Methods and systems for remote password reset using an authentication credential managed by a third party

US 8,099,765 B2
Filed: 06/07/2006
Issued: 01/17/2012
Est. Priority Date: 06/07/2006
Status: Active Grant

First Claim

Patent Images

1. A method of providing a remote reset of a password associated with a token, the remote reset provided by a security server, the method comprising:

receiving, at the security server, a request to reset the password associated with the token, wherein the request is received over a secure channel,retrieving, from a third party agent by the security server, a query associated with the token and a correct response to the query;

providing the query to the token over the secure channel;

receiving a response to the query over the secure channel; and

resetting the password based on a comparison of the received response to the correct response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide a secure remote password reset capability. In some embodiments, an exemplary method provides a remote reset of a password associated with a token in a computer system having a security server. A token-based authentication process is activated by connecting the token to the security server. A server-based authentication process is initiated in the security server by activating a password reset process in a security client. The server-based authentication process communicates with the token-based authentication process over a secure channel. An authentication credential is managed by a third party agent that supplies a query and the authentication credential as a correct response to the query to the security server. A prompt provided by the password reset process collects the authentication credential and a new password. After the authentication credential is validated mutually authentication is performed between the security server and the token. The token is updated with the new password based on a successful result of the mutual authentication.

Citations

15 Claims

1. A method of providing a remote reset of a password associated with a token, the remote reset provided by a security server, the method comprising:
- receiving, at the security server, a request to reset the password associated with the token, wherein the request is received over a secure channel,retrieving, from a third party agent by the security server, a query associated with the token and a correct response to the query;
  
  providing the query to the token over the secure channel;
  
  receiving a response to the query over the secure channel; and
  
  resetting the password based on a comparison of the received response to the correct response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein providing the query comprises:
    - providing an interface for entry of the response and for entry of a new password.
  - 3. The method of claim 2, wherein resetting the password comprises:
    - updating the token and the security server with the new password based on a successful comparison of the received response and the correct response.
  - 4. The method of claim 1, further comprising:
    - authenticating a security parameter independently stored with the token and the security server prior to resetting the password.
  - 5. The method of claim 1, further comprising:
    - prompting the token for a new password; and
      
      updating the token with the new password.
  - 6. The method of claim 1, wherein the token is coupled to a security client, and the security server establishes the secure channel with the security client.
  - 7. The method of claim 1, wherein the token includes one of a universal serial bus (USB) token and a smartcard.
  - 8. An apparatus configured to perform the method of claim 1.
  - 9. A non-transitory computer readable medium comprising computer executable instructions for performing the method of claim 1.

10. A server in a computer system providing a remote reset of a password associated with a token, the computer system including at least a security client, and a third party server, the server comprising:
- a network interface to the security client and the third party server;
  
  a processor coupled to the network interface and configured to;
  
  establish a secure channel to the security client via the network interface receive a request to reset the password associated with the token over the secure channel,retrieve, from the third party server via the network interface, a query associated with the token and a correct response to the query;
  
  provide the query to the token over the secure channel;
  
  receive a response to the query over the secure channel; and
  
  reset the password based on a comparison of the received response to the correct response.
- View Dependent Claims (11, 12)
- - 11. The server of claim 10, wherein the processor is further configured to:
    - authenticate a security parameter independently stored with the token and with the processor.
  - 12. The server of claim 10, wherein the processor is further configured to:
    - provide an interface for entry of the response and for entry of a new password; and
      
      update the token with the new password based on a successful comparison of the received response and the correct response.

13. A computer system providing a remote reset of a password associated with a token, the computer system comprising:
- a third party server configured to maintain a query associated with the token and a correct response to the query; and
  
  a security server coupled to the third party server and configured to;
  
  receive a request to reset the password associated with the token, wherein the request is received over a secure channel,retrieve, from the third party server, the query associated with the token and the correct response to the query;
  
  provide the query to the token over the secure channel;
  
  receive a response to the query over the secure channel; and
  
  reset the password based on a comparison of the received response to the correct response.
- View Dependent Claims (14, 15)
- - 14. The computer system of claim 13, wherein the security server is further configured to:
    - authenticate a security parameter independently stored with the token and with the security server.
  - 15. The computer system of claim 13, wherein the security server is configured to:
    - provide an interface for entry of the response and for entry of a new password; and
      
      update the token with the new password based on a successful comparison of the received response and the correct response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Parkinson, Steven William
Primary Examiner(s)
HOFFMAN, BRANDON S

Application Number

US11/448,161
Publication Number

US 20080046982A1
Time in Patent Office

2,050 Days
Field of Search

726 5- 7, 726/22, 726/26, 726/27, 726/18, 713155-156, 713183-188
US Class Current

726/5
CPC Class Codes

H04L 9/0891   Revocation or update of sec...

H04L 9/321   involving a third party or ...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

H04L 9/3273   for mutual authentication n...

Methods and systems for remote password reset using an authentication credential managed by a third party

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for remote password reset using an authentication credential managed by a third party

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links