SECURE SHELL PUBLIC KEY AUDIT SYSTEM
First Claim
Patent Images
1. A system, comprising:
- one or more communication interfaces to communicate with one or more client devices;
one or more processors; and
computer-readable storage media storing computer-executable instructions, which when executed by the one or more processors, cause the one or more processors to perform operations comprising;
receive a request to open a secure communication channel from a client device associated with an individual, the request including information generated based at least in part on a private key associated with the individual;
authenticate the request based at least in part on a public key associated with the individual;
receive a registration code from the client device corresponding to the individual;
attempt to validate the registration code by determining whether the registration code is valid for the individual; and
mark the public key for further investigation responsive to determining that the registration code is invalid for the individual.
9 Assignments
0 Petitions
Accused Products
Abstract
A system for auditing authorized key files associated with secure shell (SSH) servers is disclosed. In an example, the system may include a purpose-built SSH audit server. The SSH audit server may be configured to receive an authorized key file and a list of users. The SSH audit sever may generate and provide unique registration codes for each of the users in the list. The SSH audit server may associate particular users with particular public keys as each of the users accesses the SSH audit server using a public key and inputs a registration code.
5 Citations
20 Claims
-
1. A system, comprising:
-
one or more communication interfaces to communicate with one or more client devices; one or more processors; and computer-readable storage media storing computer-executable instructions, which when executed by the one or more processors, cause the one or more processors to perform operations comprising; receive a request to open a secure communication channel from a client device associated with an individual, the request including information generated based at least in part on a private key associated with the individual; authenticate the request based at least in part on a public key associated with the individual; receive a registration code from the client device corresponding to the individual; attempt to validate the registration code by determining whether the registration code is valid for the individual; and mark the public key for further investigation responsive to determining that the registration code is invalid for the individual. - View Dependent Claims (2, 3, 5)
-
-
4. (canceled)
-
6. (canceled)
-
7. A method, comprising:
-
generating, at an audit server, a unique registration code; associating the unique registration code with a user; sending the unique registration code to a client device of the user; receiving a public key and a request to open a communication channel from the client device; establishing the communication channel based at least in part on the public key; receiving an input of a registration code from the client device; attempt to validate the registration code by determining whether the registration code corresponds to the unique registration code; and mark the public key for further investigation responsive to determining that the registration code does not correspond to the unique registration code. - View Dependent Claims (8, 10, 11, 12)
-
-
9. (canceled)
-
13. One or more non-transitory computer-readable storage media configured to store computer-executable instructions, which when executed by one or more processors, cause a system to perform operations comprising:
-
generate a plurality of registration codes, a registration code of the plurality of registration codes associated with a user; send the registration code to a client device of the user; receive an input of a registration code over a communication channel established based in part on a public key; attempt to validate the registration code by determining whether the registration code is valid for the user; and mark the public key for further investigation responsive to determining that the registration code is invalid for the user. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
14. (canceled)
Specification