| 发明名称 |
Automatic Key Management Using Enterprise User Identity Management |
| 摘要 |
A method forms a key pair for a user. The key pair has a public key and a private key that is unique to the user and that is encrypted using a passphrase formed from an enterprise password of the user and an identification that uniquely identifies in the enterprise a device by which the user gains access. The method stores the private key in the user device and stores the public key in an enterprise server that is accessed by the user. The method provides the private key from the user device to a client, such as a SSH client, in conjunction with the password and the identification, decrypts the private key to obtain the decrypted password and the identification, and allows the user to access the enterprise server only if the decrypted password and the identification match the password and the identification provided with the private key. |
| 申请公布号 |
US2016241558(A1) |
申请公布日期 |
2016.08.18 |
| 申请号 |
US201514621852 |
申请日期 |
2015.02.13 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Adam Constantin M.;Hernandez Milton H.;Sreedhar Vugranam C.;Vivekanandan Prema |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method implemented by at least one data processor, comprising:
forming a key pair for a user, the key pair comprising a public key and a private key that is unique to the user and that is encrypted using a passphrase comprised of an enterprise password of the user and an identification that uniquely identifies in the enterprise a user device by which the user accesses the enterprise, where the encrypted private key is comprised of the passphrase; storing the encrypted private key in the user device and storing the public key in at least one enterprise server that is accessed by the user via the user device and a server access function; subsequently, when the user accesses the enterprise server, providing the encrypted private key, that was stored in the user device, from the user device to the server access function in conjunction with the password and the identification that uniquely identifies in the enterprise the user device by which the user accesses the enterprise; decrypting at the server access function the encrypted private key using the provided password and the identification that uniquely identifies in the enterprise the user device to obtain from the decrypted private key the password and the identification that uniquely identifies in the enterprise the user device; comparing the provided password and the identification that uniquely identifies in the enterprise the user device with the password and the identification that uniquely identifies in the enterprise the user device that are obtained from the decrypted private key; and granting the user access to the enterprise server via the user device and the server access function only if the provided password and the identification that uniquely identifies in the enterprise the user device matches with the password and the identification that uniquely identifies in the enterprise the user device that are obtained from the decrypted private key. |
| 地址 |
Armonk NY US |
