Method and apparatus for securely synchronizing password systems

US 8,132,017 B1
Filed: 03/31/2003
Issued: 03/06/2012
Est. Priority Date: 03/31/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method of securely synchronizing password databases on a network, the method comprising the steps of:

performing password services by a Central Password Repository network device comprising a hardware processor upon receipt of inquiries from domains and applications without password databases; and

identifying, by the CPR network device, password databases implemented by domains and applications on the network to accept access by an user; and

for each said identified password database,establishing by the CPR network device an encrypted and authenticated communication session between the CPR network device and the identified password database, the encrypted and authenticated communication session relying on an authentication level of an user'"'"'s password in the CPR network device, the step of establishing the encrypted and authenticated communication session comprising determining the authentication level of the user'"'"'s password and requiring the authentication level of the user'"'"'s password to be at least as strict as an authentication level enforced by the identified password database when the identified password database determines whether to admit the user to access a domain or application associated with the identified password database, andwhen the authentication level of the user'"'"'s password is at least as strict as the authentication level enforced by the identified password database when the identified password database determines whether to admit the user to access the domain or application associated with the identified password database, enforcing a password change on the identified password database by the CPR network device by performing a reset function on the identified password database by the CPR network device to cause a previous password associated with the user on the identified password database to be changed without requiring submission to the identified password database of the previous password associated with the user on the identified password database.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A centralized password repository (CPR) provides network users with a password portal through which the user can manage password access to domains and applications on the network. A subset of the domains and applications on the network may be required, by design, to maintain a separate password infrastructure. For these systems, the CPR establishes a secure and authenticated communication channel and software on the system interfaces with the password infrastructure to synchronize the password in the system password infrastructure with the password in the CPR. For other systems not required to maintain a separate password infrastructure, the CPR performs password services by responding to requests from those systems seeking to validate user IDs and passwords. The CPR enables an administrator to modify network privileges and enables a user to alter passwords on the network through a single interface.

Citations

8 Claims

1. A method of securely synchronizing password databases on a network, the method comprising the steps of:
- performing password services by a Central Password Repository network device comprising a hardware processor upon receipt of inquiries from domains and applications without password databases; and
  
  identifying, by the CPR network device, password databases implemented by domains and applications on the network to accept access by an user; and
  
  for each said identified password database,establishing by the CPR network device an encrypted and authenticated communication session between the CPR network device and the identified password database, the encrypted and authenticated communication session relying on an authentication level of an user'"'"'s password in the CPR network device, the step of establishing the encrypted and authenticated communication session comprising determining the authentication level of the user'"'"'s password and requiring the authentication level of the user'"'"'s password to be at least as strict as an authentication level enforced by the identified password database when the identified password database determines whether to admit the user to access a domain or application associated with the identified password database, andwhen the authentication level of the user'"'"'s password is at least as strict as the authentication level enforced by the identified password database when the identified password database determines whether to admit the user to access the domain or application associated with the identified password database, enforcing a password change on the identified password database by the CPR network device by performing a reset function on the identified password database by the CPR network device to cause a previous password associated with the user on the identified password database to be changed without requiring submission to the identified password database of the previous password associated with the user on the identified password database.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the encrypted and authenticated communication session is authenticated to a level specified by the identified password database.
  - 3. The method of claim 1, wherein the step of performing password services comprises responding, by the CPR network device, to requests to authenticate users from the domains and applications without identified password databases.
  - 4. The method of claim 3, wherein the step of performing password services comprises responding to at least one of LDAP-BIND requests by the CPR network device and responding to RADIUS requests by the CPR network device.
  - 5. The method of claim 1, wherein the step of identifying password databases on the network comprises polling known password databases on the network to determine when the user has network privileges through the identified password database.

6. A non-transitory computer readable storage medium having stored thereon a computer program for implementing a Central Password Repository (CPR), the computer program comprising a set of instructions which, when executed by a computer, cause the computer to perform a method comprising the steps of:
- performing password services by the CPR upon receipt of inquiries from domains and applications without password databases; and
  
  identifying, by the CPR, password databases implemented by domains and applications on the network to accept access by an user; and
  
  identifying, by the CPR, password databases implemented by domains and applications on the network to accept access by an user; and
  
  for each said identified password database,establishing by the CPR an encrypted and authenticated communication session between the CPR and the identified password database, the encrypted and authenticated communication session relying on an authentication level of an user'"'"'s password in the CPR, the step of establishing the encrypted and authenticated communication session comprising determining the authentication level of the user'"'"'s password and requiring the authentication level of the user'"'"'s password to be at least as strict as an authentication level enforced by the identified password database when the identified password database determines whether to admit the user to access a domain or application associated with the identified password database, andwhen the authentication level of the user'"'"'s password is at least as strict as the authentication level enforced by the identified password database when the identified password database determines whether to admit the user to access the domain or application associated with the identified password database, enforcing a password change on the identified password database by the CPR by performing a reset function on the identified password database by the CPR to cause a previous password associated with the user on the identified password database to be changed without requiring submission to the identified password database of the previous password associated with the user on the identified password database.
- View Dependent Claims (7, 8)
- - 7. The non-transitory computer readable storage medium of claim 6, wherein the step of performing password services is implemented using a LDAP/RADIUS server.
  - 8. The non-transitory computer readable storage medium of claim 6, the method further comprising the step of implementing a web server to provide at least one of XML and HTTP documents to interface the user to the CPR.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Lewis, Christopher Raymond
Primary Examiner(s)
Shan, April

Application Number

US10/403,690
Time in Patent Office

3,263 Days
Field of Search

713/183, 713/155, 713/184, 726/5, 726/26, 726/6, 726/3, 726/7, 726/8, 726/18, 726/19, 726/27, 726/2, 380/255, 380/274, 705/18, 705/72
US Class Current

713/183
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 21/45   Structures or tools for the...

G06F 2221/2113   Multi-level security, e.g. ...

G06Q 20/4012   Verifying personal identifi...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0846   using time-dependent-passwo...

H04L 63/105   Multiple levels of security

Method and apparatus for securely synchronizing password systems

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for securely synchronizing password systems

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links