CN105247529B - 在目录服务之间同步凭证散列 - Google Patents

在目录服务之间同步凭证散列 Download PDF

Info

Publication number
CN105247529B
CN105247529B CN201480024568.5A CN201480024568A CN105247529B CN 105247529 B CN105247529 B CN 105247529B CN 201480024568 A CN201480024568 A CN 201480024568A CN 105247529 B CN105247529 B CN 105247529B
Authority
CN
China
Prior art keywords
password
agglomerate
hashed
directory service
hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201480024568.5A
Other languages
English (en)
Chinese (zh)
Other versions
CN105247529A (zh
Inventor
J·M·卢克
A·N·戈登
R·N·希克卡玛盖勒
Z·埃尔马基
S·古本克
G·钱德尔
A·索马塞卡莱
M·D·萨塔戈潘
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Technology Licensing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing LLC filed Critical Microsoft Technology Licensing LLC
Publication of CN105247529A publication Critical patent/CN105247529A/zh
Application granted granted Critical
Publication of CN105247529B publication Critical patent/CN105247529B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
CN201480024568.5A 2013-04-30 2014-04-30 在目录服务之间同步凭证散列 Active CN105247529B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US13/873,882 US9282093B2 (en) 2013-04-30 2013-04-30 Synchronizing credential hashes between directory services
US13/873,882 2013-04-30
PCT/US2014/036004 WO2014179386A1 (en) 2013-04-30 2014-04-30 Synchronizing credential hashes between directory services

Publications (2)

Publication Number Publication Date
CN105247529A CN105247529A (zh) 2016-01-13
CN105247529B true CN105247529B (zh) 2018-07-31

Family

ID=50829313

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201480024568.5A Active CN105247529B (zh) 2013-04-30 2014-04-30 在目录服务之间同步凭证散列

Country Status (7)

Country Link
US (3) US9282093B2 (enExample)
EP (1) EP2992473B1 (enExample)
JP (1) JP6446032B2 (enExample)
CN (1) CN105247529B (enExample)
BR (1) BR112015027175B1 (enExample)
RU (1) RU2671045C2 (enExample)
WO (1) WO2014179386A1 (enExample)

Families Citing this family (55)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8707454B1 (en) 2012-07-16 2014-04-22 Wickr Inc. Multi party messaging
US9282093B2 (en) 2013-04-30 2016-03-08 Microsoft Technology Licensing, Llc Synchronizing credential hashes between directory services
US10129260B1 (en) 2013-06-25 2018-11-13 Wickr Inc. Mutual privacy management
US10567349B2 (en) 2013-06-25 2020-02-18 Wickr Inc. Secure time-to-live
US9830089B1 (en) 2013-06-25 2017-11-28 Wickr Inc. Digital data sanitization
US9866591B1 (en) 2013-06-25 2018-01-09 Wickr Inc. Enterprise messaging platform
US10963482B2 (en) 2013-10-04 2021-03-30 Alfresco Software, Inc. Linking of content between installations of a content management system
US10154026B2 (en) * 2013-10-15 2018-12-11 Microsoft Technology Licensing, Llc Secure remote modification of device credentials using device-generated credentials
US10908937B2 (en) 2013-11-11 2021-02-02 Amazon Technologies, Inc. Automatic directory join for virtual machine instances
US10530742B2 (en) 2013-11-11 2020-01-07 Amazon Technologies Inc. Managed directory service
JP6298288B2 (ja) * 2013-12-20 2018-03-20 キヤノン株式会社 情報処理装置、情報処理方法、及びプログラム
US9698976B1 (en) 2014-02-24 2017-07-04 Wickr Inc. Key management and dynamic perfect forward secrecy
US9584530B1 (en) 2014-06-27 2017-02-28 Wickr Inc. In-band identity verification and man-in-the-middle defense
US9654288B1 (en) 2014-12-11 2017-05-16 Wickr Inc. Securing group communications
US9372986B1 (en) 2014-12-16 2016-06-21 International Business Machines Corporation Selective password synchronization
US10509663B1 (en) 2015-02-04 2019-12-17 Amazon Technologies, Inc. Automatic domain join for virtual machine instances
US10291567B2 (en) * 2015-06-01 2019-05-14 ETAS Embedded System Canada Inc. System and method for resetting passwords on electronic devices
CN106656907B (zh) * 2015-10-28 2021-03-02 阿里巴巴集团控股有限公司 用于认证的方法、装置、终端设备及系统
US9590956B1 (en) 2015-12-18 2017-03-07 Wickr Inc. Decentralized authoritative messaging
US10291607B1 (en) * 2016-02-02 2019-05-14 Wickr Inc. Providing real-time events to applications
CN107086907B (zh) 2016-02-15 2020-07-07 阿里巴巴集团控股有限公司 用于量子密钥分发过程的密钥同步、封装传递方法及装置
CN107086908B (zh) 2016-02-15 2021-07-06 阿里巴巴集团控股有限公司 一种量子密钥分发方法及装置
US10902138B2 (en) * 2016-03-30 2021-01-26 PhazrlO Inc. Distributed cloud storage
US9602477B1 (en) 2016-04-14 2017-03-21 Wickr Inc. Secure file transfer
US9591479B1 (en) 2016-04-14 2017-03-07 Wickr Inc. Secure telecommunications
CN107347058B (zh) 2016-05-06 2021-07-23 阿里巴巴集团控股有限公司 数据加密方法、数据解密方法、装置及系统
CN107370546B (zh) 2016-05-11 2020-06-26 阿里巴巴集团控股有限公司 窃听检测方法、数据发送方法、装置及系统
CN107404461B (zh) 2016-05-19 2021-01-26 阿里巴巴集团控股有限公司 数据安全传输方法、客户端及服务端方法、装置及系统
CN107959567B (zh) 2016-10-14 2021-07-27 阿里巴巴集团控股有限公司 数据存储方法、数据获取方法、装置及系统
CN107959656B (zh) 2016-10-14 2021-08-31 阿里巴巴集团控股有限公司 数据安全保障系统及方法、装置
US10164778B2 (en) 2016-12-15 2018-12-25 Alibaba Group Holding Limited Method and system for distributing attestation key and certificate in trusted computing
CN108667608B (zh) 2017-03-28 2021-07-27 阿里巴巴集团控股有限公司 数据密钥的保护方法、装置和系统
CN108667773B (zh) 2017-03-30 2021-03-12 阿里巴巴集团控股有限公司 网络防护系统、方法、装置及服务器
CN108736981A (zh) 2017-04-19 2018-11-02 阿里巴巴集团控股有限公司 一种无线投屏方法、装置及系统
US10986084B1 (en) * 2017-09-22 2021-04-20 Massachusetts Mutual Life Insurance Company Authentication data migration
US10680898B2 (en) * 2018-03-06 2020-06-09 At&T Intellectual Property I, L.P. Mini-cloud deployment system
US10554615B2 (en) * 2018-03-08 2020-02-04 Semperis Directory service state manager
US11023573B2 (en) 2018-04-20 2021-06-01 Microsoft Technology Licensing, Llc Password reset for multi-domain environment
US10757095B1 (en) * 2018-06-07 2020-08-25 Sprint Communications Company L.P. Unix password replication to a set of computers
US10749875B2 (en) 2018-06-28 2020-08-18 Microsoft Technology Licensing, Llc Security configuration lifecycle account protection for minors
GB2575266A (en) * 2018-07-03 2020-01-08 Osirium Ltd A password management system and method for providing access to a password protected device
US11120122B2 (en) * 2018-07-18 2021-09-14 International Business Machines Corporation Augmenting password generation and validation
US12363096B2 (en) 2018-08-16 2025-07-15 Cyberark Software Ltd. Authentication credential with embedded authentication information
US12255889B2 (en) 2018-08-16 2025-03-18 Cyberark Software Ltd. Detecting and preventing unauthorized credential change
US11210387B2 (en) * 2018-08-16 2021-12-28 Cyberark Software Ltd. Detecting and preventing unauthorized credential change
CN109286490A (zh) * 2018-08-27 2019-01-29 西安电子科技大学 支持密态数据去重和完整性验证方法及系统
CN109450620B (zh) 2018-10-12 2020-11-10 创新先进技术有限公司 一种移动终端中共享安全应用的方法及移动终端
CN109150921B (zh) * 2018-11-05 2021-06-29 郑州云海信息技术有限公司 一种多节点集群的登录方法、装置、设备以及存储介质
US11509647B2 (en) * 2019-01-28 2022-11-22 Microsoft Technology Licensing, Llc Determination of weak hashed credentials
CN110247894B (zh) * 2019-05-16 2021-06-18 中国联合网络通信集团有限公司 一种识别伪造handle服务器的方法及装置
US11218472B2 (en) * 2019-07-01 2022-01-04 Steve Rosenblatt Methods and systems to facilitate establishing a connection between an access-seeking device and an access granting device
US11429519B2 (en) 2019-12-23 2022-08-30 Alibaba Group Holding Limited System and method for facilitating reduction of latency and mitigation of write amplification in a multi-tenancy storage drive
CN114172890B (zh) * 2021-11-03 2024-02-27 阿里巴巴(中国)有限公司 文件秒传处理方法、装置、存储介质及电子设备
US12524272B2 (en) 2022-02-09 2026-01-13 International Business Machines Corporation Synchronizing computing resources to proceed with a task
EP4521326A1 (en) * 2023-09-06 2025-03-12 Mastercard International Incorporated Data management in a distributed system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1409835A (zh) * 1999-12-17 2003-04-09 阿克蒂夫卡德公司 对程序或服务应用鉴定数据的信息设备
US20040019786A1 (en) * 2001-12-14 2004-01-29 Zorn Glen W. Lightweight extensible authentication protocol password preprocessing
EP1429228A2 (en) * 2002-12-12 2004-06-16 Sun Microsystems, Inc. Access information synchronization between information domains employing dissimilar protective transformation
US6986038B1 (en) * 2000-07-11 2006-01-10 International Business Machines Corporation Technique for synchronizing security credentials from a master directory, platform, or registry
US20080235772A1 (en) * 2007-03-23 2008-09-25 Sap Ag. Iterated password hash systems and methods for preserving password entropy
US20130080765A1 (en) * 2011-09-26 2013-03-28 Subhashis Mohanty Secure cloud storage and synchronization systems and methods

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH05189288A (ja) * 1992-01-09 1993-07-30 Nec Corp パスワード更新方法
US6240184B1 (en) * 1997-09-05 2001-05-29 Rsa Security Inc. Password synchronization
US6615383B1 (en) * 1998-05-29 2003-09-02 Sun Microsystems, Inc. System and method for message transmission between network nodes connected by parallel links
DE69934207T2 (de) * 1999-03-08 2007-10-25 Software Ag Verfahren zur Zugriffsprüfung eines Anwenders
FR2826825B1 (fr) 2001-06-28 2003-09-26 Cit Alcatel Procede de basculement d'un premier mode de radiocommunication vers un second mode de radiocommunication et terminal mobile multi-mode associe
JP2004110364A (ja) * 2002-09-18 2004-04-08 Hitachi Software Eng Co Ltd ディレクトリサービス相互間におけるユーザアカウントの属性同期方法
US20040117666A1 (en) * 2002-12-12 2004-06-17 Sun Microsystems, Inc. Invalidation facility for synchronizing information domains
US7251732B2 (en) * 2003-06-18 2007-07-31 Microsoft Corporation Password synchronization in a sign-on management system
US20080109889A1 (en) * 2003-07-01 2008-05-08 Andrew Bartels Methods, systems and devices for securing supervisory control and data acquisition (SCADA) communications
JP2005284986A (ja) * 2004-03-30 2005-10-13 Mitsubishi Electric Corp パスワード安全同期管理方法、パスワード安全同期管理プログラム及びパスワード安全同期管理プログラム記録媒体及びパスワード安全同期管理システム
JP3739008B1 (ja) * 2004-06-29 2006-01-25 卓哉 徳永 アカウント管理方法及びシステム
JP4258551B2 (ja) * 2007-01-25 2009-04-30 日本電気株式会社 認証システム、認証方法、及び認証プログラム
US8584221B2 (en) * 2009-10-23 2013-11-12 Microsoft Corporation Authenticating using cloud authentication
US8453224B2 (en) * 2009-10-23 2013-05-28 Novell, Inc. Single sign-on authentication
EP2598984A4 (en) * 2010-07-29 2017-04-19 Nirmal Juthani System and method for generating a strong multi factor personalized server key from a simple user password
JP5751029B2 (ja) * 2011-06-03 2015-07-22 株式会社リコー 認証装置、プログラムおよび記録媒体
US9282093B2 (en) 2013-04-30 2016-03-08 Microsoft Technology Licensing, Llc Synchronizing credential hashes between directory services

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1409835A (zh) * 1999-12-17 2003-04-09 阿克蒂夫卡德公司 对程序或服务应用鉴定数据的信息设备
US6986038B1 (en) * 2000-07-11 2006-01-10 International Business Machines Corporation Technique for synchronizing security credentials from a master directory, platform, or registry
US20040019786A1 (en) * 2001-12-14 2004-01-29 Zorn Glen W. Lightweight extensible authentication protocol password preprocessing
EP1429228A2 (en) * 2002-12-12 2004-06-16 Sun Microsystems, Inc. Access information synchronization between information domains employing dissimilar protective transformation
US20080235772A1 (en) * 2007-03-23 2008-09-25 Sap Ag. Iterated password hash systems and methods for preserving password entropy
US20130080765A1 (en) * 2011-09-26 2013-03-28 Subhashis Mohanty Secure cloud storage and synchronization systems and methods

Also Published As

Publication number Publication date
JP6446032B2 (ja) 2018-12-26
US20140325622A1 (en) 2014-10-30
RU2015146659A (ru) 2017-06-05
BR112015027175B1 (pt) 2022-01-11
BR112015027175A2 (pt) 2017-07-25
WO2014179386A1 (en) 2014-11-06
EP2992473A1 (en) 2016-03-09
BR112015027175A8 (pt) 2019-12-24
US20160301694A1 (en) 2016-10-13
US20170302448A1 (en) 2017-10-19
US9282093B2 (en) 2016-03-08
EP2992473B1 (en) 2021-08-04
CN105247529A (zh) 2016-01-13
US9769170B2 (en) 2017-09-19
JP2016522932A (ja) 2016-08-04
RU2671045C2 (ru) 2018-10-29
US10069630B2 (en) 2018-09-04
RU2015146659A3 (enExample) 2018-03-27

Similar Documents

Publication Publication Date Title
CN105247529B (zh) 在目录服务之间同步凭证散列
US11153290B2 (en) Advanced security protocol for broadcasting and synchronizing shared folders over local area network
JP2021508877A (ja) 高性能分散型記録システム
CN111291043A (zh) 标识值查询方法、标识解析服务器和存储介质
CN112149105A (zh) 数据处理系统、方法、相关设备及存储介质
US20220123950A1 (en) Multi-party cloud authenticator
CN106664302A (zh) 使用信令撤销会话
CN106375323A (zh) 一种多租户模式下kerberos身份认证的方法
US9935940B1 (en) Password security
US11966460B2 (en) Facilitating generation of credentials and verification thereof within a distributed object storage system
Soriente et al. Replicatee: Enabling seamless replication of sgx enclaves in the cloud
US20220417036A1 (en) Identity authority
Cui et al. IoT data management and lineage traceability: A blockchain-based solution
US10742619B1 (en) Secure authentication for a computing environment
CN105637471B (zh) 用于对存储环境进行监测和控制的方法及设备
Huang et al. Blockchain based log system
CN101917438A (zh) 在网络通信系统中访问控制方法和系统
Quan et al. TSHC: trusted scheme for Hadoop cluster
Ramesh et al. Public auditing for shared data with efficient user revocation in the cloud
US12413432B2 (en) Systems and methods for load-balanced chaincode execution and verification in a blockchain network
EP3182675B1 (en) Transmission of data in a distributed data processing computer system
Peiris et al. Vault-a shared distributed and redundant storage solution
Janiuk et al. Secure distributed data structures for peer-to-peer-based social networks
Vardhan et al. A DYNAMIC FILE REPLICATION BASED ON CPU LOAD AND CONSISTENCY MECHANISM IN A TRUSTED DISTRIBUTED ENVIRONMENT.
Usharani Integrity and Privacy through Authentication Key Exchange Protocols for Distributed Systems

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant