Password management system

US 9,985,941 B2
Filed: 09/08/2015
Issued: 05/29/2018
Est. Priority Date: 09/08/2015
Status: Active Grant

First Claim

Patent Images

1. A method authenticating a user, the method comprising:

creating a password inventory, wherein the password inventory comprises a list of one or more passwords, wherein each of the one or more passwords corresponds to a password key;

updating the password inventory without input from a user, wherein updating the password inventory comprises one or more of;

sending a new list of password keys, wherein each password key corresponds to each password; and

sending a new list of passwords, wherein each password corresponds to each password key;

receiving a first login request from a first device;

transmitting information detailing a first password key to the first device, wherein the first password key corresponds to a first password from the list of one or more passwords, and wherein the first password key is selected regardless of the order of the list of one or more passwords;

receiving information detailing a first entered password from the first device; and

determining whether the first entered password is identical to the first password from the list of one or more passwords.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment of the invention may include a method, computer program product and computer system for password management. The embodiment may include a computing device that creates a password inventory. The password inventory may be a list of one or more passwords, where each of the one or more passwords corresponds to a password key. The embodiment may update the password inventory without input from a user. The embodiment may receive a first login request from a first device. The embodiment may transmit information detailing a first password key to the first device, where the first password key corresponds to a first password from the list of one or more passwords. The embodiment may receive information detailing a first entered password from the first device. The embodiment may determine whether the first entered password is identical to the first password from the list of one or more passwords.

Citations

20 Claims

1. A method authenticating a user, the method comprising:
- creating a password inventory, wherein the password inventory comprises a list of one or more passwords, wherein each of the one or more passwords corresponds to a password key;
  
  updating the password inventory without input from a user, wherein updating the password inventory comprises one or more of;
  
  sending a new list of password keys, wherein each password key corresponds to each password; and
  
  sending a new list of passwords, wherein each password corresponds to each password key;
  
  receiving a first login request from a first device;
  
  transmitting information detailing a first password key to the first device, wherein the first password key corresponds to a first password from the list of one or more passwords, and wherein the first password key is selected regardless of the order of the list of one or more passwords;
  
  receiving information detailing a first entered password from the first device; and
  
  determining whether the first entered password is identical to the first password from the list of one or more passwords.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the list of more than one password comprises one or more dummy passwords, and the method further comprising:
    - based on determining that the first entered password is not identical to the first password from the list of one or more passwords, determining that the first entered password is identical to a dummy password from the list of one or more passwords; and
      
      initiating protocols corresponding to an unauthorized login attempt.
  - 3. The method of claim 2, wherein initiating protocols corresponding to an unauthorized login attempt further comprises:
    - updating the password inventory; and
      
      transmitting information detailing a portion of the password inventory to a third device, wherein the user has access to the third device.
  - 4. The method of claim 1, further comprising based on updating the password inventory transmitting information detailing a portion of the password inventory to a third device, wherein the user has access to the third device.
  - 5. The method of claim 1, further comprising:
    - receiving a second login request from a second device;
      
      transmitting information detailing a second password key to the second device, wherein the second password key corresponds to a second password from the list of one or more passwords, and wherein the second password is not identical to first password from the list of one or more passwords;
      
      receiving a second entered password from the second device; and
      
      determining whether the second entered password is identical to the second password from the list of one or more passwords.
  - 6. The method of claim 5, further comprising:
    - based on determining that the second entered password is not identical to the second password from the list of one or more passwords, determining that the second entered password is identical to the first password; and
      
      initiating protocols corresponding to an unauthorized login attempt.
  - 7. The method of claim 1, further comprising:
    - determining that the first entered password is identical to a first password corresponding to the first password key; and
      
      authenticating the user.

8. A computer program product for authenticating a user, the computer program product comprising:
- one or more computer-readable storage devices and program instructions stored on at least one of the one or more tangible storage devices, the program instructions comprising;
  
  program instructions to create a password inventory, wherein the password inventory comprises a list of one or more passwords, wherein each of the one or more passwords corresponds to a password key;
  
  program instructions to update the password inventory without input from a user, wherein updating the password inventory comprises one or more of;
  
  sending a new list of password keys, wherein each password key corresponds to each password; and
  
  sending a new list of passwords, wherein each password corresponds to each password key;
  
  program instructions to receive a first login request from a first device;
  
  program instructions to transmit information detailing a first password key to the first device, wherein the first password key corresponds to a first password from the list of one or more passwords, and wherein the first password key is selected regardless of the order of the list of one or more passwords;
  
  program instructions to receive information detailing a first entered password from the first device; and
  
  program instructions to determine whether the first entered password is identical to the first password from the list of one or more passwords.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein the list of more than one password comprises one or more dummy passwords, and the computer program product further comprising:
    - based on determining that the first entered password is not identical to the first password from the list of one or more passwords, program instructions to determine that the first entered password is identical to a dummy password from the list of one or more passwords; and
      
      program instructions to initiate protocols corresponding to an unauthorized login attempt.
  - 10. The computer program product of claim 9, wherein the program instructions to initiate protocols corresponding to an unauthorized login attempt further comprises:
    - program instructions to update the password inventory; and
      
      program instructions to transmit information detailing a portion of the password inventory to a third device, wherein the user has access to the third device.
  - 11. The computer program product of claim 8, further comprising based on updating the password inventory, program instructions to transmit information detailing a portion of the password inventory to a third device, wherein the user has access to the third device.
  - 12. The computer program product of claim 8, further comprising:
    - program instructions to receive a second login request from a second device;
      
      program instructions to transmit information detailing a second password key to the second device, wherein the second password key corresponds to a second password from the list of one or more passwords, and wherein the second password is not identical to first password from the list of one or more passwords;
      
      program instructions to receive a second entered password from the second device; and
      
      program instructions to determine whether the second entered password is identical to the second password from the list of one or more passwords.
  - 13. The computer program product of claim 12, further comprising:
    - based on determining that the second entered password is not identical to the second password from the list of one or more passwords, program instructions to determine that the second entered password is identical to the first password; and
      
      program instructions to initiate protocols corresponding to an unauthorized login attempt.
  - 14. The computer program product of claim 8, further comprising:
    - program instructions to determine that the first entered password is identical to a first password corresponding to the first password key; and
      
      program instructions to authenticate the user.

15. A computer system for authenticating a user, the computer system comprising:
- one or more processors, one or more non-transitory computer-readable memories, one or more computer-readable tangible storage devices, and program instructions stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, the program instructions comprising;
  
  program instructions to create a password inventory, wherein the password inventory comprises a list of one or more passwords, wherein each of the one or more passwords corresponds to a password key;
  
  program instructions to update the password inventory without input from a user, wherein updating the password inventory comprises one or more of;
  
  sending a new list of password keys, wherein each password key corresponds to each password; and
  
  sending a new list of passwords, wherein each password corresponds to each password key;
  
  program instructions to receive a first login request from a first device;
  
  program instructions to transmit information detailing a first password key to the first device, wherein the first password key corresponds to a first password from the list of one or more passwords, and wherein the first password key is selected regardless of the order of the list of one or more passwords;
  
  program instructions to receive information detailing a first entered password from the first device; and
  
  program instructions to determine whether the first entered password is identical to the first password from the list of one or more passwords.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system of claim 15, wherein the list of more than one password comprises one or more dummy passwords, and the computer program product further comprising:
    - based on determining that the first entered password is not identical to the first password from the list of one or more passwords, program instructions to determine that the first entered password is identical to a dummy password from the list of one or more passwords; and
      
      program instructions to initiate protocols corresponding to an unauthorized login attempt.
  - 17. The computer system of claim 16, wherein the program instructions to initiate protocols corresponding to an unauthorized login attempt further comprises:
    - program instructions to update the password inventory; and
      
      program instructions to transmit information detailing a portion of the password inventory to a third device, wherein the user has access to the third device.
  - 18. The computer system of claim 15, further comprising based on updating the password inventory program instructions to transmit information detailing a portion of the password inventory to a third device, wherein the user has access to the third device.
  - 19. The computer system of claim 15, further comprising:
    - program instructions to receive a second login request from a second device;
      
      program instructions to transmit information detailing a second password key to the second device, wherein the second password key corresponds to a second password from the list of one or more passwords, and wherein the second password is not identical to first password from the list of one or more passwords;
      
      program instructions to receive a second entered password from the second device; and
      
      program instructions to determine whether the second entered password is identical to the second password from the list of one or more passwords.
  - 20. The computer system of claim 19, further comprising:
    - based on determining that the second entered password is not identical to the second password from the list of one or more passwords, program instructions to determine that the second entered password is identical to the first password; and
      
      program instructions to initiate protocols corresponding to an unauthorized login attempt.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Childress, Rhonda L., Goldberg, Itzhack, Pickover, Clifford A., Sondhi, Neil
Primary Examiner(s)
Lagor, Alexander

Application Number

US14/847,047
Publication Number

US 20170068814A1
Time in Patent Office

994 Days
Field of Search

726 4- 6, 713182-184, 709225
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/45   Structures or tools for the...

G06F 21/46   by designing passwords or c...

G06F 2221/2115   Third party

H04L 63/06   for supporting key manageme...

H04L 63/062   for key distribution, e.g. ...

H04L 63/083   using passwords cryptograph...

H04L 63/1466   Active attacks involving in...

H04L 63/20   for managing network securi...

H04W 12/041   Key generation or derivation

Password management system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Password management system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links