Storage array password management

US 9,516,016 B2
Filed: 11/11/2013
Issued: 12/06/2016
Est. Priority Date: 11/11/2013
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a second computing device connected remotely to a first computing device;

wherein the second computing device includes a computer processor and a computer readable storage medium, the computer readable storage medium includes computer program instructions that when executed by the computer processor cause the second computing device to carry out the steps of;

requesting access to the first computing device, wherein the first computing device is accessed using a root password generated by applying a transformation to a combination of a root secret and a value specific to the first computing device;

in response to requesting access to the first computing device, receiving an encrypted root secret from the first computing device, wherein the encrypted root secret is encrypted by the first computing device based on a public key of a public-private key pair;

decrypting the encrypted root secret using a private key of the public-private key pair to generate the root secret;

rebuilding the root password based on the combination of the root secret and the value specific to the first computing device, wherein rebuilding the root password comprises reversing the previous transformation performed on the combination of the root secret and the value specific to the first computing device; and

providing to the first computing device, the root password for root access to the first computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for generating passwords for secure login to a storage array. A randomly generated root secret is utilized along with a compartment ID to generate a root password for logging into a storage array with root privileges. The root secret is encrypted with the public key of a public-private key pair and stored on the storage array. The encrypted root secret is then stored in the storage array. When root access is needed, a private key stored externally to the storage array is utilized to decrypt the root secret. The decrypted root secret is then used along with the compartment ID to regenerate the root password.

Citations

16 Claims

1. A system comprising:
- a second computing device connected remotely to a first computing device;
  
  wherein the second computing device includes a computer processor and a computer readable storage medium, the computer readable storage medium includes computer program instructions that when executed by the computer processor cause the second computing device to carry out the steps of;
  
  requesting access to the first computing device, wherein the first computing device is accessed using a root password generated by applying a transformation to a combination of a root secret and a value specific to the first computing device;
  
  in response to requesting access to the first computing device, receiving an encrypted root secret from the first computing device, wherein the encrypted root secret is encrypted by the first computing device based on a public key of a public-private key pair;
  
  decrypting the encrypted root secret using a private key of the public-private key pair to generate the root secret;
  
  rebuilding the root password based on the combination of the root secret and the value specific to the first computing device, wherein rebuilding the root password comprises reversing the previous transformation performed on the combination of the root secret and the value specific to the first computing device; and
  
  providing to the first computing device, the root password for root access to the first computing device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system as recited in claim 1, performing one or more additional transformations on the root secret to rebuild the root password.
  - 3. The system as recited in claim 2, wherein performing the one or more transformations on the root secret comprises applying a hash function to the root secret.
  - 4. The system as recited in claim 1, wherein the transformation includes generating an american standard code for information interchange (ASCII) representation of the root secret.
  - 5. The system as recited in claim 1, wherein the first computing device includes a computer readable storage medium having computer program instructions that when executed by a processor cause the first computing device to carry out the steps of retaining a previously stored root secret after generating a new root secret and a new root password.
  - 6. The system as recited in claim 1, wherein the first computing device includes a computer readable storage medium having computer program instructions that when executed by the computer processor cause the first computing device to carry out the steps of:
    - determining if an age of an existing root secret exceeds a threshold prior to generating a new root secret.

7. A method comprising:
- by computer program instructions on a second computing device remotely coupled to a first computing device,requesting access to the first computing device, wherein the first computing device is accessed using a root password generated by applying a transformation to a combination of a root secret and a value specific to the first computing device;
  
  in response to requesting access to the first computing device, receiving an encrypted root secret from the first computing device, wherein the encrypted root secret is encrypted by the first computing device based on a public key of a public-private key pair;
  
  decrypting the encrypted root secret using a private key of the public-private key pair to generate the root secret;
  
  rebuilding the root password based on the combination of the root secret and the value specific to the first computing device, wherein rebuilding the root password comprises reversing the previous transformation performed on the combination of the root secret and the value specific to the first computing device; and
  
  providing to the first computing device, the root password for root access to the first computing device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method as recited in claim 7, further comprising performing one or more additional transformations on the root secret to rebuild the root password.
  - 9. The method as recited in claim 8, wherein performing the one or more transformations on the root secret comprises applying a hash function to the root secret.
  - 10. The method as recited in claim 7, wherein the transformation includes generating an american standard code for information interchange (ASCII) representation of the root secret.
  - 11. The method as recited in claim 7, further comprising retaining, by the first computing device, a previously stored root secret after generating a new root secret and a new root password.
  - 12. The method as recited in claim 7, further comprising determining, by the first computing device, if an age of an existing root secret exceeds a threshold prior to generating a new root secret.

13. A non-transitory computer readable storage medium storing computer program instructions that when executed by a processor cause the processor to carry out the steps of:
- requesting access to the first computing device, wherein the first computing device is accessed using a root password generated by applying a transformation to a combination of a root secret and a value specific to the first computing device;
  
  in response to requesting access to the first computing device, receiving an encrypted root secret from the first computing device, wherein the encrypted root secret is encrypted by the first computing device based on a public key of a public-private key pair;
  
  decrypting the encrypted root secret using a private key of the public-private key pair to generate the root secret;
  
  rebuilding the root password based on the combination of the root secret and the value specific to the first computing device wherein rebuilding the root password comprises reversing the previous transformation performed on the combination of the root secret and the value specific to the first computing device; and
  
  providing to the first computing device, the root password for root access to the first computing device.
- View Dependent Claims (14, 15, 16)
- - 14. The computer readable storage medium as recited in claim 13, further comprising computer program instructions that when executed by the processor cause the processor to carry out the steps of:
    - performing one or more additional transformations on the root secret to rebuild the root password.
  - 15. The computer readable storage medium as recited in claim 14, wherein performing the one or more transformations on the root secret comprises applying a hash function to the root secret.
  - 16. The computer readable storage medium as recited in claim 13, wherein the transformation includes generating an american standard code for information interchange (ASCII) representation of the root secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pure Storage, Inc.
Original Assignee
Pure Storage, Inc.
Inventors
Colgrove, John, Miller, Ethan, Hayes, John
Primary Examiner(s)
Mehedi, Morshed
Assistant Examiner(s)
LITTLE, VANCE M

Application Number

US14/076,468
Publication Number

US 20150134950A1
Time in Patent Office

1,121 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/31   User authentication

G06F 21/46   by designing passwords or c...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/0846   using time-dependent-passwo...

Storage array password management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Storage array password management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links