KR101449381B1 - Device for password management - Google Patents
Device for password management Download PDFInfo
- Publication number
- KR101449381B1 KR101449381B1 KR1020140052890A KR20140052890A KR101449381B1 KR 101449381 B1 KR101449381 B1 KR 101449381B1 KR 1020140052890 A KR1020140052890 A KR 1020140052890A KR 20140052890 A KR20140052890 A KR 20140052890A KR 101449381 B1 KR101449381 B1 KR 101449381B1
- Authority
- KR
- South Korea
- Prior art keywords
- password
- information
- user
- management
- management module
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Abstract
The present invention relates to a password management apparatus and method capable of effectively managing passwords of users for a plurality of services provided in a system. By inputting information such as an IP address and a password in various network environments as parameters, And to provide a method and apparatus for effectively supporting functions such as change, last password renewal time inquiry, and registered account list inquiry.
Description
The present invention relates to a structure of a password management apparatus, and more particularly, to a password management apparatus for notifying a user of a password change timing.
The activity of exchanging information through e-mail exchange or portal site through access to many information systems connected to the Internet is an important part of everyday life. Many are also exchanging goods in the form of e-commerce, and much of the banking work that has been done off-line can now be done online through tele-banking or internet banking.
The exchange of information actively on the Internet and the transaction of services and goods are usually done by accessing certain information systems. One of the most commonly used methods to safeguard this connection to the information system is to set each individual One password is used.
A survey of more than 2,500 people from an international information protection company called Webroot in October 2012 found that many people do not pay much attention to password management in using a variety of information systems. This can be a security vulnerability to the various information systems they use. Therefore, organizations that manage valuable information within the information system should have a way to manage passwords effectively.
In order to eliminate such security flaws, Quest Software's Total Privileged Account Management (TPAM) technology has been proposed as a representative technology for representing domestic and foreign companies. The Quest Software's TPAM manages the password of the management object information system, and provides an efficient password management such as a technique of providing a one-time password in real time to a user who desires access, a periodical and temporary update of the password, This is a good example.
TPAM is known as a technology that provides comprehensive password management for over 40 different environments and provides secure and efficient password management for the entire information system with only a single appliance.
However, until now, companies and organizations managing and operating a large number of information systems have not been able to properly manage individual users' passwords. That is, it does not provide services such as recommending the exchange of periodic passwords to the users at the appropriate time, or informing the time when the password is last changed.
In addition, in the present situation in which a plurality of different services (operating system, database management system, network management, etc.) provide cloud service systems and the like, an ID / password pair management There is a problem that the security manager relies only on the manual operation without a dedicated solution.
Accordingly, it is an object of the present invention to provide a password management apparatus that allows service users accessing various service systems providing different services to access a password regardless of the platform of the service system.
It is another object of the present invention to provide a password management apparatus that notifies a user of a password change and a point-in-time, thereby managing a password more securely.
The objects of the present invention are not limited to the above-mentioned objects, and other objects and advantages of the present invention which are not mentioned can be understood by the following description and more clearly understood by the embodiments of the present invention. It is also to be easily understood that the objects and advantages of the present invention can be realized by the means and the combination thereof set forth in the claims.
According to an aspect of the present invention, there is provided a method for providing a service to a user terminal, the method comprising: providing a user connection processing unit for remotely connecting to one of management modules providing different services according to parameters included in a connection request of a user terminal; And a password management unit for performing a password management request of the user transmitted through the user connection processing unit.
The management module includes an operating system password management module, a DBMS password management module, and a network equipment password management module, and uses different platforms.
And a management console unit for providing the password information to the user terminal or checking the status of the changed password information and managing the password update information by the system administrator.
The password management device encapsulates and processes information transmitted and received when the user terminal requests a remote access.
The user terminal can inquire the list of the users registered in the management console unit and the information that the users finally changed the password.
The present invention relates to a statistical information management module for storing user access time and user access request processing history information; And a password information management module for managing password change information and backup information.
The terminal device can confirm the most recent password information assigned for each user through the password information management module.
According to the present invention configured as described above, by shortening the password renewal period, the security of the information system can be increased, and the possibility of password loss can be reduced, so that users can set a password having a high complexity. This reduces the likelihood of user-generated security vulnerabilities outside the system and, as a result, increases the security benefits of using passwords.
In addition, special management of the administrator password, that is, notification and forced update through e-mail when the password is not updated can be performed, so that security weakness due to weak password management is reduced. In addition, users' inconvenience caused by using a password is reduced, so that users can use the system more conveniently and safely. In addition, users can easily access a system providing services based on different platforms and use a password management service.
1 is a system configuration diagram of a password management apparatus according to a preferred embodiment of the present invention;
2 is a flowchart of a password management method according to a preferred embodiment of the present invention.
FIG. 3 is a block diagram illustrating a database and a table definition related algorithm for inquiring a final password change time according to a preferred embodiment of the present invention.
4 is a flowchart illustrating a DBMS event definition related algorithm for returning a final password change according to an exemplary embodiment of the present invention.
The above and other objects, features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings, in which: FIG. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. 1 is a system configuration diagram of a password management apparatus proposed by the present invention.
1, includes a user
The user
The
The management module will be described later. The parameters include identifier information such as the IP address of each management module, system type information of each management module, password management function type information, user account and password information, and the like. The
The
Each of the management modules provides different services and is operated based on different platforms. For example, the operating system
In addition, the
Also, the
The operation of the
First, the user determines a management module to be connected remotely by using the user
As described above, the parameters include a network identifier including information such as an IP address of a management module to be accessed, a system type information of a management module having a different platform, a password management function type information to be performed, ID) and a user password, it is possible to determine a management module to be remotely accessed by using the information.
Accordingly, when a parameter is generated by the
On the other hand, when the user
This is because heterogeneous security policies and connection generation techniques are applied to secure remote connection establishment for each management module. In particular, operating systems such as Linux use encrypted network protocols such as Secure Shell (SSH).
For example, to connect to a Linux-based information system, you need to create a remote connection using SSH. In addition, Microsoft's Windows operating system provides a technology that facilitates the creation of remote connections such as Windows Management Instrumentation (WMI).
When the user
Meanwhile, the password management function requested by the user may include a password change operation, a last password change time inquiry, and a user account inquiry. The password management function will be described in detail. First, the password change job may be requested by the user or the
Also, the last password change time inquiry function and the user account inquiry function can inquire the time when the user changes his password, and also can inquire a series of records such as inquiry and change of his / her ID and password have. At this time, the password is changed, the password change time is inquired, and the related information is always stored every time the user account is inquired.
In the case of information storage, the user is automatically stored in the management module through the operating system
In this case, the
Also, FIG. 4 defines an event triggering to store the last password change time in the user account activity record, but it can be easily extended to other events related to the user account activity. Meanwhile, the present invention provides various services as a password management function.
That is, the password backup and statistics
In addition, to prevent the password from being outdated and the vulnerability to increase, a service for notifying the user of the password change point and forcibly updating (automatically changing) is also provided. In other words, the
As a result, if there is no change history of the password for the user ID for a preset time or even after a lapse of time, the user is prompted to change the password. If the password changing operation is not performed even after the message for recommending the password change is transmitted, the password for the user ID is automatically changed, and the message including the changed password information is transmitted to the user. Message delivery can utilize user's e-mail, text message, etc.
In this manner, the
And the code and code segments constituting the program can be easily deduced by a computer programmer in the field. Furthermore, the created program is stored in a computer-readable recording medium (information storage medium), and is read and executed by a computer to implement the method of the present invention. And the recording medium includes all types of recording media (intangible medium such as a carrier wave as well as tangible media such as CD and DVD) readable by a computer.
While the present invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, But the present invention is not limited thereto.
100: Password management device
110: user connection request unit
115: Parameter generating unit
120: user connection processing unit
125: remote connection creation unit
130: Password management performing unit
132: Operating system password management module
134: DBMS password management module
136: Network equipment password management module
140: password backup and statistics information management unit
142: Password information management module
144: statistical information management module
150:
160: System Administrator
Claims (7)
A password management performing unit for performing a password management request of a user transmitted through the user connection processing unit; And
A system for automatically changing a password for a user ID when a password is not changed even after a message for password change is delivered to the user terminal according to the password management request and for transmitting a message including the changed password information to the user terminal Manager,
Wherein the parameter includes identifier information of the management module, system type information of the management module, password management function type information to be performed, user account (ID), and user password information.
Wherein the management module includes an operating system password management module, a DBMS password management module, and a network equipment password management module.
Further comprising: a management console unit for providing password information to the user terminal or checking status of changed password information and managing password update information by a system administrator.
Wherein the password management device encapsulates and processes information transmitted and received when the user terminal requests remote access.
Wherein the user terminal inquires a list of users registered in the management console unit and inquires information that the users finally changed the password.
A statistical information management module for storing user access time and user connection request processing history information; And a password information management module for managing password change information and backup information.
Wherein the user terminal confirms the most recent password information assigned for each user through the password information management module.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020140052890A KR101449381B1 (en) | 2014-04-30 | 2014-04-30 | Device for password management |
PCT/KR2015/003894 WO2015167152A1 (en) | 2014-04-30 | 2015-04-17 | Device for managing password |
JP2017510283A JP2017521800A (en) | 2014-04-30 | 2015-04-17 | Password management device |
CN201580034623.3A CN106489151A (en) | 2014-04-30 | 2015-04-17 | password management device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020140052890A KR101449381B1 (en) | 2014-04-30 | 2014-04-30 | Device for password management |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101449381B1 true KR101449381B1 (en) | 2014-10-10 |
Family
ID=51997225
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020140052890A KR101449381B1 (en) | 2014-04-30 | 2014-04-30 | Device for password management |
Country Status (4)
Country | Link |
---|---|
JP (1) | JP2017521800A (en) |
KR (1) | KR101449381B1 (en) |
CN (1) | CN106489151A (en) |
WO (1) | WO2015167152A1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP7302412B2 (en) * | 2019-09-27 | 2023-07-04 | コニカミノルタ株式会社 | User authentication system, biometric information server, image forming apparatus and its program |
CN114679368A (en) * | 2022-03-04 | 2022-06-28 | 南方电网数字电网研究院有限公司 | Multi-state type domain control terminal management method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000020469A (en) | 1998-07-02 | 2000-01-21 | Nec Corp | Method and devise for managing password |
KR20020032892A (en) * | 2000-10-27 | 2002-05-04 | 구자홍 | Integrated Management System And Method For User Password Of Multi UNIX Server |
JP2008507865A (en) | 2004-06-29 | 2008-03-13 | アボセント フレモント コーポレイション | System and method for integrating, securing and automating out-of-band access to nodes in a data network |
JP2010049331A (en) | 2008-08-19 | 2010-03-04 | Creationline Inc | Management device, method, and program for network equipment |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000029836A (en) * | 1998-07-13 | 2000-01-28 | Hitachi Ltd | User management system and management method |
US7984487B2 (en) * | 2002-03-18 | 2011-07-19 | Sony Corporation | Information processing system, and information processing apparatus and method |
JP2003330885A (en) * | 2002-05-08 | 2003-11-21 | Nec Corp | System, method, and program for altering directory server password, and password alteration control server |
JP2006185330A (en) * | 2004-12-28 | 2006-07-13 | Kyocera Mita Corp | Password management device, and its management method and management program |
JP4863777B2 (en) * | 2006-06-07 | 2012-01-25 | 富士通株式会社 | Communication processing method and computer system |
JP5824744B2 (en) * | 2011-09-28 | 2015-11-25 | 西日本電信電話株式会社 | Information processing system and information processing method |
-
2014
- 2014-04-30 KR KR1020140052890A patent/KR101449381B1/en active IP Right Grant
-
2015
- 2015-04-17 CN CN201580034623.3A patent/CN106489151A/en active Pending
- 2015-04-17 WO PCT/KR2015/003894 patent/WO2015167152A1/en active Application Filing
- 2015-04-17 JP JP2017510283A patent/JP2017521800A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000020469A (en) | 1998-07-02 | 2000-01-21 | Nec Corp | Method and devise for managing password |
KR20020032892A (en) * | 2000-10-27 | 2002-05-04 | 구자홍 | Integrated Management System And Method For User Password Of Multi UNIX Server |
JP2008507865A (en) | 2004-06-29 | 2008-03-13 | アボセント フレモント コーポレイション | System and method for integrating, securing and automating out-of-band access to nodes in a data network |
JP2010049331A (en) | 2008-08-19 | 2010-03-04 | Creationline Inc | Management device, method, and program for network equipment |
Also Published As
Publication number | Publication date |
---|---|
CN106489151A (en) | 2017-03-08 |
JP2017521800A (en) | 2017-08-03 |
WO2015167152A1 (en) | 2015-11-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
RU2691211C2 (en) | Technologies for providing network security through dynamically allocated accounts | |
JP2020167744A (en) | Federated key management | |
WO2017063524A1 (en) | Method, apparatus and system for generating device identifier | |
US9043456B2 (en) | Identity data management system for high volume production of product-specific identity data | |
US20040128551A1 (en) | Remote feature activation authentication file system | |
US9158910B2 (en) | Password resetting method and electronic device having password resetting function | |
US20160323292A1 (en) | Systems and methods for profiling client devices | |
US20090287936A1 (en) | Managing passwords used when detecting information on configuration items disposed on a network | |
CN101246455A (en) | System and method of storage device data encryption and data access | |
US8973113B1 (en) | Systems and methods for automatically resetting a password | |
CN104615916B (en) | Account management method and device, account authority control method and device | |
CN104717223A (en) | Data access method and device | |
AU2015246089A1 (en) | Remote monitoring system and remote monitoring apparatus | |
CN104391874A (en) | Database password management method and system | |
CN109472130A (en) | Linux cipher management method, middle control machine, readable storage medium storing program for executing | |
CN105100034A (en) | Method and apparatus for an access function in network applications | |
KR101449381B1 (en) | Device for password management | |
CN101923610A (en) | Data protection method and system | |
CN104935608A (en) | Identity authentication method in cloud computing network | |
CN107181589A (en) | A kind of fort machine private key management method and device | |
JP3973563B2 (en) | Login request receiving apparatus, login request receiving method, and program therefor | |
JP2019506660A (en) | Data leak detection system | |
CN107070881B (en) | Key management method, system and user terminal | |
CN111737747A (en) | Database security method, device, equipment and computer storage medium | |
CN104935606A (en) | Terminal login method in cloud computing network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20180104 Year of fee payment: 4 |
|
FPAY | Annual fee payment |
Payment date: 20190514 Year of fee payment: 5 |
|
R401 | Registration of restoration |