Method and system for preventing impersonation of a computer system user
First Claim
1. A method of changing a user password on a target system, the method comprising:
- receiving a first request from a user at an access control system to change a user password of the user for a target system to a new password;
storing at the access control system the new password;
changing, by the access control system, the user password on the target system to the new password;
receiving, at the access control system, a second request from the target system to grant access to a sensitive resource at the target system to the user, the second request responsive to a prior request received at the target system from the user for access to the sensitive resource, the prior request including an input user password and wherein the second request includes information associated with the input user password;
comparing, by the access control system, the information associated with the input user password and the stored new password; and
responsive to a determination by the access control system that the information associated with the input user password is not consistent with the stored new password, denying access to the sensitive resource to the user.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for preventing an administrator impersonating a user from accessing sensitive resources on a target system is provided. The method comprises receiving a first request from a user to change the user'"'"'s password on a target system to be changed, sending a “change password” request for the user to the target system, storing the user'"'"'s new password, receiving a second request from the target system on behalf of the user for access to a sensitive resource, wherein the second request contains information about the user'"'"'s password, and denying the second request if the information about the user'"'"'s password is not consistent with the user'"'"'s stored new password.
-
Citations
18 Claims
-
1. A method of changing a user password on a target system, the method comprising:
-
receiving a first request from a user at an access control system to change a user password of the user for a target system to a new password; storing at the access control system the new password; changing, by the access control system, the user password on the target system to the new password; receiving, at the access control system, a second request from the target system to grant access to a sensitive resource at the target system to the user, the second request responsive to a prior request received at the target system from the user for access to the sensitive resource, the prior request including an input user password and wherein the second request includes information associated with the input user password; comparing, by the access control system, the information associated with the input user password and the stored new password; and responsive to a determination by the access control system that the information associated with the input user password is not consistent with the stored new password, denying access to the sensitive resource to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium whose contents cause a computer to perform a method of changing a user password on a target system by the steps of:
-
receiving a first request from a user at an access control system to change a user password of the user for a target system to a new password; storing at the access control system the new password; changing, by the access control system, the user password on the target system to the new password; receiving, at the access control system, a second request from the target system to grant access to a sensitive resource at the target system to the user, the second request responsive to a prior request received at the target system from the user for access to the sensitive resource, the prior request including an input user password and wherein the second request includes information associated with the input user password; comparing, by the access control system, the information associated with the input user password and stored new password; and responsive to a determination by the access control system that the information associated with the input user password is not consistent with the stored new password, denying access to the sensitive resource to the user.
-
-
18. A system for changing a user password on a target system, the system comprising:
-
a non-transitory computer-readable storage medium storing executable computer program instructions comprising instructions for; receiving a first request from a user to change a user password of the user on a target system server to a new password; storing the new password; receiving a second request from the target system server to grant access to a sensitive resource at the target system to the user, the second request responsive to a prior request received at the target system from the user for the sensitive resource, the prior request including an input user password and wherein the second request includes information associated with the input user password; comparing the information associated with the input user password and stored new password; and responsive to a determination that the information associated with the input user password is not consistent with the stored new password, denying access to the sensitive resource to the user; and a processor for executing the computer program instructions.
-
Specification