Retrieving plain-text passwords from a main registry by a plurality of foreign registries

US 5,862,323 A
Filed: 11/13/1995
Issued: 01/19/1999
Est. Priority Date: 11/13/1995
Status: Expired due to Term

First Claim

Patent Images

1. A network system server that provides password synchronization between a main data store and a plurality of secondary data stores, said network system server comprising:

a security server coupled to said main data store, said security server controlling communication with said main data store;

a plurality of clients coupled to said security server, said plurality of clients only accessing said main data store through said security server, each of said plurality of clients maintaining a unique, modifiable password;

a password synchronization server coupled to said security server and to said plurality of secondary data stores; and

a password repository coupled to said password synchronization server, said password repository storing passwords of said plurality of clients, said passwords in said password repository being retrievable by said plurality of secondary data stores via said password synchronization server so that each client is able to maintain a single, unique password for all of said plurality of secondary data stores.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network system server that provides password synchronization between a main data store and a plurality of secondary data stores is disclosed. The network system server includes a security server, which is coupled to the main data store, a plurality of clients, which is coupled to the security server for accessing the main data store wherein each client maintains a unique, modifiable password, a password synchronization server, which is coupled to security server and the plurality of secondary data stores, and a password repository, which is coupled to the password synchronization server, that stores the passwords. One of the secondary data stores can retrieve the passwords via the password synchronization server so that each client is able to maintain a single, unique password among the plurality of secondary data stores. Password retrieval is instigated by at least one of the plurality of secondary data stores regardless of the current password status of the secondary data stores.

156 Citations

26 Claims

1. A network system server that provides password synchronization between a main data store and a plurality of secondary data stores, said network system server comprising:
- a security server coupled to said main data store, said security server controlling communication with said main data store;
  
  a plurality of clients coupled to said security server, said plurality of clients only accessing said main data store through said security server, each of said plurality of clients maintaining a unique, modifiable password;
  
  a password synchronization server coupled to said security server and to said plurality of secondary data stores; and
  
  a password repository coupled to said password synchronization server, said password repository storing passwords of said plurality of clients, said passwords in said password repository being retrievable by said plurality of secondary data stores via said password synchronization server so that each client is able to maintain a single, unique password for all of said plurality of secondary data stores.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A network system server according to claim 1, and further comprising said main data store, said main data store including an information account for each of said plurality of clients, each information account including a password of a corresponding client.
  - 3. A network system server according to claim 2, said security server providing a clear-text password to said password synchronization server for retrieval by said one of said plurality of secondary data stores.
  - 4. A network system server according to claim 3, said security server including means for encrypting said clear-text password for storage in said information account.
  - 5. A network system server according to claim 1, and further comprising said main data store, said main data store including an information account for said password synchronization server that binds each of said plurality of secondary data stores with each of said plurality of clients.
  - 6. A network system server according to claim 1, and further comprising said main data store, said main data store including an information account for each of said plurality of secondary data stores.
  - 7. A network system server according to claim 1, further comprising:
    - a temporary memory data store coupled to said password synchronization server and containing information supporting a propagation retry, said temporary memory data store allowing said password synchronization server to perform a propagation retry in the event of an outage of a temporary foreign registry or said password synchronization server.
  - 8. A network system server according to claim 1, at least one of said plurality of secondary data stores accessing passwords in said password repository regardless of the current password status of said plurality of secondary data stores.

9. A computer program product that provides password synchronization between a main data store and a plurality of secondary data stores, said computer program product comprising:
- computer usable code means for maintaining a unique, modifiable password for each of a plurality of clients coupled to said main data store;
  
  computer usable code means for retrieving a password for one of said plurality of secondary data stores so that each client among said plurality of clients is able to maintain a single, unique password for said main data store and all of said plurality of secondary data stores, such that password synchronization is maintained.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 22)
- - 10. A computer program product according to claim 9, and further comprising:
    - computer usable code means for providing a clear-text password based on said user'"'"'s unique password; and
      
      computer usable code means for retrieving said clear-text password by said one of said plurality of secondary data stores.
  - 11. A computer program product according to claim 10, and further comprising:
    - computer usable code means for encrypting said clear-text password; and
      
      computer usable code means for storing said encrypted clear-text password in an information account.
  - 12. A computer program product according to claim 9, and further comprising:
    - computer usable code means for binding each of said plurality of secondary data stores with each of said plurality of clients.
  - 13. A computer program product according to claim 9, and further comprising:
    - computer usable code means for performing a propagation retry in the event of an outage of a temporary foreign registry or password synchronization server.
  - 14. A computer program product according to claim 9, said password retrieval being instigated by at least one of said plurality of secondary data stores regardless of the current password status of said plurality of secondary data stores.
  - 15. A computer program product according to claim 9, and further comprising:
    - computer usable code means for checking that each client maintains a password having a composition consistent with a set of rules selected for said main data store.
  - 16. A computer program product according to claim 9, said computer usable code means for retrieving comprising:
    - computer usable code means, responsive to receipt of a request for a password of a particular client among said plurality of clients, said request being transmitted by a requestor associated with one of said plurality of secondary data stores, for determining if said requestor is permitted access to said password of said particular client; and
      
      computer usable code means, responsive to a determination that said requestor is permitted access to said password, for transmitting said password to said requestor for storage in said one of said plurality of secondary data stores.
  - 17. A computer program product according to claim 16, wherein:
    - said computer usable code means for transmitting comprises the computer usable code means for transmitting said password to said requestor in encrypted form; and
      
      said computer program product further comprises computer usable code means for transmitting, to said requester, an indication of a type of encryption utilized to encrypt said password.
  - 22. A method according to claim 17, and further comprising the step of:
    - performing a propagation retry in response to an outage of a temporary foreign registry or password synchronization server.

18. A method of providing password synchronization between a main data store and a plurality of secondary data stores, said method comprising:
- maintaining a unique, modifiable password for each of a plurality of clients coupled to said main data store; and
  
  retrieving a password for one of said plurality of secondary data stores so that each client among said plurality of clients is able to maintain a single, unique password for said main data store and all of said plurality of secondary data stores, such that password synchronization is maintained.
- View Dependent Claims (19, 20, 21, 23, 24, 25, 26)
- - 19. A method according to claim 18, and further comprising the step of:
    - providing a clear-text password for retrieval by said one of said plurality of secondary data stores.
  - 20. A method according to claim 19, and further comprising the step of:
    - encrypting said clear-text password; and
      
      storing said encrypted clear-text password in an information account.
  - 21. A method according to claim 18, and further comprising the step of:
    - binding each of said plurality of secondary data stores with each of said plurality of clients.
  - 23. A method according to claim 18, said password retrieval being instigated by at least one of said plurality of secondary data stores regardless of the current password status of said plurality of secondary data stores.
  - 24. A method according to claim 18, and further comprising:
    - checking that each client maintains a password having a composition consistent with a set of rules selected for said main data store.
  - 25. A method according to claim 18, said retrieving step comprising the steps of:
    - in response to receipt of a request for a password of a particular client among said plurality of clients, said request being transmitted by a requestor associated with one of said plurality of secondary data stores, determining if said requestor is permitted access to said password of said particular client; and
      
      in response to a determination that said requester is permitted access to said password, transmitting said password to said requestor for storage in said one of said plurality of secondary data stores.
  - 26. A method according to claim 25, wherein:
    - said transmitting step comprises the step of transmitting said password to said requestor in encrypted form; and
      
      said method further comprises the step of transmitting, to said requestor, an indication of a type of encryption utilized to encrypt said password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Blakley, III, George Robert, Milman, Ivan Matthew, Sigler, Wayne Dube
Primary Examiner(s)
Hua, Ly

Application Number

US08/557,754
Time in Patent Office

1,163 Days
Field of Search

395/188.01, 395/187.01, 395/200.01, 395/500, 395/609, 340/825.34, 380/25, 380/23
US Class Current

726/13
CPC Class Codes

G06F 21/31 User authentication

G06F 21/46 by designing passwords or c...

Retrieving plain-text passwords from a main registry by a plurality of foreign registries

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

156 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Retrieving plain-text passwords from a main registry by a plurality of foreign registries

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

156 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others