change;
  
  to implement the requested password change in the table;
  
  to identify at least one password domain associated with the authenticated user identifier; and
  
  when the user has been authenticated at a level acceptable to the at least one password domain in which the received user identifier is used;
  
  to establish an encrypted and authenticated network connection to the identified at least one password domain; and
  
  to implement the requested password change on a password database of the at least one identified password domain.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 29. The medium of claim 28, further comprising instructions executable when the user has not been authenticated at a level acceptable to the at least one password domain in which the received user identifier is used, to require the user to re-authenticate at a level at least as high as the authentication level required by the at least one password domain before establishing an encrypted and authenticated network connection to the identified at least one password domain and implementing the requested password change on the password database of the at least one identified password domain.
  - 30. The medium of claim 28, wherein:
    - the instructions executable to identify at least one password domain associated with the authenticated user identifier comprises instructions executable to identify plural password domains associated with the authenticated user identifier;
      
      the instructions executable to establish an encrypted and authenticated network connection to the identified at least one password domain comprise instructions executable to establish a respective encrypted and authenticated network connection to each of the plural indentified password domains; and
      
      the instructions executable to implement the requested password change comprise instructions executable to implement the requested password change on a respective password database of each of the plural identified password domains.
  - 31. The medium of claim 28, wherein the instructions executable to implement the password change comprise instructions executable to implement the password change on the password database of the at least one password domain using the authenticated user identifier and password.
  - 32. The medium of claim 28, wherein the instructions executable to implement the password change comprise instructions executable to implement the password change on the password database of the at least one password domain using a reset function.
  - 33. The medium of claim 28, wherein the instructions further comprise instructions executable to receive from the at least one password domain a message confirming completion of the requested password change.
  - 34. The medium of claim 33, wherein the instructions further comprise instructions executable to send the authenticated user a communication indicating success or failure of password change.
  - 35. The medium of claim 28, wherein the instructions further comprise instructions executable to provide a web interface to the authenticated user.
  - 36. The medium of claim 35, wherein the web interface is operable by the authenticated user to send the communication requesting the password change.
  - 37. The medium of claim 28, wherein the instructions further comprise instructions executable to perform password services for password domains which do not maintain their own password databases.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
RPX Clearinghouse LLC (RPX Corporation)
Inventors
Lewis, Christopher Raymond

Granted Patent

US 8,838,959 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 21/45   Structures or tools for the...

G06F 2221/2113   Multi-level security, e.g. ...

G06Q 20/4012   Verifying personal identifi...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0846   using time-dependent-passwo...

H04L 63/105   Multiple levels of security

Method and Apparatus for Securely Synchronizing Password Systems

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Apparatus for Securely Synchronizing Password Systems

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links