PRIVILEGED ACCOUNT MANAGER, ACCESS MANAGEMENT

US 20130086658A1
Filed: 05/31/2012
Published: 04/04/2013
Est. Priority Date: 09/29/2011
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a memory storing a plurality of instructions; and

one or more processors configured to access the memory, wherein the one or more processors are further configured to execute the plurality of instructions to;

receive, from a target system, identification of a user-accessible account of the target system to be managed;

associate the user-accessible account with a security account of the target system, the security account configured to modify a password associated with the user-accessible account.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed.

67 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a memory storing a plurality of instructions; and
  
  one or more processors configured to access the memory, wherein the one or more processors are further configured to execute the plurality of instructions to;
  
  receive, from a target system, identification of a user-accessible account of the target system to be managed;
  
  associate the user-accessible account with a security account of the target system, the security account configured to modify a password associated with the user-accessible account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the security account is not accessible by a user of the target system.
  - 3. The system of claim 1, wherein the security account is only accessible by the system.
  - 4. The system of claim 1, wherein the target system is configured with a plurality of user-accessible accounts.
  - 5. The system of claim 4, wherein the one or more processors are further configured to execute the plurality of instructions to associate a predetermined number of the plurality of user-accessible accounts with the security account.
  - 6. The system of claim 5, wherein the predetermined number of the plurality of user accessible accounts to be associated with the security account is configurable by the target system.
  - 7. The system of claim 1, wherein the one or more processors are further configured to execute the plurality of instructions to:
    - receive a request for a password, from a user of the target system, the password for providing the user with access to the user-accessible account of the target system; and
      
      provide the password to the user.
  - 8. The system of claim 7, wherein the one or more processors are further configured to execute the plurality of instructions to provide the password to the user only when the user has been successfully authenticated with the system.
  - 9. The system of claim 7, wherein the one or more processors are further configured. to execute the plurality of instructions to log, in the memory, an indication that the user has checked out the password.
  - 10. The system of claim 9, wherein the one or more processors are further configured to execute the plurality of instructions to automatically modify the password of the user-accessible account in response to the user checking the password back in to the system.
  - 11. The system of claim 1, wherein the one or more processors are further configured to execute the plurality of instructions to:
    - receive, from the target system, a user grant associated with access rights of the user-accessible account; and
      
      administer the user grant by managing a password for providing the user with access to the user-accessible account of the target system.
  - 12. The system of claim 11, wherein the user grant indicates at least one of a day, a time, a duration, or a location during or from which the system will provide the password to the user.

13. A computer-implemented method, comprising:
- receiving, by a computer system, from a target system, information associated with an account to be managed by the computer system, the account being accessible by a user;
  
  associating, by the computer system, the account to be managed with a security account of the target system, the security account riot accessible by a user and configured to modify a password associated with the account to be managed; and
  
  in response to a user request, received by the computer system, to access the
- View Dependent Claims (14, 15, 16)
- - 14. The computer-implemented method of claim 13, further comprising authenticating the user based at least in part on a user credential prior to checking out the password to the user.
  - 15. The computer-implemented method of claim 13, further comprising logging check-in or check-out information associated with the user that checked out the password.
  - 16. The computer-implemented method of claim 13, further comprising automatically modifying the password associated with the account to be managed upon receiving an indication that the password was checked in by the user.

17. A computer-readable memory storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising:
- instructions that cause the one or more processors to receive, from a target system, identification of a plurality of accounts of the target system to be managed, the plurality of accounts being accessible by a user;
  
  instructions that cause the one or more processors to associate the plurality of accounts to be managed with a security account of the target system that is not accessible by a user, the security account configured to modify a password associated with at least one of the plurality of accounts to be managed;
  
  instructions that cause the one or more processors to receive, from a user, an authentication request and a request for a particular password associated with at least one of the plurality of accounts to be managed;
  
  instructions that cause the one or more processors to check out the particular password to the user based at least in part on successful authentication of the user; and
  
  instructions that cause the one or more processors to automatically modify the particular password after the particular password is checked in by the user.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable memory of claim 17, wherein checking out the particular password to the user comprises instructions that cause the one or more processors to provide the particular password to the user and log that the user has the particular password checked out.
  - 19. The computer-readable memory of claim 18, the plurality of instructions further comprising instructions that cause the one or more processors to log activity occurring on the target system while the particular password is checked out to the user.
  - 20. The computer-readable memory of claim 17, the plurality of instructions further comprising instructions that cause the one or more processors to receive, from the target system, configuration information to indicate which accounts of the plurality of accounts of the target system are to be associated with the security account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Kottahachchi, Buddhika, Sharma, Himanshu, Sathyanarayan, Ramaprakash Hosalli

Granted Patent

US 9,069,947 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 21/45   Structures or tools for the...

G06F 21/46   by designing passwords or c...

G06F 21/55   Detecting local intrusion o...

G06F 21/554   involving event detection a...

G06F 21/604   Tools and structures for ma...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

PRIVILEGED ACCOUNT MANAGER, ACCESS MANAGEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

67 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PRIVILEGED ACCOUNT MANAGER, ACCESS MANAGEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links