User authorization management system using a meta-password and method for same

US 7,103,912 B2
Filed: 06/29/2001
Issued: 09/05/2006
Est. Priority Date: 06/29/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for management of user authentication information, comprising:

providing a repository including a list of network addresses, each network address having an associated handle and each handle having an associated encoded password;

receiving a user authentication response sent by an associated user to a network, the user authentication response including a meta-password;

identifying, in said user authentication response, a first network address to which the user authentication response is directed, the first network address being associated in said repository with a first handle and with a first encoded password;

generating a modified authentication response by decoding the first encoded password using the meta-password as a decoding key and combining the decoded password with the user authentication response; and

transmitting the modified authentication response to the identified network address via the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user authentication information management method receives a meta-password from a user. A repository (34) lists network addresses (36) and associated handles (38), each handle having an associated encoded password. An authentication response from the user is intercepted. A modified authentication response is generated by identifying a network address to which the response is directed (208), searching for the identified network address (210) in the repository (34), identifying a handle (212) corresponding to the address based on the searching (210), decoding the password associated with the handle using the meta-password as a decoding key (214), and substituting the decoded password for the meta-password in the authentication response (216). The method also generates pseudo-random passwords (124) consistent with password rules (128). The repository (34) can reside on a client device (14), a proxy server, a local area network, or a security server having an Internet protocol (IP) address. The repository (34) can also be disposed at a database service.

79 Citations

View as Search Results

39 Claims

1. A method for management of user authentication information, comprising:
- providing a repository including a list of network addresses, each network address having an associated handle and each handle having an associated encoded password;
  
  receiving a user authentication response sent by an associated user to a network, the user authentication response including a meta-password;
  
  identifying, in said user authentication response, a first network address to which the user authentication response is directed, the first network address being associated in said repository with a first handle and with a first encoded password;
  
  generating a modified authentication response by decoding the first encoded password using the meta-password as a decoding key and combining the decoded password with the user authentication response; and
  
  transmitting the modified authentication response to the identified network address via the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The management method according to claim 1, wherein generating a modified authentication response further includes:
    - searching for the identified network address in the repository;
      
      identifying a handle corresponding to the network address based on the searching step;
      
      decoding the encoded password associated with the identified handle using the first meta-password as a decoding key; and
      
      generating the modified authentication response by substituting the decoded password for the first meta-password in the authentication response.
  - 3. The management method according to claim 2 further including:
    - receiving a second meta-password from the associated user together with a request for meta-password update;
      
      using said first meta-password as a key, decoding each of said passwords associated with said list of network addresses as decoded passwords;
      
      using said second meta-password as a key, encoding each of said decoded passwords as re-encoded passwords; and
      
      storing the re-encoded passwords in said registry.
  - 4. The management method according to claim 3 further including registering said second meta-password in an associated storage location.
  - 5. The management method according to claim 1, wherein generating a modified authentication response further includes:
    - receiving a handle selection from the associated user, said handle selection being selected from the handles contained in the repository;
      
      entering the identified network address into the repository;
      
      in the repository, associating the identified network address with the received handle selection;
      
      decoding the encoded password associated with the received handle using the first meta-password as a decoding key; and
      
      generating the modified authentication response by combining the decoded password with the authentication response.
  - 6. The management method according to claim 5, wherein receiving a handle selection from the associated user further includes:
    - displaying a handle selection dialog box including displaying the handles stored in the repository; and
      
      receiving a handle selection from the associated user via the selection dialog box.
  - 7. The management method according to claim 1, further including:
    - searching for the identified network address in the repository;
      
      recognizing, based upon the searching step, that the network address is not associated with a handle in the repository; and
      
      when the network address is not associated with the handle in the repository, displaying a handle selection dialog box.
  - 8. The management method according to claim 1, further including:
    - accessing a handle management dialog box;
      
      in the handle management dialog box, receiving a new handle from the associated user, said new handle not being included in the repository;
      
      establishing a collection of password rules;
      
      generating a password consistent with the established password rules;
      
      encoding the generated password using the first meta-password as an encoding key;
      
      storing the network address in the repository;
      
      in the repository, associating the network address with the new handle; and
      
      in the repository, associating the encoded password with the new handle.
  - 9. The management method according to claim 8, wherein generating a password includes generating a password using a pseudo-random number generator.
  - 10. The management method according to claim 9, wherein generating a password further includes:
    - obtaining a system time;
      
      mathematically combining the system time and the meta-password to obtain a seed value;
      
      applying the seed value to an operation of the pseudo-random number generator to generate a pseudo-random number sequence; and
      
      using the pseudo-random number sequence to generate a character sequence as said password.
  - 11. The management method according to claim 9, wherein generating a password using a pseudo-random number generator further includes:
    - obtaining a system time;
      
      applying the system time as a seed to an operation of the pseudo-random number generator to generate a pseudo-random number sequence; and
      
      ,using the pseudo-random number sequence to generate a character sequence.
  - 12. The management method according to claim 8, wherein establishing a collection of password rules includes receiving a collection of password rules from the associated user.
  - 13. The management method according to claim 1, further including:
    - establishing a collection of password rules for a first handle in the repository;
      
      generating a password consistent with the collection of password rules;
      
      updating the user password to correspond with the generated password on a secure service provider with which the first handle is associated;
      
      encoding the generated password using the first meta-password as an encoding key; and
      
      associating, in the repository, the encoded password with the first handle.
  - 14. The management method according to claim 13, further including:
    - receiving an update period for the first handle from the associated user;
      
      associating the update period with the first handle; and
      
      repeating, coincident with a recurrence of the update period, the generating, the updating, the encoding, and the associating.
  - 15. The management method according to claim 1 wherein generating a modified authentication response further includes:
    - verifying that the authentication response includes the first meta-password; and
      
      conditional upon the verifying step not locating the first meta-password in the authentication response, generating a modified authentication response which includes substantially no changes relative to the authentication response.

16. A system for managing user authentication information in an associated interfacing program which interfaces an associated user with a plurality of associated secure services, the system comprising:
- a repository containing an address table storing addresses wherein each address has a handle associated therewith and each handle has an encoded password associated therewith;
  
  a software hook by which an authentication response including a meta-password sent by the interfacing program to a first address is intercepted; and
  
  a processor for processing the intercepted authentication response to form a modified authentication response by i) indexing said repository using said first address and extracting a first handle associated with the first address and a first encoded password associated with the first handle, ii) decoding the first encoded password extracted from the repository using said meta-password as a decoding key to generate a decoded first password, and iii) substituting said meta-password with said decoded first password to form said modified authentication response.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The system as set forth in claim 16, wherein the repository resides on one of:
    - an associated client device, an associated proxy server, an associated local area network, and an associated security server having an Internet protocol (IP) address.
  - 18. The system as set forth in claim 16, wherein the repository is disposed at an associated database service.
  - 19. The system as set forth in claim 16, further comprising:
    - a maintenance processor for enabling user maintenance of the address table.
  - 20. The system as set forth in claim 16, further comprising:
    - a password generator for generating a password based upon a pseudo-random quantity; and
      
      a password encoder for encoding a password using the meta-password as an encoding key.
  - 21. The system as set forth in claim 20, wherein the pseudo-random quantity is constructed from the first meta-password and a system clock value.
  - 22. The system as set forth in claim 16, wherein:
    - the repository includes a handle table for associating each handle with an encoded password.
  - 23. The system as set forth in claim 16, wherein the handle table includes a user ID associated with each handle.
  - 24. The system as set forth in claim 16, wherein the handle table includes a collection of password rules associated with each handle.

25. An article of manufacture comprising a program storage medium readable by a computer and embodying one or more instructions executable by the computer for performing a method for management of user authentication information, comprising:
- providing a repository including a list of network addresses, each network address having an associated handle and each handle having an associated encoded password;
  
  receiving a user authentication response sent by an associated user to a network, the user authentication response including a meta-password;
  
  identifying, in said user authentication response, a first network address to which the authentication response is directed, the first network address being associated in said repository with a first handle and with a first encoded password;
  
  generating a modified authentication response by decoding the first encoded password using the meta-password as a decoding key and substituting the decoded password for the meta-password in the user authentication response; and
  
  transmitting the modified authentication response to the identified network address via the network.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 26. The article of manufacture according to claim 25, wherein generating a modified authentication response further includes:
    - searching for the identified network address in the repository;
      
      identifying a handle corresponding to the network address based on the searching step;
      
      decoding the encoded password associated with the identified handle using the first meta-password as a decoding key; and
      
      generating the modified authentication response by substituting the decoded password for the first meta-password in the authentication response.
  - 27. The article of manufacture according to claim 26 further including:
    - receiving a second meta-password from the associated user together with a request for meta-password update;
      
      using said first meta-password as a key, decoding each of said passwords associated with said list of network addresses as decoded passwords;
      
      using said second meta-password as a key, encoding each of said decoded passwords as re-encoded passwords; and
      
      storing the re-encoded passwords in said registry.
  - 28. The article of manufacture according to claim 27 further including registering said second meta-password in an associated storage location.
  - 29. The article of manufacture according to claim 25, wherein generating a modified authentication response further includes:
    - receiving a handle selection from the associated user, said handle selection being selected from the handles contained in the repository;
      
      entering the identified network address into the repository;
      
      in the repository, associating the identified network address with the received handle selection;
      
      decoding the encoded password associated with the received handle using the first meta-password as a decoding key; and
      
      generating the modified authentication response by combining the decoded password with the authentication response.
  - 30. The article of manufacture according to claim 29, wherein receiving a handle selection from the associated user further includes:
    - displaying a handle selection dialog box including displaying the handles stored in the repository; and
      
      receiving a handle selection from the associated user via the selection dialog box.
  - 31. The article of manufacture according to claim 25, further including:
    - searching for the identified network address in the repository;
      
      recognizing, based upon the searching step, that the network address is not associated with a handle in the repository; and
      
      when the network address is not associated with the handle in the repository, displaying a handle selection dialog box.
  - 32. The article of manufacture according to claim 25, further including:
    - accessing a handle management dialog box;
      
      in the handle management dialog box, receiving a new handle from the associated user, said new handle not being included in the repository;
      
      establishing a collection of password rules;
      
      generating a password consistent with the established password rules;
      
      encoding the generated password using the first meta-password as an encoding key;
      
      storing the network address in the repository;
      
      in the repository, associating the network address with the new handle; and
      
      in the repository, associating the encoded password with the new handle.
  - 33. The article of manufacture according to claim 32, wherein generating a password includes generating a password using a pseudo-random number generator.
  - 34. The article of manufacture according to claim 33, wherein generating a password further includes:
    - obtaining a system time;
      
      mathematically combining the system time and the meta-password to obtain a seed value;
      
      applying the seed value to an operation of the pseudo-random number generator to generate a pseudo-random number sequence; and
      
      using the pseudo-random number sequence to generate a character sequence as said password.
  - 35. The article of manufacture according to claim 33, wherein generating a password using a pseudo-random number generator further includes:
    - obtaining a system time;
      
      applying the system time as a seed to an operation of the pseudo-random number generator to generate a pseudo-random number sequence; and
      
      ,using the pseudo-random number sequence to generate a character sequence.
  - 36. The article of manufacture according to claim 32, wherein establishing a collection of password rules includes receiving a collection of password rules from the associated user.
  - 37. The article of manufacture according to claim 25, further including:
    - establishing a collection of password rules for a first handle in the repository;
      
      generating a password consistent with the collection of password rules;
      
      updating the user password to correspond with the generated password on a secure service provider with which the first handle is associated;
      
      encoding the generated password using the first meta-password as an encoding key; and
      
      associating, in the repository, the encoded password with the first handle.
  - 38. The article of manufacture according to claim 37, further including:
    - receiving an update period for the first handle from the associated user;
      
      associating the update period with the first handle; and
      
      repeating, coincident with a recurrence of the update period, the generating, the updating, the encoding, and the associating.
  - 39. The article of manufacture according to claim 25 wherein generating a modified authentication response further includes:
    - verifying that the authentication response includes the first meta-password; and
      
      conditional upon the verifying step not locating the first meta-password in the authentication response, generating a modified authentication response which includes substantially no changes relative to the authentication response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Malloy, William Earl, Xia, Chenhong
Primary Examiner(s)
Wright, Norman M.

Application Number

US09/896,457
Publication Number

US 20030005299A1
Time in Patent Office

1,894 Days
Field of Search

713/200, 713/202, 713/201, 713/185, 713/184, 713/183, 726/5, 726/4, 726/8, 726/7, 726 28- 30, 726 6- 10, 726 18- 19
US Class Current

726/8
CPC Class Codes

G06F 21/31 User authentication

G06F 2221/2115 Third party

User authorization management system using a meta-password and method for same

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

79 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

User authorization management system using a meta-password and method for same

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links