Storage array password management
First Claim
Patent Images
1. A system comprising:
- a second computing device connected remotely to a first computing device;
wherein the second computing device includes a computer processor and a computer readable storage medium, the computer readable storage medium includes computer program instructions that when executed by the computer processor cause the second computing device to carry out the steps of;
requesting access to the first computing device, wherein the first computing device is accessed using a root password generated by applying a transformation to a combination of a root secret and a value specific to the first computing device;
in response to requesting access to the first computing device, receiving an encrypted root secret from the first computing device, wherein the encrypted root secret is encrypted by the first computing device based on a public key of a public-private key pair;
decrypting the encrypted root secret using a private key of the public-private key pair to generate the root secret;
rebuilding the root password based on the combination of the root secret and the value specific to the first computing device, wherein rebuilding the root password comprises reversing the previous transformation performed on the combination of the root secret and the value specific to the first computing device; and
providing to the first computing device, the root password for root access to the first computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for generating passwords for secure login to a storage array. A randomly generated root secret is utilized along with a compartment ID to generate a root password for logging into a storage array with root privileges. The root secret is encrypted with the public key of a public-private key pair and stored on the storage array. The encrypted root secret is then stored in the storage array. When root access is needed, a private key stored externally to the storage array is utilized to decrypt the root secret. The decrypted root secret is then used along with the compartment ID to regenerate the root password.
-
Citations
16 Claims
-
1. A system comprising:
-
a second computing device connected remotely to a first computing device; wherein the second computing device includes a computer processor and a computer readable storage medium, the computer readable storage medium includes computer program instructions that when executed by the computer processor cause the second computing device to carry out the steps of; requesting access to the first computing device, wherein the first computing device is accessed using a root password generated by applying a transformation to a combination of a root secret and a value specific to the first computing device; in response to requesting access to the first computing device, receiving an encrypted root secret from the first computing device, wherein the encrypted root secret is encrypted by the first computing device based on a public key of a public-private key pair; decrypting the encrypted root secret using a private key of the public-private key pair to generate the root secret; rebuilding the root password based on the combination of the root secret and the value specific to the first computing device, wherein rebuilding the root password comprises reversing the previous transformation performed on the combination of the root secret and the value specific to the first computing device; and providing to the first computing device, the root password for root access to the first computing device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
by computer program instructions on a second computing device remotely coupled to a first computing device, requesting access to the first computing device, wherein the first computing device is accessed using a root password generated by applying a transformation to a combination of a root secret and a value specific to the first computing device; in response to requesting access to the first computing device, receiving an encrypted root secret from the first computing device, wherein the encrypted root secret is encrypted by the first computing device based on a public key of a public-private key pair; decrypting the encrypted root secret using a private key of the public-private key pair to generate the root secret; rebuilding the root password based on the combination of the root secret and the value specific to the first computing device, wherein rebuilding the root password comprises reversing the previous transformation performed on the combination of the root secret and the value specific to the first computing device; and providing to the first computing device, the root password for root access to the first computing device. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium storing computer program instructions that when executed by a processor cause the processor to carry out the steps of:
-
requesting access to the first computing device, wherein the first computing device is accessed using a root password generated by applying a transformation to a combination of a root secret and a value specific to the first computing device; in response to requesting access to the first computing device, receiving an encrypted root secret from the first computing device, wherein the encrypted root secret is encrypted by the first computing device based on a public key of a public-private key pair; decrypting the encrypted root secret using a private key of the public-private key pair to generate the root secret; rebuilding the root password based on the combination of the root secret and the value specific to the first computing device wherein rebuilding the root password comprises reversing the previous transformation performed on the combination of the root secret and the value specific to the first computing device; and providing to the first computing device, the root password for root access to the first computing device. - View Dependent Claims (14, 15, 16)
-
Specification