Privileged shared account password sanitation

US 9,367,673 B2
Filed: 03/03/2014
Issued: 06/14/2016
Est. Priority Date: 03/03/2014
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for sanitizing passwords, comprising:

providing, by a computer, a password of a shared account to a user;

identifying, by the computer, a first machine logged into using the password;

determining, by the computer, when the first machine enters an inconsistent state;

identifying, in a first memory area associated with the first machine, one or more occurrences of the password;

modifying, by the computer, the first memory area associated with the first machine by replacing each occurrence of the password with a first predetermined marker in order to eliminate occurrences of the password in the first memory are adetermining, by the computer, when the first machine enters an active state;

identifying in the first memory area one or more occurrences of the first predetermined marker; and

modifying, by the computer, the first memory area associated with the first machine to replace occurrences of the first predetermined marker with the password.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Sanitizing passwords used in a shared, privileged account includes providing a password of a shared account to a user; identifying a first machine logged into using the password; determining when the first machine enters an inconsistent state; and modifying a memory area associated with the first machine to eliminate occurrences of the password in the memory area.

17 Citations

View as Search Results

27 Claims

1. A computer-implemented method for sanitizing passwords, comprising:
- providing, by a computer, a password of a shared account to a user;
  
  identifying, by the computer, a first machine logged into using the password;
  
  determining, by the computer, when the first machine enters an inconsistent state;
  
  identifying, in a first memory area associated with the first machine, one or more occurrences of the password;
  
  modifying, by the computer, the first memory area associated with the first machine by replacing each occurrence of the password with a first predetermined marker in order to eliminate occurrences of the password in the first memory are adetermining, by the computer, when the first machine enters an active state;
  
  identifying in the first memory area one or more occurrences of the first predetermined marker; and
  
  modifying, by the computer, the first memory area associated with the first machine to replace occurrences of the first predetermined marker with the password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, comprising:
    - receiving, by the computer, a request from the user for the password.
  - 3. The method of claim 2, comprising:
    - determining, by the computer, that the request originated from a second machine different than the first machine.
  - 4. The method of claim 3, comprising:
    - determining, by the computer, when the second machine enters an inconsistent state;
      
      identifying, in a second memory area associated with the second machine, one or more occurrences of the password; and
      
      modifying, by the computer, the memory area associated with the second machine by replacing each occurrence of the password with a second predetermined marker in order to eliminate occurrences of the password in the second memory area.
  - 5. The method of claim 1, wherein the first machine is one of a virtual machine and a physical machine.
  - 6. The method of claim 1, wherein the inconsistent state is a virtual machine snapshot of the first machine.
  - 7. The method of claim 1, wherein the inconsistent state is an operating system crash.
  - 8. The method of claim 1, wherein the inconsistent state is an application crash.
  - 9. The method of claim 1, wherein the inconsistent state is a suspended-activity state.

10. A system for sanitizing passwords, comprising:
- a computer processor;
  
  a memory in communication with the computer processor storing instructions that when executed by the computer processor;
  
  provide a password of a shared account to a user;
  
  identify a first machine logged into using the password;
  
  determine when the first machine enters an inconsistent state;
  
  identify in a first memory area associated with the first machine one or more occurrences of the password;
  
  modify the first memory area associated with the first machine by replacing each occurrence of the password with a first predetermined marker in order to eliminate occurrences of the password in the first memory area;
  
  determine when the first machine enters an active state;
  
  identify in the first memory area one or more occurrences of the first predetermined marker; and
  
  modify the first memory area associated with the first machine to replace occurrences of the first predetermined marker with the password.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein:
    - the memory in communication with the computer processor stores further instructions that, when executed by the computer processor, receive a request from the user for the password.
  - 12. The system of claim 11, wherein the memory in communication with the computer processor stores further instructions that, when executed by the computer processor, determine that the request originated from a second machine different than the first machine.
  - 13. The system of claim 12, wherein the memory in communication with the computer processor stores further instructions that, when executed by the computer processor:
    - determine when the second machine enters an inconsistent state;
      
      identify in a second memory area associated with the second machine one or more occurrences of the password; and
      
      modify the second memory area associated with the second machine by replacing each occurrence of the password with a first predetermined marker in order to eliminate occurrences of the password in the second memory area associated with the second machine.
  - 14. The system of claim 10, wherein the first machine is one of a virtual machine and a physical machine.
  - 15. The system of claim 10, wherein the inconsistent state is a virtual machine snapshot of the first machine.
  - 16. The system of claim 10, wherein the inconsistent state is an operating system crash.
  - 17. The system of claim 10, wherein the inconsistent state is an application crash.
  - 18. The system of claim 10, wherein the inconsistent state is a suspended-activity state.

19. A computer program product for sanitizing passwords, comprising:
- a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;
  
  computer readable program code for providing a password of a shared account to a user;
  
  computer readable program code for identifying a first machine logged into using the password;
  
  computer readable program code for determining when the first machine enters an inconsistent state;
  
  computer readable program code for identifying in a first memory area associated with the first machine one or more occurrences of the password;
  
  computer readable program code for modifying the first memory area associated with the first machine by replacing each occurrence of the password with a first predetermined marker in order to eliminate occurrences of the password in the first memory area;
  
  computer readable program code for determining when the first machine enters an active state;
  
  computer readable program code for identifying in the first memory area one or more occurrences of the first predetermined marker; and
  
  computer readable program code for modifying the memory area associated with the first machine to replace occurrences of the first predetermined marker with the password in the first memory area.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The computer program product of claim 19, comprising:
    - computer readable program code for receiving a request from the user for the password.
  - 21. The computer program product of claim 20, comprising:
    - computer readable program code for determining that the request originated from a second machine different than the first machine.
  - 22. The computer program product of claim 21, comprising:
    - computer readable program code for determining when the second machine enters an inconsistent state;
      
      computer readable program code for identifying in a second memory area associated with the second machine one or more occurrences of the password; and
      
      computer readable program code for modifying the second memory area associated with the second machine by replacing each occurrence of the password with a second predetermined marker in order to eliminate occurrences of the password in the second memory area associated with the second machine.
  - 23. The computer program product of claim 19, wherein the first machine is one of a virtual machine and a physical machine.
  - 24. The computer program product of claim 19, wherein the inconsistent state is a virtual machine snapshot of the first machine.
  - 25. The computer program product of claim 19, wherein the inconsistent state is an operating system crash.
  - 26. The computer program product of claim 19, wherein the inconsistent state is an application crash.
  - 27. The computer program product of claim 19, wherein the inconsistent state is a suspended-activity state.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Fadida, Itzhak, Balzam, Guy, Jerbi, Amir, Barak, Nir
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Stoica, Adrian

Application Number

US14/195,279
Publication Number

US 20150248544A1
Time in Patent Office

834 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/53   by executing in a restricte...

G06F 21/62   Protecting access to data v...

G06F 21/78   to assure secure storage of...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

Privileged shared account password sanitation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Privileged shared account password sanitation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links