60 results about "Password policy" patented technology

Objects can be extracted from data flows captured by a capture device. In one embodiment, the invention includes assigning to each captured object a cryptographic status based on whether the captured object is encrypted. In one embodiment, the invention further includes determining whether the object violated a cryptographic policy using the assigned cryptographic status of the object.

Methods and systems for establishing a consistent password policy. A plurality of password policies is described in a computer usable password policy data structure. The computer usable password policy data structure is accessed by a password policy enforcement agent. Optionally, the computer usable password policy data structure is validated for authenticity by the password policy enforcement agent. Optionally, the password policy enforcement agent can report back to a centralized configuration and aggregation point repository in order to provide a consistent view of policy enforcement.

A method of controlling password changes in a system having a plurality of data processing systems having separate password registries. Contents of passwords in the password registries of the data processing systems are controlled using password content policies that are centrally shared between the plurality of data processing systems.

Embodiments authenticate a user in response to receiving from a Kerberos key distribution center (“KDC”) a request to authenticate the user that includes a user identification (“ID”). Embodiments retrieve a user record corresponding to the user ID, the user record including a principal key. Embodiments decrypt the principal key using a tenant-specific encryption key and encrypt the decrypted principal key using a Kerberos master key to generate an encrypted principal key. Embodiments retrieve a password policy corresponding to the user ID. Based on the retrieved password policies, embodiments construct password state attributes and return to the KDC the encrypted principal key, the password policy and the password state attributes.

Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed.

A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Method, instructions and system for establishing and enforcing change password policy in a single sign-on environment. In response to receiving a change instruction identifying a first single sign-on password, the first single sign-on password is changed to create a second single sign-on password. Then a target password is retrieved. The target password is modified in a user selected manner to match the second single sign-on password to create a modified target password. The modified target password is stored. In response to a request from a user requesting access to an application, the modified target password is retrieved and the modified target password is provided to the requested application.

Techniques for managing accounts are provided. An access management system may check out credentials for accessing target systems. For example a user may receive a password for a period of time or until checked back in. Access to the target system may be logged during this time. Upon the password being checked in, a security account may modify the password so that the user may not log back in without checking out a new password. Additionally, in some examples, password policies for the security account may be managed. As such, when a password policy changes, the security account password may be dynamically updated. Additionally, in some examples, hierarchical viewing perspectives may be determined and/or selected for visualizing one or more managed accounts. Further, accounts may be organized into groups based on roles, and grants for the accounts may be dynamically updated as changes occur or new accounts are managed.

Systems and/or methods of secure communication of information between multi-domain virtual private networks (VPNs) are presented. A dynamic group VPN (DGVPN) can reside in one domain and a disparate DGVPN can reside in a disparate domain. An administrative security authority (ASA) can be employed in each domain. Each ASA can generate and exchange respective keying material and crypto-policy information to be used for inter-domain communications when routing data from a member in one DGVPN to a member(s) in the disparate DGVPN, such that an ASA in one domain can facilitate encryption of data in accordance with the policy of the other domain before the data is sent to the other domain. Each ASA can establish a key server to generate the keying material and crypto-policy information associated with its local DGVPN, and such material and information can be propagated to intra-domain members.

The invention provides a method for dynamically setting a password by setting a graphic per se in a grid digital array. The method comprises the following steps of: setting the graphic, a counting point and a password point per se in the grid array with abscissas and ordinates, setting a positioning point and reference point arrangement sequence per se in the graphic, simultaneously performing password counting in any one of the eight directions of the grid digital array, transmitting a counted password into a computer server and storing the password as a graphic password; and moving the self-set graphic into the grid digital array with the abscissas and the ordinates, obtaining an abscissa and ordinate point and the password point in the moved graphic according to the self-set counting point, and obtaining the password every time the graphic is moved until meeting the requirement of a network on password digits to dynamically finish password login by the easily-remembered graphic capable of preventing the password from being detected. By the method for dynamically obtaining the password and finishing the login, even though the graphic is the same, the same password cannot be obtained due to different graphic positioning points, different counting points and different password points. Therefore, the password security of a user can be greatly and effectively protected, and sudden attacks from bogusware such as Trojan and the like, and different kinds of snooping and harassing attacks in front of automatic teller machines are prevented; and the method is easy to remember and operate, and highly preventive.

The invention discloses a method and a device for managing a device weak password. The method comprises steps: according to a preset account login password security check standard, a user account with a weak password in a target device is acquired; according to a preset password policy, a new login password meeting the preset password policy is generated for the user account with a weak password, weak password detection is carried out on the generated new login password, and if the new login password is not a weak password, the login password of the user account with the weak password is set to be the new login password. According to the method provided by the invention, weak password check and automatic repairing can be completed automatically, the work of a maintenance person can be lessened, the weak password in the device can be timely corrected, existence of a weak password in a network system is eliminated in a shortest time, and system data loss caused by a weak password and economic loss brought to an enterprise are further avoided.

The invention discloses a method for realizing integration of an IAS system and a Radius system, wherein, a domain user is established in the IAS system and configured with a password, a password strategy and authorization; a user having the same name with the domain user is established in the Radius system; when the user inputs an arbitrary password, the Radius system binds a pricing strategy and an authentication strategy for the user; the IAS system and the Radius system jointly authenticate the domain user. By adopting the method of the invention, the IAS system and the Radius system are integrated for finishing the treatment procedures synchronously, such as authentication and charging when the user logs in network or computer domain, which not only reduces the workload of login for the user, but also realizes one step login for the user, thus greatly enhancing the security, meeting the requirements for convenience and security of the login from enterprises and making a great progress over the prior art.

Embodiments of the invention provide an unlocking method and an intelligent terminal. The method comprises the steps of receiving an unlocking password currently input by a user, wherein the unlocking password at least comprises any one of the following information: a password point, a password line and a password graph; judging whether a frequency of passing a preset password by a track of the currently input unlocking password is a preset passing frequency or not; if yes, judging whether the track of the currently input unlocking password and a track of an unlocking password of previous successful unlocking meet a preset difference condition or not; and when the track of the currently input unlocking password and the track of an unlocking password of previous successful unlocking meet the preset difference condition, indicating that the unlocking is successful. According to the embodiments of the method and the terminal, the risk of cracking the unlocking password by others can be lowered, so that the security of the unlocking password can be improved.

An image forming apparatus capable of notifying a user of violation of the information security policy or preventing execution of the job from being stopped. A password policy set via a password policy-setting screen. A password-added print job transmitted from a PC is stored in a storage device. A user inputs a password so as to execute processing of the password-added print job stored in the storage device. If the password input by the user matches the password added to the job, processing of the password-added print job is executed. It is determined whether or not the password added to the print job satisfies the password policy.