Password management

US 7,650,632 B2
Filed: 03/25/2004
Issued: 01/19/2010
Est. Priority Date: 07/03/2003
Status: Active Grant

First Claim

Patent Images

1. A method of managing password for a plurality of software resources accessible by a user, said method comprising:

providing a password registry for storing passwords within a workstation;

allowing each of a plurality of software resources to register its password in said password registry via a respective one of a plurality of front-end processes within said workstation, wherein each said password is encrypted by said respective front-end process before being stored in said password registry;

in response to an access request to one of said software resources via a corresponding one of said front-end processes, determining if an encrypted password associated with said requested software resource is stored in said password registry;

in a determination that said encrypted password associated within said requested software resource is stored in said password registry, sending said encrypted password from said password registry to said corresponding front-end process, said corresponding front-end process decrypting the encrypted password and permitting said access request based on the decrypted password by the front-end process; and

in a determination that said encrypted password associated within said requested software resource is not stored in said password registry, notifying said front-end process resulting in prompting for a password from a user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A password management solution which provides a user with convenient access to multiple resources (e.g. systems and services), and also provides the flexibility to establish varying password security requirements for each resource is disclosed. In an embodiment, there is provided a password registry for registering resources and securely storing user ID and encrypted password information. An unencrypted user-provided password may be encrypted by a process associated with each resource, using an encryption algorithm specific to that resource, before storage of the encrypted password in the password registry. An encrypted password retrieved from the password registry may be decrypted by a process associated with each resource using a decryption algorithm specific to that resource.

Citations

10 Claims

1. A method of managing password for a plurality of software resources accessible by a user, said method comprising:
- providing a password registry for storing passwords within a workstation;
  
  allowing each of a plurality of software resources to register its password in said password registry via a respective one of a plurality of front-end processes within said workstation, wherein each said password is encrypted by said respective front-end process before being stored in said password registry;
  
  in response to an access request to one of said software resources via a corresponding one of said front-end processes, determining if an encrypted password associated with said requested software resource is stored in said password registry;
  
  in a determination that said encrypted password associated within said requested software resource is stored in said password registry, sending said encrypted password from said password registry to said corresponding front-end process, said corresponding front-end process decrypting the encrypted password and permitting said access request based on the decrypted password by the front-end process; and
  
  in a determination that said encrypted password associated within said requested software resource is not stored in said password registry, notifying said front-end process resulting in prompting for a password from a user.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein said method further includes associating each of said encrypted passwords with an identifying information.
  - 3. The method of claim 2, wherein said identifying information includes at least one of a user ID, a resource hostname, and a resource type.
  - 4. The method of claim 3, wherein said method further includes utilizing at least one of said user ID, said resource hostname, and said resource type as a query key to uniquely identify said each software resource and its associated encrypted password.
  - 5. The method of claim 4, wherein said method further includes retrieving a corresponding one of said encrypted passwords using said query key.

6. A computer readable storage medium having computer program product for managing passwords for a plurality of software resources accessible by a user, said computer readable medium comprising:
- computer program code for providing a password registry for storing passwords within a workstation;
  
  computer program code for allowing each of a plurality of software resources to register its password in said password registry via a respective one of a plurality of front-end processes within said workstation, wherein each said password is encrypted by said respective front-end process before being stored in said password registry;
  
  computer program code for, in response to an access request to one of said software resources via a corresponding one of said front-end processes, determining if an encrypted password associated with said requested software resource is stored in said password registry;
  
  computer program code for, in a determination that said encrypted password associated within said requested software resource is stored in said password registry, sending said encrypted password from said password registry to said corresponding front-end process, said corresponding front-end process decrypting the encrypted password and permitting said access request based on the decrypted password by the front-end process; and
  
  computer program code for, in a determination that said encrypted password associated within said requested software resource is not stored in said password registry, notifying said front-end process resulting in prompting for a password from a user.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer readable medium of claim 6, wherein said computer readable medium further includes computer program code for associating each said encrypted password with an identifying information.
  - 8. The computer readable medium of claim 7, wherein said identifying information includes at least one of a user ID, a resource hostname, and a resource type.
  - 9. The computer readable medium of claim 8, wherein said computer readable medium further includes computer program code for utilizing at least one of said user ID, said resource hostname, and said resource type as a query key to uniquely identify said each software resource and its associated encrypted password.
  - 10. The computer readable medium of claim 9, wherein said computer readable medium further includes computer program code for retrieving a corresponding one of said encrypted passwords using said query key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Yantzi, Donald J.
Primary Examiner(s)
Simitoski; Michael J
Assistant Examiner(s)
POLTORAK, PIOTR

Application Number

US10/809,563
Publication Number

US 20050005132A1
Time in Patent Office

2,126 Days
Field of Search

726/2, 726/6, 713/167
US Class Current

726/6
CPC Class Codes

G06F 21/31 User authentication

Password management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Password management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links