SCALABLE AND AUTOMATED SECRET MANAGEMENT
First Claim
1. A method for secret management, comprising:
- automatically generating a first secret used to access a resource;
securely storing the first secret with other secrets;
determining when a request is made from a user for the first secret;
providing the first secret to access the resource a single time;
determining when the first secret has expired;
determining when the user is authorized to access the resource by using a lockbox to analyze a plurality of predefined conditions, wherein the lockbox evaluates user authorization at predetermined intervals;
automatically generating a second secret to replace the first secret in response to determining that the first secret has expired and the user is authorized to access the resource; and
replacing the first secret with the second secret.
3 Assignments
0 Petitions
Accused Products
Abstract
A secret (e.g. a password, key, certificate) is automatically generated by a system. For example, at the time of deployment of a computing machine, a password may be generated and securely stored by the system with other secrets. The password may be used by the system to perform various operations (e.g. configuring the machine, . . . ). When a secret is requested by a user to access a resource, a secret is provided to the user. Once the secret has been utilized by the user, the secret is reset and replaced with a newly generated secret. All/portion of the secrets may also be automatically regenerated. For example, when a breach occurs and/or is suspected, each of the secrets may be replaced with newly generated secrets and securely stored. Auditing and reporting may also be provided (e.g. each request/access to a secret is logged).
20 Citations
22 Claims
-
1. A method for secret management, comprising:
-
automatically generating a first secret used to access a resource; securely storing the first secret with other secrets; determining when a request is made from a user for the first secret; providing the first secret to access the resource a single time; determining when the first secret has expired; determining when the user is authorized to access the resource by using a lockbox to analyze a plurality of predefined conditions, wherein the lockbox evaluates user authorization at predetermined intervals; automatically generating a second secret to replace the first secret in response to determining that the first secret has expired and the user is authorized to access the resource; and replacing the first secret with the second secret. - View Dependent Claims (2, 5, 6, 7, 8, 9, 21, 22)
-
-
3-4. -4. (canceled)
-
10. A computer-readable storage device storing computer-executable
instructions for secret management, comprising: -
automatically generating a first secret used to access a resource; securely storing the first secret with other secrets; determining when a request is made from a user for the first secret; providing the first secret to access the resource a single time; determining when the first secret has expired; determining when the user is authorized to access the resource by using a lockbox that analyzes a plurality of predefined conditions, wherein the lockbox evaluates user authorization at predetermined intervals; automatically generating a second secret to replace the first secret in response to determining at least one of;
the first secret has expired and the user is authorized to have access to the resource; andreplacing the first secret with the second secret. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A system for secret management, comprising:
-
a processor and a memory; an operating environment executing using the processor; and a secret manager that is configured to perform actions comprising; automatically generating a first secret used to access a resource; securely storing the first secret with other secrets; determining when a request is made from a user for the first secret; providing the first secret to access the resource a single time; determining when the first secret has expired; determining when the user is authorized to access the resource by using a lockbox that analyzes a plurality of predefined conditions, wherein the lockbox evaluates user authorization at predetermined intervals; automatically generating a second secret to replace the first secret in response to determining at least one of;
the first secret has expired and the user is authorized to have access to the resource; andreplacing the first secret with the second secret. - View Dependent Claims (18, 19, 20)
-
Specification