Method and apparatus for securely synchronizing password systems
First Claim
1. A method of securely synchronizing password databases on a network, the method comprising the steps of:
- performing password services by a Central Password Repository network device comprising a hardware processor upon receipt of inquiries from domains and applications without password databases; and
identifying, by the CPR network device, password databases implemented by domains and applications on the network to accept access by an user; and
for each said identified password database,establishing by the CPR network device an encrypted and authenticated communication session between the CPR network device and the identified password database, the encrypted and authenticated communication session relying on an authentication level of an user'"'"'s password in the CPR network device, the step of establishing the encrypted and authenticated communication session comprising determining the authentication level of the user'"'"'s password and requiring the authentication level of the user'"'"'s password to be at least as strict as an authentication level enforced by the identified password database when the identified password database determines whether to admit the user to access a domain or application associated with the identified password database, andwhen the authentication level of the user'"'"'s password is at least as strict as the authentication level enforced by the identified password database when the identified password database determines whether to admit the user to access the domain or application associated with the identified password database, enforcing a password change on the identified password database by the CPR network device by performing a reset function on the identified password database by the CPR network device to cause a previous password associated with the user on the identified password database to be changed without requiring submission to the identified password database of the previous password associated with the user on the identified password database.
6 Assignments
0 Petitions
Accused Products
Abstract
A centralized password repository (CPR) provides network users with a password portal through which the user can manage password access to domains and applications on the network. A subset of the domains and applications on the network may be required, by design, to maintain a separate password infrastructure. For these systems, the CPR establishes a secure and authenticated communication channel and software on the system interfaces with the password infrastructure to synchronize the password in the system password infrastructure with the password in the CPR. For other systems not required to maintain a separate password infrastructure, the CPR performs password services by responding to requests from those systems seeking to validate user IDs and passwords. The CPR enables an administrator to modify network privileges and enables a user to alter passwords on the network through a single interface.
-
Citations
8 Claims
-
1. A method of securely synchronizing password databases on a network, the method comprising the steps of:
-
performing password services by a Central Password Repository network device comprising a hardware processor upon receipt of inquiries from domains and applications without password databases; and identifying, by the CPR network device, password databases implemented by domains and applications on the network to accept access by an user; and for each said identified password database, establishing by the CPR network device an encrypted and authenticated communication session between the CPR network device and the identified password database, the encrypted and authenticated communication session relying on an authentication level of an user'"'"'s password in the CPR network device, the step of establishing the encrypted and authenticated communication session comprising determining the authentication level of the user'"'"'s password and requiring the authentication level of the user'"'"'s password to be at least as strict as an authentication level enforced by the identified password database when the identified password database determines whether to admit the user to access a domain or application associated with the identified password database, and when the authentication level of the user'"'"'s password is at least as strict as the authentication level enforced by the identified password database when the identified password database determines whether to admit the user to access the domain or application associated with the identified password database, enforcing a password change on the identified password database by the CPR network device by performing a reset function on the identified password database by the CPR network device to cause a previous password associated with the user on the identified password database to be changed without requiring submission to the identified password database of the previous password associated with the user on the identified password database. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A non-transitory computer readable storage medium having stored thereon a computer program for implementing a Central Password Repository (CPR), the computer program comprising a set of instructions which, when executed by a computer, cause the computer to perform a method comprising the steps of:
-
performing password services by the CPR upon receipt of inquiries from domains and applications without password databases; and
identifying, by the CPR, password databases implemented by domains and applications on the network to accept access by an user; andidentifying, by the CPR, password databases implemented by domains and applications on the network to accept access by an user; and for each said identified password database, establishing by the CPR an encrypted and authenticated communication session between the CPR and the identified password database, the encrypted and authenticated communication session relying on an authentication level of an user'"'"'s password in the CPR, the step of establishing the encrypted and authenticated communication session comprising determining the authentication level of the user'"'"'s password and requiring the authentication level of the user'"'"'s password to be at least as strict as an authentication level enforced by the identified password database when the identified password database determines whether to admit the user to access a domain or application associated with the identified password database, and when the authentication level of the user'"'"'s password is at least as strict as the authentication level enforced by the identified password database when the identified password database determines whether to admit the user to access the domain or application associated with the identified password database, enforcing a password change on the identified password database by the CPR by performing a reset function on the identified password database by the CPR to cause a previous password associated with the user on the identified password database to be changed without requiring submission to the identified password database of the previous password associated with the user on the identified password database. - View Dependent Claims (7, 8)
-
Specification