Password security utility

US 7,152,693 B2
Filed: 05/30/2003
Issued: 12/26/2006
Est. Priority Date: 05/30/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A resource manager for use in an associated content management system, the resource manager configured to receive a client request pertaining to information and to access at least one of a plurality of data servers to execute the client request, the resource manager including:

a encryption engine adapted to encrypt passwords associated with the plurality of data servers using a key-based encryption algorithm and to store in a password storage a ciphertext corresponding to each password, the ciphertext being generated based at least on the encrypted password;

a server identifier module that identifies a ciphertext in the passwords storage that is associated with the at least one of a plurality of data servers; and

a decryption engine that decrypts the ciphertext using a key-based decryption algorithm corresponding to the key-based encryption algorithm to recover the password corresponding to the ciphertext.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A resource manager (14, 16) of a content management system (10) is configured to receive a client request (34, 36) pertaining to information and to access at least one of a plurality of data servers (20, 22, 24, 26) to execute the client request (34, 36). An encryption engine (80) encrypts passwords associated with the plurality of data servers (20, 22, 24, 26) using a key-based encryption algorithm and stores a ciphertext corresponding to each password in a passwords storage (40). A server identifier module (70, 72) identifies a ciphertext in the passwords storage (40) that is associated with the at least one of a plurality of data servers (20, 22, 24, 26). A decryption engine (100) decrypts the ciphertext using a key-based decryption algorithm corresponding to the key-based encryption algorithm.

26 Citations

View as Search Results

20 Claims

1. A resource manager for use in an associated content management system, the resource manager configured to receive a client request pertaining to information and to access at least one of a plurality of data servers to execute the client request, the resource manager including:
- a encryption engine adapted to encrypt passwords associated with the plurality of data servers using a key-based encryption algorithm and to store in a password storage a ciphertext corresponding to each password, the ciphertext being generated based at least on the encrypted password;
  
  a server identifier module that identifies a ciphertext in the passwords storage that is associated with the at least one of a plurality of data servers; and
  
  a decryption engine that decrypts the ciphertext using a key-based decryption algorithm corresponding to the key-based encryption algorithm to recover the password corresponding to the ciphertext.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The resource manager as set forth in claim 1, wherein the key-based encryption and decryption algorithms include a randomly generated encryption key associated with the resource manager.
  - 3. The resource manager as set forth in claim 1, further including:
    - an initialization factor generator module that computes an initialization factor based on a randomizing input, the encryption engine being adapted to access the initialization factor generator module to obtain a different initialization factor for encrypting each password, the key-based encryption algorithm computing for each password an encrypted password based on the corresponding initialization factor and an encryption key.
  - 4. The resource manager as set forth in claim 3, further including:
    - a message digest generator that computes a message digest based on a system clock value, the message digest being the randomizing input to the initialization factor generator module.
  - 5. The resource manager as set forth in claim 4, wherein:
    - the encryption engine generates the ciphertext by combining at least the initialization factor and the encrypted password, the generating of the ciphertext including;
      
      assigning values of bytes of the initialization factor to selected bytes of the ciphertext; and
      
      assigning values of bytes of the encrypted password to bytes of the ciphertext other than the selected bytes.
  - 6. The resource manager as set forth in claim 3, wherein:
    - the encryption engine generates the ciphertext by combining at least the initialization factor with the corresponding encrypted password.
  - 7. The resource manager as set forth in claim 3, whereinthe encryption engine generates the ciphertext by interspersing bytes of the initialization factor with bytes of the corresponding encrypted password.
  - 8. The resource manager as set forth in claim 6, wherein:
    - the decryption engine decrypts the ciphertext by extracting the initialization factor from the corresponding ciphertext, the key-based decryption algorithm computing the password based on the ciphertext, the extracted initialization factor, and a key corresponding to the encryption key.
  - 9. The resource manager as set forth in claim 8, wherein the key corresponding to the encryption key is the encryption key.
  - 10. The resource manager as set forth in claim 1, wherein:
    - the key-based encryption algorithm and the key-based decryption algorithm perform encryption and decryption, respectively, at a byte level.
  - 11. The resource manager as set forth in claim 10, wherein:
    - the encryption engine is adapted to encrypt each password to define an encrypted password and combines the encrypted password with one or more encryption marker bytes that are distinguishable from bytes of the passwords associated with the plurality of data servers.
  - 12. The resource manager as set forth in claim 11, wherein:
    - the decryption engine performs the decrypting conditional upon the ciphertext including the one or more encryption marker bytes.

13. A content management method for managing content stored on a plurality of data servers, the content management method including:
- computing a first cipher key set comprising one or more random cipher keys associated with a first application of the method;
  
  encrypting a first plurality of passwords corresponding to a first plurality of servers using the first cipher key set to produce ciphertexts corresponding to the passwords, the ciphertexts being stored in a first passwords list associated with the first application of the method;
  
  constructing an information processing request based on user inputs;
  
  identifying a server to be accessed during execution of the information processing request;
  
  retrieving a ciphertext corresponding to the server to be accessed from the first passwords list; and
  
  decrypting the ciphertext corresponding to the server to be accessed using the first cipher key set.
- View Dependent Claims (14, 15, 16)
- - 14. The content management method as set forth in claim 13, further including:
    - computing a second cipher key set comprising one or more random cipher keys associated with a second application of the method, the second cipher key set being different from the first cipher key set; and
      
      encrypting a second plurality of passwords corresponding to a second plurality of servers using the second cipher key set to produce ciphertexts corresponding to the passwords, the ciphertexts being stored in a second passwords list associated with the second application of the method.
  - 15. The content management method as set forth in claim 13, wherein the encrypting of the first plurality of passwords to produce ciphertexts corresponding to the passwords includes for each password:
    - generating a randomizing factor;
      
      encrypting the password based on the first cipher key set and the randomizing factor to produce an encrypted password; and
      
      combining the encrypted password and the randomizing factor to produce the ciphertext.
  - 16. The content management method as set forth in claim 13, wherein the encrypting of the first plurality of passwords to produce ciphertexts corresponding to the passwords includes:
    - for each password, computing a message digest having a preselected number of bytes based on a system clock value retrieved during the encrypting of that password, the encrypting being performed based on the cipher key set and the computed message digest, wherein the encrypting of each password employs a message digest computed from a different system clock value.

17. An article of manufacture comprising a program storage medium readable by a computer and embodying one or more instructions executable by the computer to perform a security utility method for maintaining a passwords list, the method comprising:
- computing a cipher key set based on a generally variable quantity;
  
  encrypting passwords using the cipher key set, the encrypting of each password including;
  
  generating a generally variable initialization factor corresponding to the password,encrypting the password based on the corresponding generally variable initialization factor and the cipher key set to produce an encrypted password,combining the encrypted password with at least the corresponding generally variable initialization factor to produce a ciphertext, andstoring the ciphertext in the passwords list; and
  
  responsive to a request for one of the passwords;
  
  retrieving a ciphertext corresponding to the password from the passwords list,recovering the encrypted password and the corresponding variable initialization factor from the retrieved ciphertext, anddecrypting the encrypted password based on the corresponding variable initialization factor and the cipher key set to recover the password.
- View Dependent Claims (18, 19, 20)
- - 18. The article of manufacture as set forth in claim 17, wherein the computing of a cipher key set based on a generally variable quantity includes:
    - retrieving a random value from a random number generator; and
      
      computing the cipher key set based on the retrieved random value.
  - 19. The article of manufacture as set forth in claim 17, wherein the generating of a generally variable initialization factor corresponding to the password includes:
    - retrieving a system clock value; and
      
      computing a message digest corresponding to the retrieved system clock value.
  - 20. The article of manufacture as set forth in claim 17, wherein:
    - the combining the encrypted password with at least the corresponding generally variable initialization factor to produce a ciphertext further includes incorporating an encryption marker into the ciphertext, the encryption marker being distinct from the passwords; and
      
      the recovering of the encrypted password and the corresponding variable initialization factor from the retrieved ciphertext and the decrypting of the encrypted password are performed conditional upon the ciphertext incorporating the encryption marker.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kozina, Gerald Edward, Man, Kwai Hing, Wang, Shirley S.
Primary Examiner(s)
Song, Hosuk

Application Number

US10/449,382
Publication Number

US 20040240670A1
Time in Patent Office

1,306 Days
Field of Search

713/168, 713181-183, 713/189, 713/193, 380/44, 380/46, 380/277, 380/281, 380/284, 380/286, 726 2- 6, 726 16- 18, 726/21, 726 27- 30
US Class Current

173/183
CPC Class Codes

G06F 21/34 involving the use of extern...

G06F 21/6218 to a system of files or obj...

Password security utility

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Password security utility

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links