Dynamically mitigating a noncompliant password

US 7,934,101 B2
Filed: 04/16/2004
Issued: 04/26/2011
Est. Priority Date: 04/16/2004
Status: Active Grant

First Claim

Patent Images

1. A method of dynamically mitigating a noncompliant password, the method comprising:

obtaining a password from a user when the user attempts to access a service;

determining whether the password meets quality criteria;

if the password does not meet the quality criteria, granting to the user a different level of access to the service than if the password meets the quality criteria;

wherein the user is associated with a particular user role, of a plurality of user roles;

wherein determining whether the password meets quality criteria comprises determining whether the password meets quality criteria for the particular user role, and wherein a different quality criteria is associated with a second user role of the plurality of user roles;

wherein the quality criteria is based, at least in part, on a strength of the password;

wherein the method is performed by one or more computing devices.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for dynamically mitigating a noncompliant password. The techniques include obtaining a password from a user when the user attempts to access a service; determining whether the password meets quality criteria; and if the password does not meet the quality criteria, performing one or more responsive actions that relate to accessing the service.

Citations

72 Claims

1. A method of dynamically mitigating a noncompliant password, the method comprising:
- obtaining a password from a user when the user attempts to access a service;
  
  determining whether the password meets quality criteria;
  
  if the password does not meet the quality criteria, granting to the user a different level of access to the service than if the password meets the quality criteria;
  
  wherein the user is associated with a particular user role, of a plurality of user roles;
  
  wherein determining whether the password meets quality criteria comprises determining whether the password meets quality criteria for the particular user role, and wherein a different quality criteria is associated with a second user role of the plurality of user roles;
  
  wherein the quality criteria is based, at least in part, on a strength of the password;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising:
    - if the password meets the quality criteria, granting to the user a first level of access to the service, wherein the granting of the first level of access to the service is dependent on the password exceeding a quality criteria threshold.
  - 3. The method of claim 1, further comprising:
    - if the password meets a second quality criteria, granting to the user a second level of access to the service, wherein the second level of access to the service is associated with the second quality criteria, wherein the second quality criteria is distinct from the quality criteria and wherein, if a particular password meets the quality criteria, then the password meets the second quality criteria.
  - 4. The method of claim 1, further comprising if the password does not meet the quality criteria, performing one or more of:
    - logging information related to the password;
      
      sending a report about the password;
      
      generating an alert about the password;
      
      forcing a password change;
      
      orblocking the user'"'"'s access to the service.
  - 5. The method of claim 1, further comprising providing user access to the service if the password does meet the quality criteria.
  - 6. The method of claim 1, wherein determining whether the password meets quality criteria further comprises one or more of the steps of:
    - performing a dictionary look-up based on one or more symbols used in the password;
      
      checking a length of the one or more symbols used in the password;
      
      checking a number of unique characters of the one or more symbols used in the password;
      
      checking a case of the characters in the one or more symbols used in the password;
      
      checking a sequencing of characters in the one or more symbols used in the password;
      
      orperforming statistical analysis based on the one or more symbols used in the password.
  - 7. The method of claim 1, wherein performing one or more responsive actions that relate to accessing the service comprises logging information related to the password.
  - 8. The method of claim 1, further comprising sending a report about the password if the password does not meet the quality criteria.
  - 9. The method of claim 1, further comprising generating an alert about the password if the password does not meet the quality criteria.
  - 10. The method of claim 1, further comprising forcing a password change if the password does not meet the quality criteria.
  - 11. The method of claim 1, further comprising blocking the user'"'"'s access to the service if the password does not meet the quality criteria.
  - 12. The method of claim 1, wherein obtaining the password from the user comprises obtaining the password from the user via a graphical user interface.
  - 13. The method of claim 1, wherein obtaining the password from the user comprises obtaining the password from the user via an electronic interface.
  - 14. The method of claim 1, wherein the method further comprises:
    - determining a quality score for the password, and wherein the step of determining whether the password meets quality criteria comprises comparing the quality score to a predefined threshold value.
  - 15. The method of claim 1, further comprising:
    - obtaining the password from a repository of passwords;
      
      making a first determination whether the password meets quality criteria;
      
      storing in a particular machine-readable medium an indication of the first determination for the password;
      
      wherein the step of determining whether the password meets quality criteria comprises accessing the particular machine-readable medium.
  - 16. The method of claim 1, wherein determining whether the password meets quality criteria comprises determining whether the password meets quality criteria for the service.
  - 17. The method of claim 1, wherein obtaining the password comprises an access service obtaining the password from the user when the user attempts to access the service, and wherein the access service comprises machine executable instructions executing on a particular machine, and the service comprises machine executable instructions executing on the same particular machine.
  - 18. The method of claim 1, wherein obtaining the password comprises an access service obtaining the password from the user when the user attempts to access the service, and wherein the access service comprises machine executable instructions executing on a first machine and the service comprises machine executable instructions executing on a second machine, wherein the first machine is distinct from the second machine.

19. A method of dynamically mitigating a noncompliant password, the method comprising:
- obtaining a password from a user when the user attempts to access a service;
  
  determining whether the password meets quality criteria;
  
  if the password does not meet the quality criteria, granting to the user a different level of access to the service than if the password meets the quality criteria;
  
  wherein the user is associated with a particular user role, of a plurality of user roles;
  
  wherein determining whether the password meets quality criteria comprises determining whether the password meets quality criteria for the particular user role and wherein a different quality criteria is associated with a second user role of the plurality of user roles;
  
  wherein the quality criteria is based, at least in part, on a strength of the password;
  
  wherein determining whether the password meets quality criteria further comprises one or more of the steps of;
  
  performing a dictionary look-up based on one or more symbols used in the password;
  
  checking a length of the one or more symbols used in the password;
  
  checking a number of unique characters of the one or more symbols used in the password;
  
  checking a case of the characters in the one or more symbols used in the password;
  
  checking a sequencing of characters in the one or more symbols used in the password;
  
  orperforming statistical analysis based on the one or more symbols used in the password;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (20)
- - 20. The method of claim 19, further comprising:
    - if the password meets the quality criteria, granting to the user a first level of access to the service, wherein the granting of the first level of access to the service is dependent on the password exceeding a quality criteria threshold.

21. A non-transitory machine-readable medium storing one or more sequences of instructions for dynamically mitigating a noncompliant password, which instructions, when executed by one or more processors, cause the one or more processors to perform:
- obtaining a password from a user when the user attempts to access a service;
  
  determining whether the password meets quality criteria;
  
  if the password does not meet the quality criteria, granting to the user a different level of access to the service than if the password meets the quality criteria;
  
  wherein the user is associated with a particular user role, of a plurality of user roles;
  
  wherein determining whether the password meets quality criteria comprises determining whether the password meets quality criteria for the particular user role and wherein a different quality criteria is associated with a second user role in the plurality of user roles;
  
  wherein the quality criteria is based, at least in part, on a strength of the password.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 22. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - if the password meets the quality criteria, granting to the user a first level of access to the service, wherein the granting of the first level of access to the service is dependent on the password exceeding a quality criteria threshold.
  - 23. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - if the password meets a second quality criteria, granting to the user a second level of access to the service, wherein the second level of access to the service is associated with the second quality criteria, wherein the second quality criteria is distinct from the quality criteria and wherein, if a particular password meets the quality criteria, then the password meets the second quality criteria.
  - 24. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - if the password does not meet the quality criteria, performing one or more of;
      
      logging information related to the password;
      
      sending a report about the password;
      
      generating an alert about the password;
      
      forcing a password change;
      
      orblocking the user'"'"'s access to the service.
  - 25. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - providing user access to the service if the password does meet the quality criteria.
  - 26. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed, cause the one or more processors to perform:
    - performing a dictionary look-up based on one or more symbols used in the password;
      
      checking a length of the one or more symbols used in the password;
      
      checking a number of unique characters of the one or more symbols used in the password;
      
      checking a case of the characters in the one or more symbols used in the password;
      
      checking a sequencing of characters in the one or more symbols used in the password;
      
      orperforming statistical analysis based on the one or more symbols used in the password.
  - 27. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - logging information related to the password if the password does not meet the quality criteria.
  - 28. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - sending a report about the password if the password does not meet the quality criteria.
  - 29. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - generating an alert about the password if the password does not meet the quality criteria.
  - 30. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - forcing a password change if the password does not meet the quality criteria.
  - 31. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - blocking the user'"'"'s access to the service if the password does not meet the quality criteria.
  - 32. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - obtaining the password from the user via a graphical user interface.
  - 33. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - obtaining the password from the user via an electronic interface.
  - 34. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - determining a quality score for the password, and wherein determining whether the password meets quality criteria comprises comparing the quality score to a predefined threshold value.
  - 35. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - obtaining the password from a repository of passwords;
      
      making a first determination whether the password meets quality criteria;
      
      storing in a particular machine-readable medium an indication of the first determination for the password;
      
      wherein determining whether the password meets quality criteria comprises accessing the particular machine-readable medium.
  - 36. The non-transitory machine-readable medium of claim 21, further storing instructions which, when executed by the one or more processors, cause the one or more processors to perform:
    - determining whether the password meets quality criteria for the service.

37. An apparatus for dynamically mitigating a noncompliant password, comprising:
- one or more processors;
  
  means for obtaining a password from a user when the user attempts to access a service;
  
  means for determining whether the password meets quality criteria;
  
  means for granting a different level of access, if the password does not meet the quality criteria, than if the password meets the quality criteria;
  
  wherein the user is associated with a particular user role, of a plurality of user roles;
  
  wherein determining whether the password meets quality criteria comprises determining whether the password meets quality criteria for the particular user role and wherein a different quality criteria is associated with a second user role in the plurality of user roles;
  
  wherein the quality criteria is based, at least in part, on the strength of the password.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 38. The apparatus of claim 37, further comprising:
    - means for granting a first level of access to the service if the password meets the quality criteria, wherein the first level of access to the service is associated with the quality criteria.
  - 39. The apparatus of claim 37, further comprising:
    - means for granting to the user a second level of access to the service, if the password meets a second quality criteria, wherein the second level of access to the service is associated with the second quality criteria, wherein the second quality criteria is distinct from the quality criteria and wherein, if a particular password meets the quality criteria, then the password meets the second quality criteria.
  - 40. The apparatus of claim 37, further comprising means for performing, if the password does not meet the quality criteria, one or more of:
    - means for logging information related to the password;
      
      means for sending a report about the password;
      
      means for generating an alert about the password;
      
      means for forcing a password change;
      
      ormeans for blocking the user'"'"'s access to the service.
  - 41. The apparatus of claim 37, wherein the apparatus further comprises means for providing user access to the service if the password does meet the quality criteria.
  - 42. The apparatus of claim 37, wherein the means for determining whether the password meets quality criteria further comprises one or more of:
    - means for performing a dictionary look-up based on one or more symbols used in the password;
      
      means for checking a length of the one or more symbols used in the password;
      
      means for checking a number of unique characters of the one or more symbols used in the password;
      
      means for checking a case of the characters in the one or more symbols used in the password;
      
      means for checking a sequencing of characters in the one or more symbols used in the password;
      
      ormeans for performing statistical analysis based on the one or more symbols used in the password.
  - 43. The apparatus of claim 37, further comprising means for logging information related to the password if the password does not meet the quality criteria.
  - 44. The apparatus of claim 37, further comprising means for sending a report about the password if the password does not meet the quality criteria.
  - 45. The apparatus of claim 37, further comprising means for generating an alert about the password if the password does not meet the quality criteria.
  - 46. The apparatus of claim 37, further comprising means for forcing a password change if the password does not meet the quality criteria.
  - 47. The apparatus of claim 37, further comprising means for blocking the user'"'"'s access to the service if the password does not meet the quality criteria.
  - 48. The apparatus of claim 37, wherein the means for obtaining the password from the user comprises means for obtaining the password from the user via a graphical user interface.
  - 49. The apparatus of claim 37, wherein the means for obtaining the password from the user comprises means for obtaining the password from the user via an electronic interface.
  - 50. The apparatus of claim 37, wherein the apparatus further comprises means for determining a quality score for the password, and wherein the means for determining whether the password meets quality criteria comprises means for comparing the quality score to a predefined threshold value.
  - 51. The apparatus of claim 37, further comprising:
    - means for obtaining the password from a repository of passwords;
      
      means for making a first determination whether the password meets quality criteria;
      
      means for storing in a particular machine-readable medium an indication of the first determination for the password;
      
      wherein the means for determining whether the password meets quality criteria comprises means for accessing the particular machine-readable medium.
  - 52. The apparatus of claim 37, wherein means for determining whether the password meets quality criteria comprises means for determining whether the password meets quality criteria for the service.
  - 53. The apparatus of claim 37, wherein the means for obtaining the password comprises means for an access service to obtain the password from the user when the user attempts to access the service, and wherein the access service comprises means for executing on a particular machine, and wherein the service comprises means for executing on the same particular machine.
  - 54. The apparatus of claim 37, wherein the means for obtaining the password comprises means for an access service to obtain the password from the user when the user attempts to access the service, and wherein the access service comprises means for executing on a first machine and the service comprises means for executing on a second machine, wherein the first machine is distinct from the second machine.

55. An apparatus for dynamically mitigating a noncompliant password, comprising:
- a network interface that is coupled to the data network for receiving one or more packet flows therefrom;
  
  a processor;
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform;
  
  obtaining a password from a user when the user attempts to access a service;
  
  determining whether the password meets quality criteria;
  
  if the password does not meet the quality criteria, granting to the user a different level of access to the service than if the password meets the quality criteria;
  
  wherein the user is associated with a particular user role, of a plurality of user roles;
  
  wherein determining whether the password meets quality criteria comprises determining whether the password meets quality criteria for the particular user role and wherein a different quality criteria is associated with a second user role in the plurality of user roles;
  
  wherein the quality criteria is based, at least in part, on a strength of the password.
- View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72)
- - 56. The apparatus of claim 55, further comprising instructions which, when executed by the processor, cause the processor to perform:
    - if the password meets the quality criteria, granting to the user a first level of access to the service, wherein the granting of the first level of access to the service is dependent on the password exceeding a quality criteria threshold.
  - 57. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - if the password meets a second quality criteria, granting to the user a second level of access to the service, wherein the second level of access to the service is associated with the second quality criteria, wherein the second quality criteria is distinct from the quality criteria and wherein, if a particular password meets the quality criteria, then the password meets the second quality criteria.
  - 58. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - if the password does not meet the quality criteria, performing one or more of;
      
      logging information related to the password;
      
      sending a report about the password;
      
      generating an alert about the password;
      
      forcing a password change;
      
      orblocking the user'"'"'s access to the service.
  - 59. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - providing user access to the service if the password does meet the quality criteria.
  - 60. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - performing a dictionary look-up based on a one or more symbols used in the password;
      
      checking a length of the one or more symbols used in the password;
      
      checking a number of unique characters of the one or more symbols used in the password;
      
      checking a case of the characters in the one or more symbols used in the password;
      
      checking a sequencing of characters in the one or more symbols used in the password;
      
      orperforming statistical analysis based on the one or more symbols used in the password.
  - 61. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - logging information related to the password if the password does not meet the quality criteria.
  - 62. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - sending a report about the password if the password does not meet the quality criteria.
  - 63. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - generating an alert about the password if the password does not meet the quality criteria.
  - 64. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - forcing a password change if the password does not meet the quality criteria.
  - 65. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - blocking the user'"'"'s access to the service if the password does not meet the quality criteria.
  - 66. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - obtaining the password from the user via a graphical user interface.
  - 67. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - obtaining the password from the user via an electronic interface.
  - 68. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - ;
      
      determining a quality score for the password, and wherein determining whether the password meets quality criteria comprises comparing the quality score to a predefined threshold value.
  - 69. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - obtaining the password from a repository of passwords;
      
      making a first determination whether the password meets quality criteria;
      
      storing in a particular machine-readable medium an indication of the first determination for the password;
      
      wherein the step of determining whether the password meets quality criteria comprises accessing the particular machine-readable medium.
  - 70. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - determining whether the password meets quality criteria for the service.
  - 71. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - an access service obtaining the password from the user when the user attempts to access the service, and wherein the access service comprises machine executable instructions executing on the apparatus, and the service comprises machine executable instruction executing on the same apparatus.
  - 72. The apparatus of claim 55, further comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform:
    - an access service obtaining the password from the user when the user attempts to access the service, and wherein the access service comprises machine executable instructions executing on a first machine and the service comprises machine executable instructions executing on a second machine, wherein the first machine is distinct from the second machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Potter, Darran, Stieglitz, Jeremy
Primary Examiner(s)
Abrishamkar; Kaveh

Application Number

US10/825,827
Publication Number

US 20050235341A1
Time in Patent Office

2,566 Days
Field of Search

None
US Class Current

713/183
CPC Class Codes

G06F 21/46   by designing passwords or c...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

H04L 63/083   using passwords cryptograph...

H04L 63/0892   by using authentication-aut...

Dynamically mitigating a noncompliant password

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

72 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamically mitigating a noncompliant password

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

72 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links