| 发明名称 |
SYNCHRONIZING CREDENTIAL HASHES BETWEEN DIRECTORY SERVICES |
| 摘要 |
The subject disclosure is directed towards securely synchronizing passwords that are changed at a source location (e.g., an on-premises directory service) to a target location (e.g., a cloud directory service), so that the same credentials may be used to log into the source or target location, yet without necessarily having each domain controller handle the synchronization. The plaintext password is not revealed, instead using hash values computed therefrom to represent the password-related data. The target may receive a secondary hash of a primary hash, and thereby only receive and store a password blob. Authentication is accomplished by using the same hashing algorithms at the target service to compute a blob and compare against the synchronized blob. Also described are crypto agility and/or changing hashing algorithms without requiring a user password change. |
| 申请公布号 |
US2016301694(A1) |
申请公布日期 |
2016.10.13 |
| 申请号 |
US201615042143 |
申请日期 |
2016.02.11 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Luk Jonathan M.;Gordon Ariel N.;Chikkamagalur Raman N.;Elmalki Ziad;Gubenko Sergii;Chander Girish;Somasekaran Anandhi;Satagopan Murli D. |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. In a computing environment, a method comprising, receiving a hash value computed based upon a plaintext password, in which the hash value was computed in response to a password change event at a source service, and exporting data that corresponds to the hash value to a target service to synchronize the data that corresponds to the hash value to the target service for use in identity authentication. |
| 地址 |
Redmond WA US |
