-
公开(公告)号:US09769170B2
公开(公告)日:2017-09-19
申请号:US15042143
申请日:2016-02-11
发明人: Jonathan M. Luk , Ariel N. Gordon , Raman N. Chikkamagalur , Ziad Elmalki , Sergii Gubenko , Girish Chander , Anandhi Somasekaran , Murli D. Satagopan
CPC分类号: H04L9/16 , G06F21/31 , G06F21/45 , H04L9/0643 , H04L9/0891 , H04L9/3226 , H04L9/3236 , H04L63/0823 , H04L63/083 , H04L63/0876 , H04L2209/38
摘要: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.
-
公开(公告)号:US09716717B2
公开(公告)日:2017-07-25
申请号:US15042143
申请日:2016-02-11
发明人: Jonathan M. Luk , Ariel N. Gordon , Raman N. Chikkamagalur , Ziad Elmalki , Sergii Gubenko , Girish Chander , Anandhi Somasekaran , Murli D. Satagopan
摘要: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.
-
公开(公告)号:US20160301694A1
公开(公告)日:2016-10-13
申请号:US15042143
申请日:2016-02-11
发明人: Jonathan M. Luk , Ariel N. Gordon , Raman N. Chikkamagalur , Ziad Elmalki , Sergii Gubenko , Girish Chander , Anandhi Somasekaran , Murli D. Satagopan
IPC分类号: H04L29/06
CPC分类号: H04L9/16 , G06F21/31 , G06F21/45 , H04L9/0643 , H04L9/0891 , H04L9/3226 , H04L9/3236 , H04L63/0823 , H04L63/083 , H04L63/0876 , H04L2209/38
摘要: The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change.
摘要翻译: 主题公开旨在将在源位置(例如,本地目录服务)改变的密码安全地同步到目标位置(例如,云目录服务),使得可以使用相同的凭证登录 源或目标位置,但不必使每个域控制器处理同步。 明文密码不显示,而是使用从其计算的哈希值来表示密码相关数据。 目标可以接收主散列的辅助散列,从而仅接收和存储密码blob。 通过在目标服务处使用相同的散列算法来计算一个blob并与同步的blob进行比较来实现认证。 还描述了密码敏捷性和/或改变散列算法,而不需要用户密码改变。
-
公开(公告)号:US10069630B2
公开(公告)日:2018-09-04
申请号:US15635799
申请日:2017-06-28
发明人: Jonathan M. Luk , Ariel N. Gordon , Raman N. Chikkamagalur , Ziad Elmalki , Sergii Gubenko , Girish Chander , Anandhi Somasekaran , Murli Dharan Satagopan
摘要: A system includes a target directory service, a domain mesh with a plurality of domains, and a synchronization host coupled to the domain mesh. The synchronization host is configured to synchronize password changes received in the domain mesh with the target directory service. Synchronizing the password changes includes receiving at the synchronization host a hash value representative of a plaintext password from the domain mesh, performing at the synchronization host an additional hash on the hash value to generate protected password data, and exporting the protected password data from the synchronization host to the target directory service.
-
-
-
搜索结果
4 条记录 (耗时 0.013 秒)
