Credential management and network querying
First Claim
Patent Images
1. A method for determining one or more credentials of a network device, comprising:
- selecting, for valid credential discovery, at least one of a first network device and an electronic address of the first network device from among a plurality of network devices and/or corresponding electronic addresses in a network;
accessing a credential repository, the credential repository comprising a collection of electronic addresses corresponding to the network devices and, for each electronic address, a respective set of credentials previously used at the corresponding electronic address to evidence privileges for a network device associated with the corresponding electronic address, and a candidate credential queue, the candidate credential queue comprising a collection of candidate credentials, each candidate credential having a corresponding at least one of a priority and protocol identifier, the priority indicating a likelihood that the corresponding credential is in current use by the first network device and the protocol identifier indicating a protocol compatible with the corresponding credential, wherein the credentials comprise at least one of a community string, User-Based Security Model (USM) mode, authentication method, authentication password, privacy method, and privacy password;
contacting the first network device;
accessing, from the credential repository, a first set of credentials corresponding to a first electronic address of the first network device;
testing the validity of each member of the first set of credentials in the credential repository with the first network device;
when no credential in the first set of credentials is valid for use with the first network device, testing the validity of selected credentials in the candidate credential queue with the first network device; and
when a credentials is valid for use with the first network device, recording the credential as being valid for the first network device.
18 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to a system and method for determining one or more credentials of a network device. The system and method select a first network device from among a plurality of network devices, access a credential repository, contact the first network device, and test the validity of the first set of credentials. The credential repository comprises a first set of credentials corresponding to the first network device. If a user provides invalid or no credentials, a candidate credential queue can be used to guess a valid second set of credentials when the first set of credentials is not valid.
84 Citations
38 Claims
-
1. A method for determining one or more credentials of a network device, comprising:
-
selecting, for valid credential discovery, at least one of a first network device and an electronic address of the first network device from among a plurality of network devices and/or corresponding electronic addresses in a network; accessing a credential repository, the credential repository comprising a collection of electronic addresses corresponding to the network devices and, for each electronic address, a respective set of credentials previously used at the corresponding electronic address to evidence privileges for a network device associated with the corresponding electronic address, and a candidate credential queue, the candidate credential queue comprising a collection of candidate credentials, each candidate credential having a corresponding at least one of a priority and protocol identifier, the priority indicating a likelihood that the corresponding credential is in current use by the first network device and the protocol identifier indicating a protocol compatible with the corresponding credential, wherein the credentials comprise at least one of a community string, User-Based Security Model (USM) mode, authentication method, authentication password, privacy method, and privacy password; contacting the first network device; accessing, from the credential repository, a first set of credentials corresponding to a first electronic address of the first network device; testing the validity of each member of the first set of credentials in the credential repository with the first network device; when no credential in the first set of credentials is valid for use with the first network device, testing the validity of selected credentials in the candidate credential queue with the first network device; and when a credentials is valid for use with the first network device, recording the credential as being valid for the first network device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer, comprising:
-
a credential repository, the credential repository comprising a collection of electronic addresses corresponding to a plurality of network devices and, for each electronic address, a respective set of credentials previously used at the corresponding electronic address to evidence privileges for a network device associated with the corresponding electronic address; a candidate credential queue, the candidate credential queue comprising a collection of candidate credentials, each candidate credential having a corresponding at least one of a priority and protocol identifier, the priority indicating a likelihood that the corresponding credential is in current use by the first network device and the protocol identifier indicating a protocol compatible with the corresponding credential, wherein the credentials comprise at least one of a community string, User-Based Security Model (USM) mode, authentication method, authentication password, privacy method, and privacy password; a credential discovery agent operable to; select, for valid credential discovery, at least one of a first network device and an electronic address of the first network device from among the plurality of network devices; contact the first network device; access, from the credential repository, a first set of credentials corresponding to a first electronic address of the first network device; test the validity of each member of the first set of credentials in the credential repository with the first network device; when no credential in the first set of credentials is valid for use with the first network device, test the validity of selected credentials in the candidate credential queue with the first network device; and when a credentials is valid for use with the first network device, recording the credential as being valid for the first network device. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A system for analyzing a validity of credentials, comprising:
-
a credential discovery agent configured to assign a rank to a selected set of candidate credentials based on whether or not the selected set of candidate credentials is valid, the rank being used to indicate a likelihood that the corresponding selected set of candidate credentials is valid for use with network devices; and a credential repository, the credential repository comprising a plurality of sets of candidate credentials for use with network devices and wherein the sets of candidate credentials comprise credentials other than a user name that are known to have been previously used at the network devices to evidence privileges for the network devices, the credential repository further comprising; (i) a protocol identifier identifying, from among a plurality of protocols, a particular protocol associated with a corresponding set of candidate credentials, wherein the repository includes a first protocol identifier identifying a first protocol and a second protocol identifier identifying a second protocol, the first and second protocols being different from one another; and (ii) a recency of use indicator indicating a recency of use, among multiple network devices in the network, of the set of candidate credentials in the network, wherein the rankings are a function of magnitudes of the use counters, frequency counters, and recency of use indicators and wherein the credential discovery agent is further configured to select a set of candidate credentials from a candidate credential queue, test the validity of the selected set of candidate credentials, and assign the ranking to the selected set of candidate credentials based on whether or not the at least one credential is valid. - View Dependent Claims (34, 35, 36)
-
-
37. A method for determining one or more credentials of a network device, comprising:
-
selecting a first network device from among a plurality of network devices; accessing a candidate credential queue, the candidate credential queue comprising a collection of candidate credentials, each candidate credential having a corresponding protocol identifier, the protocol identifier indicating a protocol compatible with the corresponding credential, wherein the credentials comprise at least one of a community string, User-Based Security Model (USM) mode, authentication method, authentication password, privacy method, and privacy password; contacting the first network device; accessing a credential repository, the credential repository comprising a collection of electronic addresses corresponding to the network devices and, for each electronic address, a respective set of credentials previously used at the corresponding electronic address; accessing, from the credential repository, a first set of credentials corresponding to a first electronic address of the first network device; determining that a first protocol is currently used by the first network device; selecting a first credential and not a second credential from the candidate credential queue, the first credential having a first protocol identifier associated with the first protocol and the second credential having a second protocol identifier associated with a second protocol, the first and second protocols being different; testing the validity of the first but not the second credential with the first network device; testing the validity of each member of the first set of credentials in the credential repository with the first network device; when no credential in the first set of credentials is valid with the first network device, testing the validity of the first credential from the candidate credential queue; and when a credentials is valid for use with the first network device, recording the credential as being valid for the first network device. - View Dependent Claims (38)
-
Specification