Method and apparatus for providing temporary access to a network device

US 8,166,310 B2
Filed: 05/26/2005
Issued: 04/24/2012
Est. Priority Date: 05/29/2004
Status: Active Grant

First Claim

Patent Images

1. A machine-implemented method for providing access to one or more resources of a network device, the method comprising:

receiving input from a first user, wherein the input is shared with a second user;

generating a first password for said resources of said network device based at least in part on (a) said input from the first user, and (b) an algorithm, wherein said algorithm is always, during the steps of the method, concealed from said first user, and wherein said first password is always, during the steps of the method, concealed from said first user;

receiving a second password from the second user, wherein said second password is generated based at least in part on (a) said input from the first user, and (b) said algorithm, wherein said algorithm is known to said second user, and wherein said second password is always, during the steps of the method, concealed from said first user;

determining whether said first password matches said second password; and

in response to determining that said first password matches said second password, providing said second user with access to said one or more resources of said network device;

wherein the first user and the second user are different users in different locations;

wherein the method is performed by one or more computing devices.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for providing access to resources of a network device is provided. A user instructs a network device to generate a user password that is concealed from the user of the network device. The network device generates the user password based on, at least in part, public input provided by the user, and an algorithm which is concealed from the user, but known to a support service provider. The user communicates the public input to the support service provider. The support service provider uses the public input to generate a provider password based on, at least in part, the algorithm. The support service provider may access the network device via a network by providing the provider password to the network device. If the provider password matches the user password generated, then the support service provider is granted access to resources of the network device.

Citations

27 Claims

1. A machine-implemented method for providing access to one or more resources of a network device, the method comprising:
- receiving input from a first user, wherein the input is shared with a second user;
  
  generating a first password for said resources of said network device based at least in part on (a) said input from the first user, and (b) an algorithm, wherein said algorithm is always, during the steps of the method, concealed from said first user, and wherein said first password is always, during the steps of the method, concealed from said first user;
  
  receiving a second password from the second user, wherein said second password is generated based at least in part on (a) said input from the first user, and (b) said algorithm, wherein said algorithm is known to said second user, and wherein said second password is always, during the steps of the method, concealed from said first user;
  
  determining whether said first password matches said second password; and
  
  in response to determining that said first password matches said second password, providing said second user with access to said one or more resources of said network device;
  
  wherein the first user and the second user are different users in different locations;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the generation of said first password and the generation of said second password are both based, at least in part, on (a) a set of data concealed from said first user but known to said second user, or (b) an identifier that uniquely identifies said network device.
  - 3. The method of claim 1, further comprising:
    - receiving, from said first user, validity data that identifies a period of time in which said first password is valid, andwherein said step of determining whether said first password matches said second password comprises;
      
      determining whether said period of time has expired; and
      
      in response to determining that said period of time has expired, preventing said second user from obtaining access to said one or more resources of said network device.
  - 4. The method of claim 1, further comprising:
    - receiving a request, from said first user, to perform one action selected from the group comprising (a) generating a new password for said resources of said network device and (b) resetting or canceling said first password.
  - 5. The method of claim 4, further comprising:
    - in response to said first user performing said action, preventing said second user from obtaining access to said one or more resources of said network device using a password that matches said first password.
  - 6. The method of claim 1, further comprising:
    - transmitting, from said first user to said second user, said input and an identifier that uniquely identifies said network device.
  - 7. The method of claim 1, further comprising:
    - maintaining a list of passwords previously generated for said resources of said network device; and
      
      comparing said first password against said list of passwords to determine if said first password has been previously generated.
  - 8. The method of claim 1, further comprising:
    - comparing said input to a password of said first user to ensure that said input is not similar to said password of said first user.
  - 9. The method of claim 1, further comprising:
    - upon expiration of said first password, revoking access to an open connection provided to a user that supplied a password that matched said first password.

10. A storage device storing one or more sequences of instructions for providing access to resources of a network device, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
- receiving input from a first user, wherein the input is shared with a second user;
  
  generating a first password for said resources of said network device based at least in part on (a) said input from the first user, and (b) an algorithm, wherein said algorithm is always, during said steps, concealed from said first user, and wherein said first password is always, during said steps, concealed from said first user;
  
  receiving a second password from the second user, wherein said second password is generated based at least in part on (a) said input from the first user, and (b) said algorithm, wherein said algorithm is known to said second user, and wherein said second password is always, during said steps, concealed from said first user;
  
  determining whether said first password matches said second password; and
  
  in response to determining that said first password matches said second password, providing said second user with access to said one or more resources of said network device;
  
  wherein the first user and the second user are different users in different locations.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The storage device of claim 10, wherein the generation of said first password and the generation of said second password are both based, at least in part, on (a) a set of data concealed from said first user but known to said second user, or (b) an identifier that uniquely identifies said network device.
  - 12. The storage device of claim 10, wherein execution of the one or more sequences of instructions by the one or more processors further causes the one or more processors to perform the steps of:
    - receiving, from said first user, validity data that identifies a period of time in which said first password is valid, andwherein said step of determining whether said first password matches said second password comprises;
      
      determining whether said period of time has expired; and
      
      in response to determining that said period of time has expired, preventing said second user from obtaining access to said one or more resources of said network device.
  - 13. The storage device of claim 10, wherein execution of the one or more sequences of instructions by the one or more processors further causes the one or more processors to perform the step of:
    - receiving a request, from said first user, to perform one action selected from the group comprising (a) generating a new password for said resources of said network device and (b) resetting or canceling said first password.
  - 14. The storage device of claim 13, wherein execution of the one or more sequences of instructions by the one or more processors further causes the one or more processors to perform the step of:
    - in response to said first user performing said action, preventing said second user from obtaining access to said one or more resources of said network device using a password that matches said first password.
  - 15. The storage device of claim 10, wherein execution of the one or more sequences of instructions by the one or more processors further causes the one or more processors to perform the step of:
    - transmitting, from said first user to said second user, said input and an identifier that uniquely identifies said network device.
  - 16. The storage device claim 10, wherein execution of the one or more sequences of instructions by the one or more processors further causes the one or more processors to perform the steps of:
    - maintaining a list of passwords previously generated for said resources of said network device; and
      
      comparing said first password against said list of passwords to determine if said first password has been previously generated.
  - 17. The storage device of claim 10, wherein execution of the one or more sequences of instructions by the one or more processors further causes the one or more processors to perform the step of:
    - comparing said input to a password of said first user to ensure that said input is not similar to said password of said first user.
  - 18. The storage device of claim 10, wherein execution of the one or more sequences of instructions by the one or more processors further causes the one or more processors to perform the step of:
    - upon expiration of said first password, revoking access to an open connection provided to a user that supplied a password that matched said first password.

19. An apparatus comprising:
- one or more processors; and
  
  a memory coupled to the one or more processors, the memory containing one or more sequences of instructions for providing access to one or more resources of a network device, wherein execution of the one or more sequences of instructions by the one or more processors causes the one or more processors to perform the steps of;
  
  receiving input from a first user, wherein the input is shared with a second user;
  
  generating a first password for said resources of said network device based at least in part on (a) said input from the first user, and (b) an algorithm, wherein said algorithm is always, during said steps, concealed from said first user, and wherein said first password is always, during said steps, concealed from said first user;
  
  receiving a second password from the second user, wherein said second password is generated based at least in part on (a) said input from the first user, and (b) said algorithm, wherein said algorithm is known to said second user, and wherein said second password is always, during said steps, concealed from said first user;
  
  determining whether said first password matches said second password; and
  
  in response to determining that said first password matches said second password, providing said second user with access to said one or more resources of said network device;
  
  wherein the first user and the second user are different users in different locations.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The apparatus of claim 19, wherein the generation of said first password and the generation of said second password are both based, at least in part, on (a) a set of data concealed from said first user but known to said second user, or (b) an identifier that uniquely identifies said network device.
  - 21. The apparatus of claim 19, wherein execution of the one or more sequences of instructions by the one or more processors further causes the one or more processors to perform the steps of:
    - receiving, from said first user, validity data that identifies a period of time in which said first password is valid, andwherein said step of determining whether said first password matches said second password comprises;
      
      determining whether said period of time has expired; and
      
      in response to determining that said period of time has expired, preventing said second user from obtaining access to said one or more resources of said network device.
  - 22. The apparatus of claim 19, wherein execution of the one or more sequences of instructions by the one or more processors further causes the one or more processors to perform the step of:
    - receiving a request, from said first user, to perform one action selected from the group comprising (a) generating a new password for said resources of said network device and (b) resetting or canceling said first password.
  - 23. The apparatus of claim 22, wherein execution of the one or more sequences of instructions by the one or more processors further causes the one or more processors to perform the step of:
    - in response to said first user performing said action, preventing said second user from obtaining access to said one or more resources of said network device using a password that matches said first password.
  - 24. The apparatus of claim 19, further comprising:
    - transmitting, from said first user to said second user, said input and an identifier that uniquely identifies said network device.
  - 25. The apparatus of claim 19, wherein execution of the one or more sequences of instructions by the one or more processors further causes the one or more processors to perform the steps of:
    - maintaining a list of passwords previously generated for said resources of said network device; and
      
      comparing said first password against said list of passwords to determine if said first password has been previously generated.
  - 26. The apparatus of claim 19, wherein execution of the one or more sequences of instructions by the one or more processors further causes the one or more processors to perform the step of:
    - comparing said input to a password of said first user to ensure that said input is not similar to said password of said first user.
  - 27. The apparatus of claim 19, wherein execution of the one or more sequences of instructions by the one or more processors further causes the one or more processors to perform the step of:
    - upon expiration of said first password, revoking access to an open connection provided to a user that supplied a password that matched said first password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IronPort Systems Inc (Cisco Systems, Inc.)
Original Assignee
IronPort Systems Inc (Cisco Systems, Inc.)
Inventors
Harrison, Robert Brian, Jasinskyj, Lonhyn, Clegg, Paul J., Cottrell, Ben
Primary Examiner(s)
El-Hady, Nabil
Assistant Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US11/139,376
Publication Number

US 20050268345A1
Time in Patent Office

2,525 Days
Field of Search

713/184, 713/168
US Class Current

713/184
CPC Class Codes

G06F 21/305   by remotely controlling dev...

H04L 63/0838   using one-time-passwords

H04L 63/104   Grouping of entities

Method and apparatus for providing temporary access to a network device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing temporary access to a network device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links