System and method for distributed network acess and control enabling high availability, security and survivability
First Claim
1. A method of administering access and security on a network having a plurality of computers, comprising:
- installing a one-way encrypted password file on each computer of the plurality of computers in the network, wherein the one-way encrypted password file includes a plurality of user identifications associated one-way encrypted passwords and associated privileges for each authorized user allowed access to the plurality of computers and the network;
one-way encrypting a password entered by a user when the user logs into a computer of the plurality of computers on the network;
checking for a match between the user identification and one-way encrypted password entered by the user and the plurality of user identifications and one-way encrypted passwords stored in the one-way encrypted password file;
enabling access to data and software contained on the computer and the network permitted by the associated privileges for the user when a match is found on the one-way encrypted password file;
broadcasting messages to the plurality of computers, such that each message is received at each computer;
filtering the broadcast messages at each computer according to the associated privileges of the user associated with each computer, such that a given message will be displayed only where the associated privileges of the user allow the message to be displayed; and
andupdating the one way encrypted password file at each of the plurality of computers, wherein updating the one way encrypted password file includes attaching a new master password file to a message at a computer accessible by a systems administrator or security officer, encrypting the message containing the new master password file using a private key and pass phrase available only to the systems administrator or security officer, transmitting the message to the plurality of computers, and decrypting the message at each computer using a public key corresponding to the private key.
4 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program that administers access and security on a network having more than one computer system connected thereto. This system, method and computer program has a local password file (1500) which is one-way encrypted and contains user identifications, associated one-way encrypted passwords and associated privileges for each authorized user allowed access to the wide area network (10). A user login module (1200) is used to receive a user identification or role and password from a user and login the user when a match is found in the local password file (1500). A channel monitoring and filtering module (1000) is provided to monitor and receive broadcast or multicast messages within the wide area network (10) and display the message to the user when the user'"'"'s associated privileges permit the viewing of the message. This system, method and computer program also has a password management module (1300) to update and insure that all the computers in the network contain the same local password file (1500). A remote auditing module (1400) is provided to monitor and process anomalous events which may occur on a user'"'"'s computer. A remote control module is also provided to enable a systems administrator or security officer to take appropriate action when a critical event transpires. An authentication module is also provided to enable a system administrator or security officer an option to check and confirm a password entered by a user for re-authentication.
50 Citations
35 Claims
-
1. A method of administering access and security on a network having a plurality of computers, comprising:
-
installing a one-way encrypted password file on each computer of the plurality of computers in the network, wherein the one-way encrypted password file includes a plurality of user identifications associated one-way encrypted passwords and associated privileges for each authorized user allowed access to the plurality of computers and the network; one-way encrypting a password entered by a user when the user logs into a computer of the plurality of computers on the network; checking for a match between the user identification and one-way encrypted password entered by the user and the plurality of user identifications and one-way encrypted passwords stored in the one-way encrypted password file; enabling access to data and software contained on the computer and the network permitted by the associated privileges for the user when a match is found on the one-way encrypted password file; broadcasting messages to the plurality of computers, such that each message is received at each computer; filtering the broadcast messages at each computer according to the associated privileges of the user associated with each computer, such that a given message will be displayed only where the associated privileges of the user allow the message to be displayed; and and updating the one way encrypted password file at each of the plurality of computers, wherein updating the one way encrypted password file includes attaching a new master password file to a message at a computer accessible by a systems administrator or security officer, encrypting the message containing the new master password file using a private key and pass phrase available only to the systems administrator or security officer, transmitting the message to the plurality of computers, and decrypting the message at each computer using a public key corresponding to the private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system to administer access and security on a network having a plurality of computers, comprising:
-
a one-way encrypted password file on each computer of the plurality of computers in the network, wherein the one-way encrypted password file includes a plurality of user identifications, associated one-way encrypted passwords and associated privileges for each authorized user allowed access to the plurality of computers and the network; a user login module to receive a user identification or role and password from a user and login the user when a match is found in the one-way encrypted password file; a channel monitoring and filtering module to monitor and receive broadcast or multicast messages within the network and display the message to the user when the user'"'"'s associated privileges permit the viewing of the message; and a remote auditing module operative to monitor and process anomalous events which may occur on the computer, the anomalous events comprising; a change in the users'"'"' associated privileges; a system disable operation initiated by the user; the expiration of a user'"'"'s password; the rejection of a message due to an invalid digital signature; a request for remote user re-authentication received from the systems administrator or security officer; a request for a remote user lockout received from the system administrator or security officer; and successful completion of a request for remote loading passwords to a system administrator or security officer. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer program executable by a computer and embedded in a computer readable medium to administer access and security on a network having a plurality of computers, comprising:
-
a one-way encrypted password file on each computer of the plurality of computers in the network, wherein the one-way encrypted password file includes a plurality of user identifications, associated one-way encrypted passwords and associated privileges for each authorized user allowed access to the plurality of computers and the network; a user login code segment to receive a user identification or role and password from a user and login the user when a match is found in the one-way encrypted password file; a channel monitoring and filtering code segment to monitor and receive broadcast or multicast messages within the network and display the message to the user when the user'"'"'s associated privileges permit the viewing of the message; and a remote control code segment that enables a systems administrator or security officer to take appropriate action when an anomalous event transpires, the appropriate action including spoofing the user into believing that the access has been gained to the computer, wherein spoofing includes the presentation of false messages and information to the user. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
-
Specification