Systems and methods for managing credentials used to authenticate access in data processing systems
First Claim
1. A system comprising:
- a processor and memory; and
machine readable instructions stored in the memory and executed by the processor, configured to;
receive a first request to replace a first credential used to access one or more resources with a second credential that is to be subsequently used to access the one or more resources;
in response to receiving the first request, perform a transitional secret procedure by replacing the first credential with the second credential and by allowing temporary subsequent use of the first credential to access the one or more resources for a predetermined period, wherein a length of the predetermined period is based on a determined level of access associated with a requesting device that is using the first credential to request access to the one or more resources during the predetermined period, such that the predetermined period is different for different levels of access;
as a part of performing the transitional secret procedure, cause the transitional secret procedure to be transparent to the requesting device such that only the system, which operates as a central authentication system for granting or denying requests to access the one or more resources, is knowledgeable that both the first credential and the second credential are usable to access the one or more resources during the predetermined period; and
in response to receiving a second request to access the one or more resources using the first credential after replacing the first credential with the second credential, where the second request is received from the requesting device;
allow the requesting device to access the one or more resources using the first credential during the predetermined period, wherein both the first credential and the second credential are usable to access the one or more resources during the predetermined period, which is based on the determined level of access of the requesting device; and
generate an indication for a system administrator that the first credential was used to access the one or more resources.
1 Assignment
0 Petitions
Accused Products
Abstract
A system receives a first request to replace a first credential used by an entity to access one or more resources with a second credential to be used by the entity to access the one or more resources. In response to receiving the first request, the system replaces the first credential with the second credential and allows use of the first credential for a predetermined period. In response to receiving a second request from the entity to access the one or more resources using the first credential after replacing the first credential with the second credential, the system allows the entity to access the one or more resources using the first credential during the predetermined period, and generates an indication that the entity used the first credential to access the one or more resources and that the entity is to be updated with the second credential within the predetermined period.
21 Citations
20 Claims
-
1. A system comprising:
-
a processor and memory; and machine readable instructions stored in the memory and executed by the processor, configured to; receive a first request to replace a first credential used to access one or more resources with a second credential that is to be subsequently used to access the one or more resources; in response to receiving the first request, perform a transitional secret procedure by replacing the first credential with the second credential and by allowing temporary subsequent use of the first credential to access the one or more resources for a predetermined period, wherein a length of the predetermined period is based on a determined level of access associated with a requesting device that is using the first credential to request access to the one or more resources during the predetermined period, such that the predetermined period is different for different levels of access; as a part of performing the transitional secret procedure, cause the transitional secret procedure to be transparent to the requesting device such that only the system, which operates as a central authentication system for granting or denying requests to access the one or more resources, is knowledgeable that both the first credential and the second credential are usable to access the one or more resources during the predetermined period; and in response to receiving a second request to access the one or more resources using the first credential after replacing the first credential with the second credential, where the second request is received from the requesting device; allow the requesting device to access the one or more resources using the first credential during the predetermined period, wherein both the first credential and the second credential are usable to access the one or more resources during the predetermined period, which is based on the determined level of access of the requesting device; and generate an indication for a system administrator that the first credential was used to access the one or more resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
receiving a first request to replace a first credential used to access one or more resources with a second credential that is to be subsequently used to access the one or more resources; in response to receiving the first request, perform a transitional secret procedure by replacing the first credential with the second credential and by allowing temporary subsequent use of the first credential to access the one or more resources for a predetermined period, wherein a length of the predetermined period is based on a determined level of access associated a requesting device that is using the first credential to request access to the one or more resources during the predetermined period, such that the predetermined period is different for different levels of access; as a part of performing the transitional secret procedure, causing the transitional secret procedure to be transparent to the requesting device such that only a central authentication system, which grants or denies requests to access the one or more resources, is knowledgeable that both the first credential and the second credential are usable to access the one or more resources during the predetermined period; and in response to receiving a second request to access the one or more resources using the first credential after replacing the first credential with the second credential, where the second request is received from the requesting device; allowing to access the one or more resources using the first credential during the predetermined period, wherein both the first credential and the second credential are usable to access the one or more resources during the predetermined period, which is based on the determined level of access of the requesting device; and indicating to a system administrator that the first credential was used to access the one or more resources. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. One or more hardware storage device(s) having stored thereon computer-executable instructions that are executable by one or more processor(s) of a computer system to cause the computer system to:
-
receive a first request to replace a first credential used to access one or more resources with a second credential that is to be subsequently used to access the one or more resources; in response to receiving the first request, perform a transitional secret procedure by replacing the first credential with the second credential and by allowing temporary subsequent use of the first credential to access the one or more resources for a predetermined period, wherein a length of the predetermined period is based on a determined level of access associated with a requesting device that is using the first credential to request access to the one or more resources during the predetermined period, such that the predetermined period is different for different levels of access; as a part of performing the transitional secret procedure, cause the transitional secret procedure to be transparent to the requesting device such that only the computer system, which operates as a central authentication system for granting or denying requests to access the one or more resources, is knowledgeable that both the first credential and the second credential are usable to access the one or more resources during the predetermined period; and in response to receiving a second request to access the one or more resources using the first credential after replacing the first credential with the second credential, where the second request is received from the requesting device; allow the requesting device to access the one or more resources using the first credential during the predetermined period, wherein both the first credential and the second credential are usable to access the one or more resources during the predetermined period, which is based on the determined level of access of the requesting device; and generate an indication for a system administrator that the first credential was used to access the one or more resources. - View Dependent Claims (18, 19, 20)
-
Specification