Credential management and network querying

US 7,571,239 B2
Filed: 04/22/2002
Issued: 08/04/2009
Est. Priority Date: 01/08/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for determining one or more credentials of a network device, comprising:

selecting, for valid credential discovery, at least one of a first network device and an electronic address of the first network device from among a plurality of network devices and/or corresponding electronic addresses in a network;

accessing a credential repository, the credential repository comprising a collection of electronic addresses corresponding to the network devices and, for each electronic address, a respective set of credentials previously used at the corresponding electronic address to evidence privileges for a network device associated with the corresponding electronic address, and a candidate credential queue, the candidate credential queue comprising a collection of candidate credentials, each candidate credential having a corresponding at least one of a priority and protocol identifier, the priority indicating a likelihood that the corresponding credential is in current use by the first network device and the protocol identifier indicating a protocol compatible with the corresponding credential, wherein the credentials comprise at least one of a community string, User-Based Security Model (USM) mode, authentication method, authentication password, privacy method, and privacy password;

contacting the first network device;

accessing, from the credential repository, a first set of credentials corresponding to a first electronic address of the first network device;

testing the validity of each member of the first set of credentials in the credential repository with the first network device;

when no credential in the first set of credentials is valid for use with the first network device, testing the validity of selected credentials in the candidate credential queue with the first network device; and

when a credentials is valid for use with the first network device, recording the credential as being valid for the first network device.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to a system and method for determining one or more credentials of a network device. The system and method select a first network device from among a plurality of network devices, access a credential repository, contact the first network device, and test the validity of the first set of credentials. The credential repository comprises a first set of credentials corresponding to the first network device. If a user provides invalid or no credentials, a candidate credential queue can be used to guess a valid second set of credentials when the first set of credentials is not valid.

84 Citations

View as Search Results

38 Claims

1. A method for determining one or more credentials of a network device, comprising:
- selecting, for valid credential discovery, at least one of a first network device and an electronic address of the first network device from among a plurality of network devices and/or corresponding electronic addresses in a network;
  
  accessing a credential repository, the credential repository comprising a collection of electronic addresses corresponding to the network devices and, for each electronic address, a respective set of credentials previously used at the corresponding electronic address to evidence privileges for a network device associated with the corresponding electronic address, and a candidate credential queue, the candidate credential queue comprising a collection of candidate credentials, each candidate credential having a corresponding at least one of a priority and protocol identifier, the priority indicating a likelihood that the corresponding credential is in current use by the first network device and the protocol identifier indicating a protocol compatible with the corresponding credential, wherein the credentials comprise at least one of a community string, User-Based Security Model (USM) mode, authentication method, authentication password, privacy method, and privacy password;
  
  contacting the first network device;
  
  accessing, from the credential repository, a first set of credentials corresponding to a first electronic address of the first network device;
  
  testing the validity of each member of the first set of credentials in the credential repository with the first network device;
  
  when no credential in the first set of credentials is valid for use with the first network device, testing the validity of selected credentials in the candidate credential queue with the first network device; and
  
  when a credentials is valid for use with the first network device, recording the credential as being valid for the first network device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the at least one of a priority and protocol identifier is priority value.
  - 3. The method of claim 2, wherein the priority value is based on at least one of the following:
    - a candidate credential frequency counter indicating a number of instances of use, by the plurality of network devices and over a selected time period, of a respective credential, a recency of valid use of the respective credential by the plurality of network devices, and a proximity, relative to the first network device, of an administrative locality of at least one of a network device and electronic address found to have validly used the respective credential to the first network device.
  - 4. The method of claim 3, wherein the priority value is a function of a plurality of the candidate credential frequency counter, the recency of valid use of the respective credential and the proximity, relative to the first network device.
  - 5. The method of claim 3, wherein the priority value is a function of the candidate credential frequency counter, the recency of valid use of the respective credential and the proximity, relative to the first network device.
  - 6. The method of claim 1, wherein the credential repository comprises for at least one credential a plurality of a credential state, a protocol identifier indicating a protocol for which the respective credential is compatible, a protocol access level, a total number of instances of use of the respective credential by the plurality of network devices, a priority of use among the plurality of network devices of the respective credential, a candidate credential frequency counter to reflect a frequency of use of the credential among the plurality of network devices, a recency of use among the plurality of network devices of the respective credential, an administrative locality of the respective credential.
  - 7. The method of claim 1, wherein the selected credentials are tested in an order based on priority value.
  - 8. The method of claim 2, wherein the priority value is based on the candidate credential frequency counter.
  - 9. The method of claim 2, wherein the priority value is based on the recency of valid use of the respective credential.
  - 10. The method of claim 2, wherein the priority value is based on the proximity, relative to the first network device, of an administrative locality of at least one of a network device and electronic address found to have validly used the respective credential to the first network device.
  - 11. The method of claim 1, further comprising, when at least one credential is valid for use with the first network device:
    - adding the valid credential to the candidate credential queue.
  - 12. The method of claim 1, further comprising, when at least one credential is not valid:
    - pinging the first network device to determine whether the first network device is contactable;
      
      when a response is received, removing the credential from the respective set of credentials in the credential repository corresponding to the at least one of the first network device and first electronic address; and
      
      when a response is not received, assigning a state of NOT CONTACTABLE to a corresponding entry in the credential repository.
  - 13. The method of claim 1, wherein the at least one of a priority and protocol identifier is protocol identifier.
  - 14. The method of claim 13, further comprising:
    - comparing a protocol associated with the first network device with a protocol identifier associated with a first credential in the selected set of credentials in the candidate credential queue; and
      
      when the protocol associated with the first network device is determined to be the same as the protocol associated with the protocol identifier, testing the selected credential for use with the first network device.
  - 15. The method of claim 1, further comprising, when the selected set of credentials in the candidate credential queue is not valid for use with the first network device:
    - prompting a user for a candidate set of credentials; and
      
      when the candidate set of credentials is received from the user, testing the validity of the candidate set of credentials.
  - 16. A computer readable storage medium comprising processor executable instructions operable, when executed, to perform the steps of claim 1.

17. A computer, comprising:
- a credential repository, the credential repository comprising a collection of electronic addresses corresponding to a plurality of network devices and, for each electronic address, a respective set of credentials previously used at the corresponding electronic address to evidence privileges for a network device associated with the corresponding electronic address;
  
  a candidate credential queue, the candidate credential queue comprising a collection of candidate credentials, each candidate credential having a corresponding at least one of a priority and protocol identifier, the priority indicating a likelihood that the corresponding credential is in current use by the first network device and the protocol identifier indicating a protocol compatible with the corresponding credential, wherein the credentials comprise at least one of a community string, User-Based Security Model (USM) mode, authentication method, authentication password, privacy method, and privacy password;
  
  a credential discovery agent operable to;
  
  select, for valid credential discovery, at least one of a first network device and an electronic address of the first network device from among the plurality of network devices;
  
  contact the first network device;
  
  access, from the credential repository, a first set of credentials corresponding to a first electronic address of the first network device;
  
  test the validity of each member of the first set of credentials in the credential repository with the first network device;
  
  when no credential in the first set of credentials is valid for use with the first network device, test the validity of selected credentials in the candidate credential queue with the first network device; and
  
  when a credentials is valid for use with the first network device, recording the credential as being valid for the first network device.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 18. The computer of claim 17, wherein the at least one of a priority and protocol identifier is priority value.
  - 19. The computer of claim 17, wherein the priority value is based on at least one of the following:
    - a candidate credential frequency counter indicating a number of instances of use, by the plurality of network devices and over a selected time period, of a respective credential, a recency of valid use of the respective credential by the plurality of network devices, and a proximity, relative to the first network device, of an administrative locality of at least one of a network device and electronic address found to have validly used the respective credential to the first network device.
  - 20. The computer of claim 19, wherein the priority value is a function of a plurality of the candidate credential frequency counter, the recency of valid use of the respective credential and the proximity, relative to the first network device.
  - 21. The computer of claim 19, wherein the priority value is a function of the candidate credential frequency counter, the recency of valid use of the respective credential and the proximity, relative to the first network device.
  - 22. The computer of claim 17, wherein the credential repository comprises for at least one credential a plurality of a credential state, a protocol identifier indicating a protocol for which the respective credential is compatible, a protocol access level, a total number of instances of use of the respective credential by the plurality of network devices, a priority of use among the plurality of network devices of the respective credential, a candidate credential frequency counter to reflect a frequency of use of the credential among the plurality of network devices, a recency of use among the plurality of network devices of the respective credential, an administrative locality of the respective credential.
  - 23. The computer of claim 17, wherein the selected credentials are tested in an order based on priority value.
  - 24. The computer of claim 17, wherein the credential discovery agent, when a credentials is valid for use with the first network device, records the credentials as being valid for the first network device.
  - 25. The computer of claim 19, wherein the priority value is based on the candidate credential frequency counter.
  - 26. The computer of claim 19, wherein the priority value is based on the recency of valid use of the respective credential.
  - 27. The computer of claim 19, wherein the priority value is based on the proximity, relative to the first network device, of an administrative locality of at least one of a network device and electronic address found to have validly used the respective credential to the first network device.
  - 28. The computer of claim 17, wherein, when at least one credential is valid for use with the first network device, the credential discovery agent adds the valid credential to the candidate credential queue.
  - 29. The computer of claim 17, wherein, when at least one credential is not valid, the credential discovery agent is adapted to:
    - ping the first network device to determine whether the first network device is contactable;
      
      when a response is received, remove the credential from the respective set of credentials in the credential repository corresponding to the at least one of the first network device and first electronic address; and
      
      when a response is not received, assign a state of NOT CONTACTABLE to a corresponding entry in the credential repository.
  - 30. The computer of claim 17, wherein the at least one of a priority and protocol identifier is protocol identifier.
  - 31. The computer of claim 30, wherein the credential discovery agent is adapted to:
    - compare a protocol associated with the first network device with a protocol identifier associated with a first credential in the selected set of credentials in the candidate credential queue; and
      
      when the protocol associated with the first network device is determined to be the same as the protocol associated with the protocol identifier, test the selected credential for use with the first network device.
  - 32. The computer of claim 17, wherein, when the selected set of credentials in the candidate credential queue is not valid for use with the first network device, the credential discovery agent is adapted to:
    - prompt a user for a candidate set of credentials; and
      
      , when the candidate set of credentials is received from the user, the credential discovery agent is adapted to test the validity of the candidate set of credentials.

33. A system for analyzing a validity of credentials, comprising:
- a credential discovery agent configured to assign a rank to a selected set of candidate credentials based on whether or not the selected set of candidate credentials is valid, the rank being used to indicate a likelihood that the corresponding selected set of candidate credentials is valid for use with network devices; and
  
  a credential repository, the credential repository comprising a plurality of sets of candidate credentials for use with network devices and wherein the sets of candidate credentials comprise credentials other than a user name that are known to have been previously used at the network devices to evidence privileges for the network devices, the credential repository further comprising;
  
  (i) a protocol identifier identifying, from among a plurality of protocols, a particular protocol associated with a corresponding set of candidate credentials, wherein the repository includes a first protocol identifier identifying a first protocol and a second protocol identifier identifying a second protocol, the first and second protocols being different from one another; and
  
  (ii) a recency of use indicator indicating a recency of use, among multiple network devices in the network, of the set of candidate credentials in the network, wherein the rankings are a function of magnitudes of the use counters, frequency counters, and recency of use indicators and wherein the credential discovery agent is further configured to select a set of candidate credentials from a candidate credential queue, test the validity of the selected set of candidate credentials, and assign the ranking to the selected set of candidate credentials based on whether or not the at least one credential is valid.
- View Dependent Claims (34, 35, 36)
- - 34. The system of claim 33, wherein the credential repository further comprises at least one of the following:
    - (iii) a use counter indicating a total number of instances of use, by multiple network devices in the network, of a corresponding set of candidate credentials; and
      
      (iv) a candidate credential frequency counter associated with use, by multiple network devices in the network, of a selected set of candidate credentials.
  - 35. The system of claim 33, wherein the credential repository comprises (iii).
  - 36. The system of claim 33, wherein the credential repository comprises (iv).

37. A method for determining one or more credentials of a network device, comprising:
- selecting a first network device from among a plurality of network devices;
  
  accessing a candidate credential queue, the candidate credential queue comprising a collection of candidate credentials, each candidate credential having a corresponding protocol identifier, the protocol identifier indicating a protocol compatible with the corresponding credential, wherein the credentials comprise at least one of a community string, User-Based Security Model (USM) mode, authentication method, authentication password, privacy method, and privacy password;
  
  contacting the first network device;
  
  accessing a credential repository, the credential repository comprising a collection of electronic addresses corresponding to the network devices and, for each electronic address, a respective set of credentials previously used at the corresponding electronic address;
  
  accessing, from the credential repository, a first set of credentials corresponding to a first electronic address of the first network device;
  
  determining that a first protocol is currently used by the first network device;
  
  selecting a first credential and not a second credential from the candidate credential queue, the first credential having a first protocol identifier associated with the first protocol and the second credential having a second protocol identifier associated with a second protocol, the first and second protocols being different;
  
  testing the validity of the first but not the second credential with the first network device;
  
  testing the validity of each member of the first set of credentials in the credential repository with the first network device;
  
  when no credential in the first set of credentials is valid with the first network device, testing the validity of the first credential from the candidate credential queue; and
  
  when a credentials is valid for use with the first network device, recording the credential as being valid for the first network device.
- View Dependent Claims (38)
- - 38. A computer readable storage medium comprising processor executable instructions operable, when executed, to perform the steps of claim 37.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Smith, Melanie L., Rankine, Alastair J., Krumm-Heller, Alex M., Schreuder, James D., Minhazuddin, Muneyb, Goringe, Christopher M.
Primary Examiner(s)
Barqadle, Yasin M

Application Number

US10/127,938
Publication Number

US 20030131096A1
Time in Patent Office

2,661 Days
Field of Search

709202-205, 709217-225, 726 3- 15
US Class Current

709/229
CPC Class Codes

H04L 63/08 for authentication of entit...

Credential management and network querying

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

84 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Credential management and network querying

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

84 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links