US20150356067A1 - Method and system for easily and securely managing multiple keys used to have access to multiple computing resources - Google Patents

Method and system for easily and securely managing multiple keys used to have access to multiple computing resources Download PDF

Info

Publication number
US20150356067A1
US20150356067A1 US14/740,881 US201514740881A US2015356067A1 US 20150356067 A1 US20150356067 A1 US 20150356067A1 US 201514740881 A US201514740881 A US 201514740881A US 2015356067 A1 US2015356067 A1 US 2015356067A1
Authority
US
United States
Prior art keywords
key
fields
input
user
keys
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/740,881
Inventor
Frederic Bauchot
Jean-Luc Collet
Francois X. Drouet
Gerard Marmigere
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US14/740,881 priority Critical patent/US20150356067A1/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: COLLET, JEAN-LUC, DROUET, FRANCOIS X., MARMIGERE, GERARD, BAUCHOT, FREDERIC
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION CORRECTIVE ASSIGNMENT TO CORRECT THE EXECUTION DATE OF INVENTOR FREDERIC BAUCHOT PREVIOUSLY RECORDED ON REEL 035846 FRAME 0346. ASSIGNOR(S) HEREBY CONFIRMS THE EXECUTION DATE OF FREDERIC BAUCHOT'S SIGNATURE WAS INCORRECT AS 05/15/2015 IT SHOULD BE 06/15/2015. Assignors: BAUCHOT, FREDERIC, COLLET, JEAN-LUC, DROUET, FRANCOIS X., MARMIGERE, GERARD
Publication of US20150356067A1 publication Critical patent/US20150356067A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • G06F17/243
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/10Text processing
    • G06F40/166Editing, e.g. inserting or deleting
    • G06F40/174Form filling; Merging
    • G06F17/245
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0481Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
    • G06F3/04817Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0481Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
    • G06F3/0482Interaction with lists of selectable items, e.g. menus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • G06F3/04842Selection of displayed objects or displayed text elements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • G06F3/0486Drag-and-drop
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/10Text processing
    • G06F40/166Editing, e.g. inserting or deleting
    • G06F40/177Editing, e.g. inserting or deleting of tables; using ruled lines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party

Definitions

  • the present invention is directed to security in the field of data processing, and in particular to a method, system and computer program for easily and securely managing multiple keys used to have access to one or a plurality of computing resources.
  • DataSets can be in any kind of information repository, application or computing resource.
  • Such information repositories or computing resources regardless of their nature and implementation, will be referred to herein as “DataSets”.
  • the access to a DataSet is usually protected to avoid unauthorized users to retrieve information that they are not allowed to reach.
  • the protection of information and the control of its access are typically achieved by means of user identifiers (UserId) and passwords.
  • the protection and control means are not limited to UserId and password, and may also comprise other fields like an account identifier (AccountId), or a server identifier (ServerId), etc . . . All these pieces of information required to get access to a given DataSet will be referred to herein as the “Key”, regardless of the number of individual fields (such as UserId, or password, or AccountId, etc . . . ).
  • the problem is to manage a set of keys that can open doors with the following concerns:
  • An object of the present invention is to safely and securely record multiple keys, each Key comprising one or a plurality of fields, each Key being used to have access to one or a plurality of controlled computing resources.
  • Another object of the invention is to exchange in a user-friendly way, one or a plurality of fields constituting a Key with a computing resource.
  • Another object of the invention is to exchange in a user friendly way, one or a plurality of fields constituting a Key with a computing resource by means of a “copy-and-multiple-paste” operation (by clicking the pointing device each time it overlays on of the target entry fields).
  • Another object of the invention is to exchange in a user-friendly way, one or a plurality of fields constituting a Key with a computing resource, by dynamically updating the pointing device according to the currently exchanged field.
  • Another object of the invention is to exchange in a user friendly way, one or a plurality of fields constituting a Key with a computing resource, by selectively navigating within the set of fields constituting the Key (by scrolling among the set of fields).
  • Another object of the invention is to manage Keys using means for creating, updating or deleting keys.
  • Another object of the invention is to avoid any modification of computing resources (applications running on the computer system).
  • the present invention is directed to a method and system for easily and securely managing multiple keys on a computer, each key being used to access one or a plurality of computing resources.
  • the method comprises the steps of receiving a command for selecting a key among one or plurality of keys, each key comprising one or a plurality of key fields; receiving a command for activating a computing resource corresponding to the selected key in order to have access to said computing resource; retrieving and displaying on a computer screen, the one or plurality of key fields associated with the selected key; displaying on the computer screen one or a plurality of input fields, each input field being used to enter the content of an appropriate key field associated with the key selected to access the activated computing resource; passing, in response to an action of a pointing device on a displayed key field, the content of the key field in an appropriate input field of the activated computing resource; and having access to the activated computing resource when all key fields of the selected key have been passed to the appropriate input fields.
  • FIG. 1 shows the different components of the KeyRing application according to the present invention.
  • FIG. 2 shows the KeyRing table according to the present invention.
  • FIG. 3A shows the dialog box displayed on the computer screen when the user decides to launch the KeyRing application for the creation of a new KeyRing File or for the opening or saving of an existing KeyRing File according to the present invention.
  • FIG. 3B shows the dialog box displayed on the computer screen in order to retrieve the secret private Key under which all the information recorded in the KeyRing File will be encrypted according to the present invention.
  • FIG. 3C shows when the secrete private Key has been successfully specified, the dialog box displayed on the computer screen according to the present invention, with the Key labeled as “Delphion” in the list box.
  • FIG. 3D shows the dialog box displayed on the computer screen aimed to assist the user to update the current definition of the fields constituting the selected Key according to the present invention.
  • FIG. 3E shows the pop-up window displayed on the computer screen listing the different Keys defined within the current KeyRing File according to the present invention.
  • FIG. 3F shows the screen corresponding to the step where the user has already dropped the first field “Jean-Luc” onto the first input area aimed to host a first name according to the present invention.
  • FIG. 3G shows the screen corresponding to the step where the user has dropped the second field “COLLET” onto the second input area aimed to host a last name according to the present invention.
  • FIG. 4A shows an example of execution according to the present invention with a Key comprising two fields.
  • FIG. 4B shows the same screen as in FIG. 4A after pasting the first value according to the present invention.
  • FIG. 5 is a flow chart of the method of passing Keys according to the present invention.
  • the present invention is based on a virtual “KeyRing” which allows:
  • this association may be a 1-to-N association as a given Key may give access to multiple DataSets).
  • any Key comprises up to 8 different fields, but no more. This limitation does not limit the scope of the present invention, as any alternate implementation with more than 8 fields per Key would be a straightforward extension of the preferred embodiment.
  • the core of the present invention is the concept of a KeyRing File, which is used to record multiple Keys associated with DataSets. This file is ciphered as it records very sensitive information, and it can only be accessed by means of relevant KeyRing processes through dedicated interfaces. This overall solution concept is further described in the following FIG. 1 , which positions the different components comprising the KeyRing application 100 .
  • the KeyRing User Interface Manager 101 is the process interfacing the user for interacting with the other components of the KeyRing solution. In the preferred embodiment of the present invention, this KeyRing User Interface Manager complies with the GUI standards as defined in the Microsoft Windows environment.
  • the Key Update Manager 102 is the component in charge of managing any update in the definition of the Keys as recorded within the current KeyRing File. This component interacts on one hand with the KeyRing User Interface Manager 101 for interfacing with the user, and on the other hand, with the KeyRing File Access Manager 105 for read & write operations onto the KeyRing File 106 .
  • the KeyRing File Manager 103 is the component in charge of managing the creation and the use of the KeyRing Files 106 . This component interacts on one hand with the KeyRing User Interface Manager 101 for interfacing with the user, and on the other hand with the KeyRing File Access Manager 105 for read & write operations onto the KeyRing File 106 .
  • the KeyRing Manager 104 is the component in charge of passing Key fields to selected DataSets. This component interacts on one hand with the KeyRing User Interface Manager 101 for interacting with the user, and on the other hand with the KeyRing File Access Manager 105 for read operations onto the KeyRing File 106 .
  • the KeyRing File Access Manager 105 is the component in charge of accessing the KeyRing File 106 , as required by the above components: Key Update Manager 102 , or KeyRing File Manager 103 , or KeyRing Manager 104 .
  • the KeyRing File Access Manager 105 interacts directly with the KeyRing File 106 , either for file read operation, or for file write operation, or for file creation operation, or for file load operation, or for file save operation.
  • the KeyRing File 106 is encrypted through an AES (Advanced Encryption Standard) based algorithm
  • the KeyRing File Access Manager 105 is in charge of the file corresponding encryption and decryption operations.
  • the KeyRing File 106 is the repository where Keys are recorded. KeyRing Files 106 are created under the control of the KeyRing File Manager 103 , whereas the KeyRing File records corresponding to individual Keys are managed under the control of the Key Update Manager 102 . Finally Key fields, as recorded in the KeyRing File 106 , are passed to the DataSets under the control of the KeyRing Manager 104 . These three components 102 , 103 and 104 use the services of the KeyRing File Access Manager 105 for interacting with the KeyRing File 106 .
  • the structure of the KeyRing File 106 is depicted in FIG. 2 .
  • This file is structured as a two dimension KeyRing Table 200 (KRT for short) comprising one or a plurality of records 220 , each record 220 corresponding to a given Key, and comprising the following elements: the “Path Process Owner” element 201 , the “Label” element 202 , and the “Field1 to Field4” elements 203 to 206 .
  • the “Path Process Owner” element 201 specifies the name of the DataSet associated with the Key. For the cases where the DataSet corresponds to an executable application, then this element 201 is the path of this application (for instance “c ⁇ program files ⁇ Notes ⁇ Notes.exe”).
  • this element 201 is the URL identifying the DataSet (for instance “www.delphimcom”).
  • the “Label” element 202 allows the user to define a nickname for the DataSet associated with the Key.
  • Each Field element is comprised of 3 sub-fields:
  • the sub-field “Name” 230 which comprises the nickname associated with the Key (value displayed together with the mouse cursor).
  • the sub-field “Key” 231 which comprises the value of the Key field to be pasted on the Dataset entry field.
  • the sub-field “P” 232 which indicates whether the value is protected “1” or not “0”. If the value is protected, then the value can/must only be pasted in a protected field.
  • the KeyRing generic process starts when the user decides to launch the KeyRing application. This leads to invoke the KeyRing User Interface Manager 101 , which displays on the computer screen the dialog box corresponding to figure FIG. 3A .
  • This dialog box window comprises the following objects: A menu bar with an icon 301 invoking the KeyRing File Manager 103 for the creation of a new KeyRing File 106 , an icon 302 invoking the KeyRing File Manager 103 for opening of an existing KeyRing File 106 , an icon 303 invoking the KeyRing File Manager 103 for saving of the currently opened KeyRing File 106 , an icon 304 invoking the KeyRing File Manager 103 for saving of the current KeyRing File 106 under a new name (“Save As” operation), an icon 305 invoking KeyRing options, and an icon 306 invoking an on-line Help tool.
  • the dialog box also comprises an information field 307 where the user can find hints and tips for using the KeyRing system, and 1A gold Key Icon 308 that the user must drag for passing the fields of the current Key to the target DataSet, under the control of the KeyRing Manager 104 .
  • 1A list box 309 where the user can select one of the Keys defined as part of the current KeyRing File 106 .
  • a push-button “Edit Key” 310 invoking, when clicked, the Key Update Manager 102 for changing the definition of the existing key whose “Label” element 202 appears in the list box 309 .
  • 1A push-button “Remove Key” 311 invoking, when clicked, the Key Update Manager 102 for deleting in the current KRT 200 , the existing key whose “Label” element 202 appears in the list box 309 .
  • a check box 313 used to specify if the KeyRing dialog box 300 must be kept or not in the foreground of the window display.
  • This operation is triggered by clicking with the pointing device (e.g. the mouse) on the second icon 302 on the left side of the menu available on the top of the KeyRing user interface dialog box as shown on FIG. 3A .
  • This allows an existing KeyRing File 106 to open through conventional file system navigation windows.
  • the user can also create a new KeyRing File 106 by clicking on the left most icon 301 on the menu bar available on the top of the KeyRing user interface dialog box.
  • the KeyRing File Manager 103 takes control for calling first the KeyRing File Access Manager 105 in order to open an existing or create a new KeyRing File 106 , and second the KeyRing User Interface Manager 101 for displaying the dialog box shown in FIG.
  • this operation is triggered by clicking on the icon 310 , and invokes the Key Update Manager 102 .
  • This dialog box 320 includes several means (entry fields, push-buttons, list box, etc . . . ) which will not be further detailed here as their usage is obvious to a person used to deal with windows based computer systems.
  • the KRT 200 table recorded in the current KeyRing File 106 , will be updated by reflecting the new definition in the record 220 corresponding to the selected Key.
  • This operation is triggered by clicking on the icon 312 , and invokes the Key Update Manager 102 .
  • This dialog box 320 includes several means (entry fields, push-buttons, list box, etc . . . ).
  • the Nickname field 321 is the name associated with the Key. This nickname is displayed on the mouse cursor indicating the type of value to be pasted.
  • the Key field 322 is the value to be pasted.
  • the Checkbox 323 indicates, if checked, that the value specified in the Key field 322 is protected and may be not be pasted in an unprotected field for security reason.
  • buttons Up 326 and Down 327 allow the user to reorder if necessary the couple nickname/key.
  • the KRT 200 table recorded in the current KeyRing File 106 , will be updated by introducing a new record 220 corresponding to the new Key definition.
  • this operation is triggered by clicking on the icon 311 , and invokes the Key Update Manager 102 .
  • a combined mouse and keyboard short cut is defined to activate the KeyRing application 100 .
  • the KeyRing application 100 gets active, so that the KeyRing User Interface Manager 101 displays a pop-up windows listing the different Keys defined within the current KeyRing File 106 . This is illustrated in the FIG. 3E where the active application is a web browser represented by the window 330 .
  • the (F12+Right mouse button) short cut is hit, the pop-up window 331 is displayed, and the user can for instance select the Key 332 identified by the label “JLC Identity Infos”.
  • the user can very easily pass the different fields defined as part of the selected Key to the target DataSet. This is performed by first clicking on the selected Key 332 with the left button of the pointing device, and without releasing this left button, dropping one after the other each field of the Key by clicking the right button of the pointing device onto the destination input area.
  • the mouse icon takes a different form to indicate to the user the current stage of the key field dropping process. This operation is illustrated in FIG. 3F and FIG. 3G , where the form of the mouse icon shows how many remaining fields are still to be passed to the target DataSet.
  • the first FIG. 3F corresponds to the step where the user has already dropped the first field “Jean-Luc” onto the first input area 333 aimed to host a first name.
  • the mouse icon 334 takes the form of a triple Key, meaning that there are still three remaining fields not yet passed from the Key.
  • FIG. 3G corresponds to the step where the user has dropped the second field “COLLET” onto the second input area 335 aimed to host a last name.
  • the mouse icon 336 takes the form of a double Key, meaning that there are still two remaining fields not yet passed from the key.
  • the last two Key fields are then dropped similarly onto the last two entry areas 337 and 338 .
  • FIGS. 4A and 4B show a sample execution with a Key of 2 fields, and where the mouse icon form is changed in order to display a short text specifying the nature of the current Key field.
  • a prompt is displayed 400 to logon the “Delphion” server, mouse pointer 410 display the nickname associated with the value which is pasted when the mouse key is pressed (in our case “logon”).
  • FIG. 4B shows the same screen after pasting the first value.
  • the logon which is a non protected value is displayed in User Name field 470 , while the nickname associated to the next value is displayed with the mouse cursor 480 (In our case “password”)
  • FIG. 5 illustrates the method according to the present invention, for passing the plurality of fields associated to a Key, onto the plurality of input areas associated with a DataSet.
  • the method starts by launching the KeyRing application, typically as the result of a user trigger such as hitting altogether the F12 keyboard key and the right mouse button.
  • the pop up window 331 is displayed, showing all the different Keys defined within the KeyRing table 200 .
  • the user selects a Key by using conventional means, such as the click with the left mouse button on one entry within the pop-up window 331 .
  • the KeyRing table 200 is accessed for retrieving the attributes of the Key selected at the previous step, including the number of associated fields.
  • the local variable “current field” is set equal to the first field of the selected Key. Furthermore the mouse pointer form is updated to reflect the stage of the process. In a preferred embodiment of the present invention, this icon takes a form specifying the number of remaining fields to be passed (see 334 on FIG. 3F and 336 on FIG. 3G ).
  • the KeyRing application waits for a user event specifying that the “current field” must be passed to the DataSet. In a preferred embodiment of the present invention, this event corresponds to the click on the right mouse button, while the left mouse button remained pressed.
  • a user event is detected for passing the “current field” of the selected Key.
  • the KeyRing passes the “current field” onto the DataSet input area pointed by the mouse pointer.
  • a test is performed to check if the “current field” corresponds to the last field of the selected Key, as recorded in the KeyRing table 200 . If it is the case, then control is given to step 510 ; otherwise control is given to step 512 .
  • step 510 the pop-up window 331 is closed.
  • step 511 the KeyRing applications ends.
  • step 512 the “current field” local variable is set equal to the next field associated to the selected Key, as recorded in the KeyRing table 200 . Then control is given to step 506 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Computer Interaction (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Artificial Intelligence (AREA)
  • Multimedia (AREA)
  • Health & Medical Sciences (AREA)
  • Technology Law (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The present invention is directed to a system, method and computer program for easily and securely managing multiple keys on a computer, each key being used to access one or a plurality of computing resources. The method comprises the steps of receiving a command for selecting a key among one or plurality of keys, each key comprising one or a plurality of key fields; receiving a command for activating a computing resource corresponding to the selected key in order to have access to the computing resource; retrieving and displaying on a computer screen, the one or plurality of key fields associated with the selected key; displaying on the computer screen one or a plurality of input fields, each input field being used to enter the content of an appropriate key field associated with the key selected to access the activated computing resource; passing, in response to an action of a pointing device on a displayed key field, the content of the key field in an appropriate input field of the activated computing resource; and having access to the activated computing resource when all key fields of the selected key have been passed to the appropriate input fields.

Description

    CROSS REFERENCE TO RELATED APPLICATION
  • This application is a continuation of U.S. patent application Ser. No. 11/451,678, filed Jun. 13, 2006 the entire content and disclosure of which is hereby incorporated herein by reference.
    • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention is directed to security in the field of data processing, and in particular to a method, system and computer program for easily and securely managing multiple keys used to have access to one or a plurality of computing resources.
  • 2. Background Art
  • To reach sensible pieces of information, users must first be authorized to have access to the applications, web pages, or databases containing this sensible information. In fact, sensible information can be in any kind of information repository, application or computing resource. Such information repositories or computing resources, regardless of their nature and implementation, will be referred to herein as “DataSets”. The access to a DataSet is usually protected to avoid unauthorized users to retrieve information that they are not allowed to reach. The protection of information and the control of its access are typically achieved by means of user identifiers (UserId) and passwords. In some cases, the protection and control means are not limited to UserId and password, and may also comprise other fields like an account identifier (AccountId), or a server identifier (ServerId), etc . . . All these pieces of information required to get access to a given DataSet will be referred to herein as the “Key”, regardless of the number of individual fields (such as UserId, or password, or AccountId, etc . . . ).
  • The number of Keys that typical users must own (either for business or personal needs) is such that the observance by these users of the password management policies (like the rules password must comply with, or the frequency for updating password) lacks efficiency, safety and friendliness. Indeed all users have to record one way or the other, multiple Keys. The record of these Keys rends them either unsecured or difficult to locate. Typical examples of this situation are:
  • To record all the Keys on a piece of paper. This turns the Key update into a poorly convenient task. This requires that this piece of paper is always available, and this is by far unsafe, as Keys are obviously not ciphered when they are hand written on a piece of paper.
  • To record all the Keys within a text file recorded on the computer from where the DataSet are accessed. Key updates are becoming less cumbersome as they consist in editing the file, and the availability of the Keys is ensured. Nevertheless this creates a security breach as an individual getting access to the computer where the file is recorded would automatically get access to all the Keys this file records.
  • To record all the Keys within a DataSet, the access of which is controlled by a Key. This solves to some extent the risk issue described above, but creates a “chicken and egg” situation because the access to the Keys requires a Key.
  • Furthermore, assuming that the user accepts to afford the above limitations and deficiencies, once a Key has been accessed, it must then be properly specified by the user to the target DataSet. This is a task prone to error as the elements constituting the Key must be specified in the right fields (do not swap the UserId and the AccountId for instance), and must be entered without spelling error (everybody has already once given a password with the Caps Lock key on . . . ). If the maximum number of retries for specifying the Key is reached, then the access can simply be lost, potentially putting the user in a tricky situation if the access to the DataSet is required for instance for critical business needs.
  • Put in other words, the problem is to manage a set of keys that can open doors with the following concerns:
  • Which is the right key for opening this door?
  • How to use this key for opening the door?
  • Where did I put the key?
  • Is the key strongly secured?
    • SUMMARY OF THE INVENTION
  • An object of the present invention is to safely and securely record multiple keys, each Key comprising one or a plurality of fields, each Key being used to have access to one or a plurality of controlled computing resources.
  • Another object of the invention is to exchange in a user-friendly way, one or a plurality of fields constituting a Key with a computing resource.
  • Another object of the invention is to exchange in a user friendly way, one or a plurality of fields constituting a Key with a computing resource by means of a “copy-and-multiple-paste” operation (by clicking the pointing device each time it overlays on of the target entry fields).
  • Another object of the invention is to exchange in a user-friendly way, one or a plurality of fields constituting a Key with a computing resource, by dynamically updating the pointing device according to the currently exchanged field.
  • Another object of the invention is to exchange in a user friendly way, one or a plurality of fields constituting a Key with a computing resource, by selectively navigating within the set of fields constituting the Key (by scrolling among the set of fields).
  • Another object of the invention is to manage Keys using means for creating, updating or deleting keys.
  • Another object of the invention is to avoid any modification of computing resources (applications running on the computer system).
  • The present invention is directed to a method and system for easily and securely managing multiple keys on a computer, each key being used to access one or a plurality of computing resources. The method comprises the steps of receiving a command for selecting a key among one or plurality of keys, each key comprising one or a plurality of key fields; receiving a command for activating a computing resource corresponding to the selected key in order to have access to said computing resource; retrieving and displaying on a computer screen, the one or plurality of key fields associated with the selected key; displaying on the computer screen one or a plurality of input fields, each input field being used to enter the content of an appropriate key field associated with the key selected to access the activated computing resource; passing, in response to an action of a pointing device on a displayed key field, the content of the key field in an appropriate input field of the activated computing resource; and having access to the activated computing resource when all key fields of the selected key have been passed to the appropriate input fields.
  • The foregoing, together with other objects, features, and advantages of this invention can be better appreciated with reference to the following specification, claims and drawings.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The novel and inventive features believed characteristics of the invention are set forth in the appended claims. The invention itself, however, as well as a preferred mode of use, further objects and advantages thereof, will best be understood by reference to the following detailed description of an illustrative detailed embodiment when read in conjunction with the accompanying drawings, wherein:
  • FIG. 1 shows the different components of the KeyRing application according to the present invention.
  • FIG. 2 shows the KeyRing table according to the present invention.
  • FIG. 3A shows the dialog box displayed on the computer screen when the user decides to launch the KeyRing application for the creation of a new KeyRing File or for the opening or saving of an existing KeyRing File according to the present invention.
  • FIG. 3B shows the dialog box displayed on the computer screen in order to retrieve the secret private Key under which all the information recorded in the KeyRing File will be encrypted according to the present invention.
  • FIG. 3C shows when the secrete private Key has been successfully specified, the dialog box displayed on the computer screen according to the present invention, with the Key labeled as “Delphion” in the list box.
  • FIG. 3D shows the dialog box displayed on the computer screen aimed to assist the user to update the current definition of the fields constituting the selected Key according to the present invention.
  • FIG. 3E shows the pop-up window displayed on the computer screen listing the different Keys defined within the current KeyRing File according to the present invention.
  • FIG. 3F shows the screen corresponding to the step where the user has already dropped the first field “Jean-Luc” onto the first input area aimed to host a first name according to the present invention.
  • FIG. 3G shows the screen corresponding to the step where the user has dropped the second field “COLLET” onto the second input area aimed to host a last name according to the present invention.
  • FIG. 4A shows an example of execution according to the present invention with a Key comprising two fields.
  • FIG. 4B shows the same screen as in FIG. 4A after pasting the first value according to the present invention.
  • FIG. 5 is a flow chart of the method of passing Keys according to the present invention,
    •  PREFERRED EMBODIMENT OF THE INVENTION
  • The following description is presented to enable one of ordinary skill in the art to make and use the invention and is provided in the context of a patent application and its requirements. Various modifications to the preferred embodiment and the generic principles and features described herein will be readily apparent to those skilled in the art. Thus, the present invention is not intended to be limited to the embodiment shown but is to be accorded the widest scope consistent with the principles and features described herein.
  • The present invention is based on a virtual “KeyRing” which allows:
  • To safely and securely record multiple Keys.
  • To easily manage Keys (creation/change/deletion of Keys).
  • To establish an association between a DataSet and a Key (this association may be a 1-to-N association as a given Key may give access to multiple DataSets).
  • To easily and error free pass the Key from the KeyRing to the DataSet.
  • To define a Key as a set of individual fields.
  • To identify, and potentially select, each field of a Key through a dynamic display of the pointing device icon, when passed to the DataSet
  • The solution described hereafter is considered as a preferred embodiment of the present invention. This preferred solution relies on the Microsoft Windows operating system family.
  • In the preferred embodiment of the present invention described herein, it will assumed that any Key comprises up to 8 different fields, but no more. This limitation does not limit the scope of the present invention, as any alternate implementation with more than 8 fields per Key would be a straightforward extension of the preferred embodiment.
    • KeyRing Application
  • The core of the present invention is the concept of a KeyRing File, which is used to record multiple Keys associated with DataSets. This file is ciphered as it records very sensitive information, and it can only be accessed by means of relevant KeyRing processes through dedicated interfaces. This overall solution concept is further described in the following FIG. 1, which positions the different components comprising the KeyRing application 100.
  • The KeyRing User Interface Manager 101 is the process interfacing the user for interacting with the other components of the KeyRing solution. In the preferred embodiment of the present invention, this KeyRing User Interface Manager complies with the GUI standards as defined in the Microsoft Windows environment. The Key Update Manager 102 is the component in charge of managing any update in the definition of the Keys as recorded within the current KeyRing File. This component interacts on one hand with the KeyRing User Interface Manager 101 for interfacing with the user, and on the other hand, with the KeyRing File Access Manager 105 for read & write operations onto the KeyRing File 106.
  • The KeyRing File Manager 103 is the component in charge of managing the creation and the use of the KeyRing Files 106. This component interacts on one hand with the KeyRing User Interface Manager 101 for interfacing with the user, and on the other hand with the KeyRing File Access Manager 105 for read & write operations onto the KeyRing File 106. The KeyRing Manager 104 is the component in charge of passing Key fields to selected DataSets. This component interacts on one hand with the KeyRing User Interface Manager 101 for interacting with the user, and on the other hand with the KeyRing File Access Manager 105 for read operations onto the KeyRing File 106. The KeyRing File Access Manager 105 is the component in charge of accessing the KeyRing File 106, as required by the above components: Key Update Manager 102, or KeyRing File Manager 103, or KeyRing Manager 104. The KeyRing File Access Manager 105 interacts directly with the KeyRing File 106, either for file read operation, or for file write operation, or for file creation operation, or for file load operation, or for file save operation. As the KeyRing File 106 is encrypted through an AES (Advanced Encryption Standard) based algorithm, the KeyRing File Access Manager 105 is in charge of the file corresponding encryption and decryption operations.
  • The KeyRing File 106 is the repository where Keys are recorded. KeyRing Files 106 are created under the control of the KeyRing File Manager 103, whereas the KeyRing File records corresponding to individual Keys are managed under the control of the Key Update Manager 102. Finally Key fields, as recorded in the KeyRing File 106, are passed to the DataSets under the control of the KeyRing Manager 104. These three components 102, 103 and 104 use the services of the KeyRing File Access Manager 105 for interacting with the KeyRing File 106.
    • KeyRing Table
  • The structure of the KeyRing File 106 is depicted in FIG. 2. This file is structured as a two dimension KeyRing Table 200 (KRT for short) comprising one or a plurality of records 220, each record 220 corresponding to a given Key, and comprising the following elements: the “Path Process Owner” element 201, the “Label” element 202, and the “Field1 to Field4” elements 203 to 206. The “Path Process Owner” element 201 specifies the name of the DataSet associated with the Key. For the cases where the DataSet corresponds to an executable application, then this element 201 is the path of this application (for instance “c\program files\Notes\Notes.exe”). For the cases where the DataSet is reached through a Web browser, then this element 201 is the URL identifying the DataSet (for instance “www.delphimcom”). The “Label” element 202, allows the user to define a nickname for the DataSet associated with the Key.
  • The “Field1” to “Field4” elements 203 to 206 are used to record each field constituting the Key defined by the record 220. Each Field element is comprised of 3 sub-fields:
  • The sub-field “Name” 230 which comprises the nickname associated with the Key (value displayed together with the mouse cursor).
  • The sub-field “Key” 231 which comprises the value of the Key field to be pasted on the Dataset entry field.
  • The sub-field “P” 232 which indicates whether the value is protected “1” or not “0”. If the value is protected, then the value can/must only be pasted in a protected field.
    • Generic Process Workflow
  • The following description gives flow is an example of one possible scenario illustrating the different operations available with the KeyRing solution, according to a preferred embodiment of the present invention.
    • Launching the KeyRing
  • The KeyRing generic process starts when the user decides to launch the KeyRing application. This leads to invoke the KeyRing User Interface Manager 101, which displays on the computer screen the dialog box corresponding to figure FIG. 3A. This dialog box window comprises the following objects: A menu bar with an icon 301 invoking the KeyRing File Manager 103 for the creation of a new KeyRing File 106, an icon 302 invoking the KeyRing File Manager 103 for opening of an existing KeyRing File 106, an icon 303 invoking the KeyRing File Manager 103 for saving of the currently opened KeyRing File 106, an icon 304 invoking the KeyRing File Manager 103 for saving of the current KeyRing File 106 under a new name (“Save As” operation), an icon 305 invoking KeyRing options, and an icon 306 invoking an on-line Help tool.
  • The dialog box also comprises an information field 307 where the user can find hints and tips for using the KeyRing system, and 1A gold Key Icon 308 that the user must drag for passing the fields of the current Key to the target DataSet, under the control of the KeyRing Manager 104. 1A list box 309 where the user can select one of the Keys defined as part of the current KeyRing File 106. A push-button “Edit Key” 310 invoking, when clicked, the Key Update Manager 102 for changing the definition of the existing key whose “Label” element 202 appears in the list box 309. 1A push-button “Remove Key” 311 invoking, when clicked, the Key Update Manager 102 for deleting in the current KRT 200, the existing key whose “Label” element 202 appears in the list box 309. A push-button “Add Key” 312 invoking, when clicked, the Key Update Manager 102 for introducing a new Key in the current KRT 200 recorded in the KeyRing File 106. A check box 313 used to specify if the KeyRing dialog box 300 must be kept or not in the foreground of the window display.
    • Loading a KeyRing File
  • This operation is triggered by clicking with the pointing device (e.g. the mouse) on the second icon 302 on the left side of the menu available on the top of the KeyRing user interface dialog box as shown on FIG. 3A. This allows an existing KeyRing File 106 to open through conventional file system navigation windows. Alternatively the user can also create a new KeyRing File 106 by clicking on the left most icon 301 on the menu bar available on the top of the KeyRing user interface dialog box. In both cases, the KeyRing File Manager 103 takes control for calling first the KeyRing File Access Manager 105 in order to open an existing or create a new KeyRing File 106, and second the KeyRing User Interface Manager 101 for displaying the dialog box shown in FIG. 3B, in order to retrieve the secret private Key under which will be encrypted all the information recorded in the KeyRing File 106, according to the structure described in the KRT 200. When the secret private Key has been successfully specified, then the current KeyRing File 106 becomes available; with all the Keys it records, so that further KeyRing operations can take place. At this point the KeyRing User interface dialog window takes the form illustrated on FIG. 3C where one can see that a Key labeled as “Delphion” appears in the list box 309 (“Delphion” is a trademark of Thomson Scientific Inc. in certain countries).
    • Editing an Existing Key
  • As previously said, this operation is triggered by clicking on the icon 310, and invokes the Key Update Manager 102. This leads to open another dialog box 320, as illustrated in FIG. 3D, aimed to assist the user to update the current definition of the fields constituting the selected key. This dialog box 320 includes several means (entry fields, push-buttons, list box, etc . . . ) which will not be further detailed here as their usage is obvious to a person used to deal with windows based computer systems. When the user will close the dialog box 320 without canceling any done change, the KRT 200 table, recorded in the current KeyRing File 106, will be updated by reflecting the new definition in the record 220 corresponding to the selected Key.
    • Adding a New Key
  • As previously said, this operation is triggered by clicking on the icon 312, and invokes the Key Update Manager 102. This leads to open a dialog box identical to the dialog box 320, as illustrated in FIG. 3D, but where all the entry fields are left void. This dialog box 320 includes several means (entry fields, push-buttons, list box, etc . . . ). The Nickname field 321 is the name associated with the Key. This nickname is displayed on the mouse cursor indicating the type of value to be pasted. The Key field 322 is the value to be pasted. The Checkbox 323 indicates, if checked, that the value specified in the Key field 322 is protected and may be not be pasted in an unprotected field for security reason. The buttons Up 326 and Down 327 allow the user to reorder if necessary the couple nickname/key. When the user will close the dialog box 320 without canceling the new Key definition, the KRT 200 table, recorded in the current KeyRing File 106, will be updated by introducing a new record 220 corresponding to the new Key definition.
    • Removing an Existing Key
  • As previously said, this operation is triggered by clicking on the icon 311, and invokes the Key Update Manager 102. This leads to update the KRT 200 table, recorded in the current KeyRing File 106, by removing the record 220 corresponding to the selected Key.
    • Passing a Key to a DataSet
  • This operation must be easily performed to allow the user to take full advantage of the present invention. In a preferred embodiment of the present invention, a combined mouse and keyboard short cut is defined to activate the KeyRing application 100. When a given application is active, if the user hits altogether the F12 key and the right mouse button, the KeyRing application 100 gets active, so that the KeyRing User Interface Manager 101 displays a pop-up windows listing the different Keys defined within the current KeyRing File 106. This is illustrated in the FIG. 3E where the active application is a web browser represented by the window 330. When the (F12+Right mouse button) short cut is hit, the pop-up window 331 is displayed, and the user can for instance select the Key 332 identified by the label “JLC Identity Infos”.
  • Then the user can very easily pass the different fields defined as part of the selected Key to the target DataSet. This is performed by first clicking on the selected Key 332 with the left button of the pointing device, and without releasing this left button, dropping one after the other each field of the Key by clicking the right button of the pointing device onto the destination input area. At each step of this operation, the mouse icon takes a different form to indicate to the user the current stage of the key field dropping process. This operation is illustrated in FIG. 3F and FIG. 3G, where the form of the mouse icon shows how many remaining fields are still to be passed to the target DataSet.
  • The first FIG. 3F corresponds to the step where the user has already dropped the first field “Jean-Luc” onto the first input area 333 aimed to host a first name. At this stage the mouse icon 334 takes the form of a triple Key, meaning that there are still three remaining fields not yet passed from the Key.
  • The FIG. 3G corresponds to the step where the user has dropped the second field “COLLET” onto the second input area 335 aimed to host a last name. At this stage the mouse icon 336 takes the form of a double Key, meaning that there are still two remaining fields not yet passed from the key. The last two Key fields are then dropped similarly onto the last two entry areas 337 and 338.
    • Another Example of Execution
  • FIGS. 4A and 4B show a sample execution with a Key of 2 fields, and where the mouse icon form is changed in order to display a short text specifying the nature of the current Key field. In FIG. 4A, a prompt is displayed 400 to logon the “Delphion” server, mouse pointer 410 display the nickname associated with the value which is pasted when the mouse key is pressed (in our case “logon”).
  • FIG. 4B shows the same screen after pasting the first value. The logon which is a non protected value is displayed in User Name field 470, while the nickname associated to the next value is displayed with the mouse cursor 480 (In our case “password”)
    • KeyRing Method
  • FIG. 5 illustrates the method according to the present invention, for passing the plurality of fields associated to a Key, onto the plurality of input areas associated with a DataSet. At step 501, the method starts by launching the KeyRing application, typically as the result of a user trigger such as hitting altogether the F12 keyboard key and the right mouse button. At step 502, the pop up window 331 is displayed, showing all the different Keys defined within the KeyRing table 200. At step 503, the user selects a Key by using conventional means, such as the click with the left mouse button on one entry within the pop-up window 331. At step 504, the KeyRing table 200 is accessed for retrieving the attributes of the Key selected at the previous step, including the number of associated fields. At step 505, the local variable “current field” is set equal to the first field of the selected Key. Furthermore the mouse pointer form is updated to reflect the stage of the process. In a preferred embodiment of the present invention, this icon takes a form specifying the number of remaining fields to be passed (see 334 on FIG. 3F and 336 on FIG. 3G).
  • At step 506, the KeyRing application waits for a user event specifying that the “current field” must be passed to the DataSet. In a preferred embodiment of the present invention, this event corresponds to the click on the right mouse button, while the left mouse button remained pressed. At step 507, a user event is detected for passing the “current field” of the selected Key. At step 508, the KeyRing passes the “current field” onto the DataSet input area pointed by the mouse pointer. At step 509, a test is performed to check if the “current field” corresponds to the last field of the selected Key, as recorded in the KeyRing table 200. If it is the case, then control is given to step 510; otherwise control is given to step 512. At step 510, the pop-up window 331 is closed. At step 511, the KeyRing applications ends. At step 512, the “current field” local variable is set equal to the next field associated to the selected Key, as recorded in the KeyRing table 200. Then control is given to step 506.
  • While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood that various changes in form and detail may be made therein without departing from the spirit, and scope of the invention.

Claims (15)

What is claimed is:
1. A method for securely managing multiple keys on a computer system, each key being used to access one or more computing resources, each of the keys including a plurality of key fields, and each of the key fields having a name and a value, said method comprising:
storing the multiple keys in a key file, each of the keys including a plurality of key fields, including storing the key fields of each of the multiple keys in a key table;
receiving a command from a user to access the key file;
the computer system displaying the key file on a display screen of the computer system, including displaying a list of the multiple keys in the key file;
the user selecting one of the keys in the key file, said one of the keys being used to access an associated one of the computing resources;
displaying the selected key on the display screen, including displaying the key fields of the selected key;
displaying on the display screen a plurality of input fields for receiving the values of the key fields of the selected key;
identifying on the display screen each of the input fields with one of the names of the key fields of the selected key;
the user interacting with the display of the selected key and the display of the plurality of input fields, using a graphical user interface, to pass the value of each of the key fields of said selected key, one value at a time, from the key table to said input fields, including entering the value for each of the key fields into the input field identified on the display screen with the name of said each key field; and
giving the user access to the associated one of the computing resources when the values of all the key fields of the selected key have been passed to the input fields.
2. The method according to claim 1, wherein the user interacting with the displays on the display screen, comprises:
dragging the value of one of the key fields of the selected key to one of the input fields.
3. The method according to claim 1, wherein the user interacting with the displays on the display screen, comprises:
updating a pointing device icon displayed on the computer screen according to the remaining fields that are still to be passed before the computing resource can be accessed.
4. The method according to claim 1, wherein the user interacting with the displays on the display screen, comprises:
updating a pointing device icon displayed on the computer screen according to the passed key field.
5. The method according to claim 1, wherein the user interacting with the displays on the display screen, comprises:
updating a pointing device icon displayed on the computer screen according to the key fields that have already been passed.
6. The method according to claim 1, wherein the receiving a command from a user, comprises:
displaying on the computer screen one or plurality of the multiple keys.
7. The method according to claim 1, further comprising associating with each key field of a key:
means for identifying the key field;
a content to paste in an input field; and
an indication specifying that the content to paste must only be pasted in a protected input field, each input field of a computing resource being defined as either protected or unprotected, the content pasted in a protected input field being hidden from the user.
8. The method according to claim 1, further comprising:
recording one or a plurality of the multiple keys in a key ring file.
9. The method according to claim 1, further comprising associating with each key;
means for identifying and reaching one or a plurality of computing resources.
10. The method according to claim 1, further comprising:
retrieving a secret private key under which information recorded in the key file is encrypted; and
encrypting and decrypting said key file using said secrete private key.
11. The method according to claim 1, wherein the steps of the method are transparent for said one or more computing resources.
12. A system for securely managing multiple keys on a computer system, each of said keys being used to access one or more computing resources, each of the keys including a plurality of key fields, and each of the fey fields having a name and a value, said system comprising:
a storage device on the computer system for storing the multiple keys in a key file, including storing the key fields of each of the multiple keys in a key table;
the computer system receiving a command from a user to access the key file;
the computer system displaying the key file on a display screen of the computer system, including displaying a list of the multiple keys in the key file;
the computer system receiving input from the user selecting one of the keys in the key file, said one of the keys being used to access an associated one of the computing resources;
the computer system displaying on the display screen the selected key, including displaying the key fields of the selected key;
the computer system displaying on the display screen a plurality of input fields for receiving the values of the key fields of the selected key; and identifying on the display screen each of the input fields with one of the names of the key fields of the selected key;
the computer system receiving input from the user, by the user interacting with the display of the listing of said selected key and the display of the plurality of input fields using a graphical user interface, to pass the value of each of the key fields of said selected key, one value at a time, from the key table to said input fields including entering the value for each of the key fields into the input field identified on the display screen with the name of said each key field; and
the computer system giving the user access to the associated one of the computing resources when the values of all the key fields of the selected key have been passed to the input fields.
13. The system according to claim 12, wherein the input from the user includes:
input for dragging one of the key fields of the selected key to one of the input fields.
14. A program storage device including a tangible storage medium readable by machine, tangibly embodying a program of instructions executable by the machine to perform a method for securely managing multiple keys on a computer system, each of said keys being used to access one or more computing resources, each of the keys including a plurality of key fields, and each of the key fields having a name and a value, the method comprising:
storing the multiple keys in a key file, including storing the key fields of each of the multiple keys in a key table;
receiving a command from a user to access the key file;
displaying the key file on a display screen of the computer system, including displaying a list of the multiple keys in the key file;
receiving from the user input for selecting one of the keys in the key file, said one of the keys being used to access an associated one of the computing resources;
displaying on the display screen the selected key, including displaying the key fields of the selected key;
displaying on the display screen a plurality of input fields for receiving the values of the key fields of the selected key;
identifying on the display screen each of the input fields with one of the names of the key fields of the selected key;
receiving input from the user, by the user interacting with the display of the listing of said selected key and the display of the plurality of input fields using a graphical user interface, to pass the value of each of the key fields of said selected key, one value at a time, from the key table to said input fields including entering the value for each of the key fields into the input field identified on the display screen with the name of said each key field; and
giving the user access to the associated one of the computing resources when the values of all the key fields of the selected key have been passed to the input fields.
15. The program storage device according to claim 14, wherein the receiving input from the user, by the user interacting with the display of the listing of said selected key and the display of the plurality of input fields using a graphical user interface, comprises:
receiving input from the user for dragging one of the key fields of the selected key to one of the input fields.
US14/740,881 2005-06-29 2015-06-16 Method and system for easily and securely managing multiple keys used to have access to multiple computing resources Abandoned US20150356067A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/740,881 US20150356067A1 (en) 2005-06-29 2015-06-16 Method and system for easily and securely managing multiple keys used to have access to multiple computing resources

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
EP05300530 2005-06-29
EP05300530.2 2005-06-29
US11/451,678 US9088551B2 (en) 2005-06-29 2006-06-13 Method and system for easily and securely managing multiple keys used to have access to multiple computing resources
US14/740,881 US20150356067A1 (en) 2005-06-29 2015-06-16 Method and system for easily and securely managing multiple keys used to have access to multiple computing resources

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US11/451,678 Continuation US9088551B2 (en) 2005-06-29 2006-06-13 Method and system for easily and securely managing multiple keys used to have access to multiple computing resources

Publications (1)

Publication Number Publication Date
US20150356067A1 true US20150356067A1 (en) 2015-12-10

Family

ID=37591232

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/451,678 Expired - Fee Related US9088551B2 (en) 2005-06-29 2006-06-13 Method and system for easily and securely managing multiple keys used to have access to multiple computing resources
US14/740,881 Abandoned US20150356067A1 (en) 2005-06-29 2015-06-16 Method and system for easily and securely managing multiple keys used to have access to multiple computing resources

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US11/451,678 Expired - Fee Related US9088551B2 (en) 2005-06-29 2006-06-13 Method and system for easily and securely managing multiple keys used to have access to multiple computing resources

Country Status (1)

Country Link
US (2) US9088551B2 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101300843B1 (en) * 2006-11-29 2013-08-29 삼성전자주식회사 Method of generating rekey index and rekey index generator using the same
KR20120124206A (en) * 2011-05-03 2012-11-13 삼성전자주식회사 Apparatus and method for inputting texts in potable terminal
US9460146B2 (en) * 2012-08-01 2016-10-04 Sap Se Component for mass change of data
US9088556B2 (en) 2013-05-10 2015-07-21 Blackberry Limited Methods and devices for detecting unauthorized access to credentials of a credential store
US9384342B2 (en) 2013-05-10 2016-07-05 Blackberry Limited Methods and devices for providing warnings associated with credentials to be stored in a credential store
KR102501245B1 (en) * 2018-02-14 2023-02-17 삼성전자주식회사 Method and electronic device for providing key

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040015786A1 (en) * 2002-07-19 2004-01-22 Pierluigi Pugliese Visual graphical indication of the number of remaining characters in an edit field of an electronic device

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5157763A (en) 1987-10-15 1992-10-20 International Business Machines Corporation Visually assisted method for transfer of data within an application or from a source application to a receiving application
US5874963A (en) * 1993-12-01 1999-02-23 International Business Machines Corporation Method and system for cursor applied processing within a data processing system
US5471612A (en) * 1994-03-03 1995-11-28 Borland International, Inc. Electronic spreadsheet system and methods for compiling a formula stored in a spreadsheet into native machine code for execution by a floating-point unit upon spreadsheet recalculation
US6526512B1 (en) * 1996-05-20 2003-02-25 Ncr Corporation Access key codes for computer resources
US6169976B1 (en) * 1998-07-02 2001-01-02 Encommerce, Inc. Method and apparatus for regulating the use of licensed products
US6643784B1 (en) * 1998-12-14 2003-11-04 Entrust Technologies Limited Password generation method and system
US6651217B1 (en) * 1999-09-01 2003-11-18 Microsoft Corporation System and method for populating forms with previously used data values
US7216292B1 (en) * 1999-09-01 2007-05-08 Microsoft Corporation System and method for populating forms with previously used data values
US6981028B1 (en) * 2000-04-28 2005-12-27 Obongo, Inc. Method and system of implementing recorded data for automating internet interactions
US7000108B1 (en) * 2000-05-02 2006-02-14 International Business Machines Corporation System, apparatus and method for presentation and manipulation of personal information syntax objects
US6981138B2 (en) * 2001-03-26 2005-12-27 Microsoft Corporation Encrypted key cache
US20040205526A1 (en) * 2001-09-28 2004-10-14 Vadim Borodovski Prompted form filling mechanism
US7251635B2 (en) * 2002-02-25 2007-07-31 Schlumberger Omnes, Inc. Method and apparatus for managing a key management system
US7310781B2 (en) 2003-06-05 2007-12-18 International Business Machines Corporation System and method for content and information transfer between program entities
JP2005128996A (en) * 2003-09-30 2005-05-19 Dainippon Printing Co Ltd Information processing apparatus and system, and program
US7266661B2 (en) * 2004-05-27 2007-09-04 Silverbrook Research Pty Ltd Method of storing bit-pattern in plural devices
US7437447B2 (en) * 2004-11-12 2008-10-14 International Business Machines Corporation Method and system for authenticating a requestor without providing a key
US7499970B2 (en) * 2004-11-12 2009-03-03 International Business Machines Corporation Method and system for supervisor partitioning of client resources
US8045714B2 (en) * 2005-02-07 2011-10-25 Microsoft Corporation Systems and methods for managing multiple keys for file encryption and decryption

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040015786A1 (en) * 2002-07-19 2004-01-22 Pierluigi Pugliese Visual graphical indication of the number of remaining characters in an edit field of an electronic device

Also Published As

Publication number Publication date
US20070005975A1 (en) 2007-01-04
US9088551B2 (en) 2015-07-21

Similar Documents

Publication Publication Date Title
US20150356067A1 (en) Method and system for easily and securely managing multiple keys used to have access to multiple computing resources
US8589947B2 (en) Methods, systems, and media for application fault containment
US20230342485A1 (en) Multi-Layer Redaction Policies in Documents Stored Across a Plurality of Repositories
EP2350817B1 (en) Automatic creation and server push of drafts
EP1955129B1 (en) Multiple dashboards
JP4931255B2 (en) Virtualized file system
US7471646B2 (en) System and methods for inline property editing in tree view based editors
US8458770B2 (en) Application context based access control
US20070101291A1 (en) Linked widgets
US20080222513A1 (en) Method and System for Rules-Based Tag Management in a Document Review System
JP2005202966A (en) Method and apparatus for executing multiple file management operations
US20060155670A1 (en) Method for queuing files to be sent to an application
US20180349269A1 (en) Event triggered data retention
US7739298B1 (en) Using a calculation expression to define and control access rights for records in a database
US20070100843A1 (en) System and method for mapping between different information management systems
US11341091B2 (en) Content preservation and policy lock features to provide immutability for regulated compliance
JP2005258886A (en) Authentication program in network storage device
US20070260995A1 (en) Systems and methods for relating data to a task
US20190095511A1 (en) Systems and methods for enabling a file management label to persist on a data file
US20080270347A1 (en) Method and apparatus for facilitating improved navigation through a list
US7660821B2 (en) Data storage system
US9519399B1 (en) Providing a visual indication that stored content is associated with a collaboration environment
JP4000916B2 (en) Data management apparatus and data management program
KR20020060517A (en) Method for Securing Document File Using Process Identification and Hard Disk Identification
WO2012020497A1 (en) Information processing device and information processing program

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BAUCHOT, FREDERIC;COLLET, JEAN-LUC;DROUET, FRANCOIS X.;AND OTHERS;SIGNING DATES FROM 20150515 TO 20150615;REEL/FRAME:035846/0346

AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE EXECUTION DATE OF INVENTOR FREDERIC BAUCHOT PREVIOUSLY RECORDED ON REEL 035846 FRAME 0346. ASSIGNOR(S) HEREBY CONFIRMS THE EXECUTION DATE OF FREDERIC BAUCHOT'S SIGNATURE WAS INCORRECT AS 05/15/2015 IT SHOULD BE 06/15/2015;ASSIGNORS:BAUCHOT, FREDERIC;COLLET, JEAN-LUC;DROUET, FRANCOIS X.;AND OTHERS;REEL/FRAME:036475/0119

Effective date: 20150615

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION