Split password vault

US 8,819,768 B1
Filed: 12/30/2011
Issued: 08/26/2014
Est. Priority Date: 05/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, from a user device, a request to access a cloud service;

determining an identity of a user making the request to access the cloud service;

comparing, by a processor, the identity of the user to a password vault control policy; and

determining, based on the comparing, one or more sections of a split password vault to which the user has access, the split password vault comprising a first section storing a first set of log-in credentials and a second section storing a second set of log-in credentials, wherein the user has control over management of the first section of the split password vault and an organization associated with the user has control over management of the second section of the split password vault.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cloud service access and information gateway receives, from a user device, a request to access a cloud service. The cloud service access and information gateway determines an identity of a user making the request to access the cloud service and compares the identity of the user to a password vault control policy. The cloud service access and information gateway determines, based on the comparing, one or more sections of a split password vault to which the user has access. The split password vault comprises a first section storing a first set of log-in credentials and a second section storing a second set of log-in credentials.

Citations

20 Claims

1. A method, comprising:
- receiving, from a user device, a request to access a cloud service;
  
  determining an identity of a user making the request to access the cloud service;
  
  comparing, by a processor, the identity of the user to a password vault control policy; and
  
  determining, based on the comparing, one or more sections of a split password vault to which the user has access, the split password vault comprising a first section storing a first set of log-in credentials and a second section storing a second set of log-in credentials, wherein the user has control over management of the first section of the split password vault and an organization associated with the user has control over management of the second section of the split password vault.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - determining whether log-in credentials for the cloud service are present in the one or more sections of the split password vault to which the user has access; and
      
      if the log-in credentials are present, providing access to the cloud service.
  - 3. The method of claim 1, wherein the user has control over management of the first password section and an organization has control over management of the second password section.
  - 4. The method of claim 1, wherein the first section of the split password vault comprises a personal password section and the second section of the split password vault comprises a corporate password section.
  - 5. The method of claim 1, wherein a cloud service access and information gateway compares the identity of the user to the password vault control policy.
  - 6. The method of claim 5, wherein the cloud service access and information gateway is independent of the user device and the cloud service.
  - 7. The method of claim 1, further comprising:
    - detecting a change in status of the user; and
      
      severing access to the second section of the split password vault.

8. A system, comprising:
- a processor; and
  
  a memory coupled with the processor, the memory storing;
  
  a split password vault storing log-in credentials for a plurality of cloud services, the split password vault comprising a first section storing a first set of log-in credentials and a second section storing a second set of log-in credentials, wherein the user has control over management of the first section of the split password vault and an organization associated with the user has control over management of the second section of the split password vault.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the processor is configured to:
    - receive, from a user device, a request to access one of the plurality of cloud services;
      
      determine an identity of a user making the request to access the cloud service;
      
      compare the identity of the user to a password vault control policy; and
      
      determine, based on the comparing, one or more sections of the split password vault to which the user has access.
  - 10. The system of claim 9, wherein the processor is further configured to:
    - determine whether log-in credentials for the cloud service are present in the one or more sections of the split password vault to which the user has access; and
      
      if the log-in credentials are present, provide access to the cloud service.
  - 11. The system of claim 8, wherein the user has control over management of the first password section and an organization has control over management of the second password section.
  - 12. The system of claim 8, wherein the first section of the split password vault comprises a personal password section and the second section of the split password vault comprises a corporate password section.
  - 13. The system of claim 9, wherein a cloud service access and information gateway compares the identity of the user to the password vault control policy, and wherein the cloud service access and information gateway is independent of the user device and the cloud service.
  - 14. The system of claim 9, wherein the processor is further configured to:
    - detect a change in status of the user; and
      
      sever access to the second section of the split password vault.

15. A non-transitory computer readable storage medium including instructions that, when executed by a processor, cause the processor to perform operations comprising:
- receiving, from a user device, a request to access a cloud service;
  
  determining an identity of a user making the request to access the cloud service;
  
  comparing, by the processor, the identity of the user to a password vault control policy; and
  
  determining, based on the comparing, one or more sections of a split password vault to which the user has access, the split password vault comprising a first section storing a first set of log-in credentials and a second section storing a second set of log-in credentials, wherein the user has control over management of the first section of the split password vault and an organization associated with the user has control over management of the second section of the split password vault.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein the operations further comprise:
    - determining whether log-in credentials for the cloud service are present in the one or more sections of the split password vault to which the user has access; and
      
      if the log-in credentials are present, providing access to the cloud service.
  - 17. The non-transitory computer readable storage medium of claim 15, wherein the user has control over management of the first password section and an organization has control over management of the second password section.
  - 18. The non-transitory computer readable storage medium of claim 15, wherein the first section of the split password vault comprises a personal password section and the second section of the split password vault comprises a corporate password section.
  - 19. The non-transitory computer readable storage medium of claim 15, wherein s cloud service access and information gateway compares the identity of the user to the password vault control policy, and wherein the cloud service access and information gateway is independent of the user device and the cloud service.
  - 20. The non-transitory computer readable storage medium of claim 15, wherein the operations further comprise:
    - detecting a change in status of the user; and
      
      severing access to the second section of the split password vault.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Koeten, Robert, Popp, Nicolas
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Tran, Tongoc

Application Number

US13/341,205
Time in Patent Office

970 Days
Field of Search

726 1- 3, 726/8, 380/270, 380 44- 45, 713183-185, 713165-167
US Class Current

726/1
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 21/45   Structures or tools for the...

G06F 21/51   at application loading time...

G06F 21/54   by adding security routines...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

H04L 41/022   Multivendor or multi-standa...

H04L 41/0226   Mapping or translating mult...

H04L 41/0253   using browsers or web-pages...

H04L 41/22   comprising specially adapte...

H04L 41/28   Restricting access to netwo...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 67/30   Profiles

Split password vault

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Split password vault

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links