KR101449381B1 - Device for password management - Google Patents

Device for password management Download PDF

Info

Publication number
KR101449381B1
KR101449381B1 KR1020140052890A KR20140052890A KR101449381B1 KR 101449381 B1 KR101449381 B1 KR 101449381B1 KR 1020140052890 A KR1020140052890 A KR 1020140052890A KR 20140052890 A KR20140052890 A KR 20140052890A KR 101449381 B1 KR101449381 B1 KR 101449381B1
Authority
KR
South Korea
Prior art keywords
password
information
user
management
management module
Prior art date
Application number
KR1020140052890A
Other languages
Korean (ko)
Inventor
최규상
이윤호
서미숙
박영삼
Original Assignee
영남대학교 산학협력단
(주)에스엠에스
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 영남대학교 산학협력단, (주)에스엠에스 filed Critical 영남대학교 산학협력단
Priority to KR1020140052890A priority Critical patent/KR101449381B1/en
Application granted granted Critical
Publication of KR101449381B1 publication Critical patent/KR101449381B1/en
Priority to PCT/KR2015/003894 priority patent/WO2015167152A1/en
Priority to JP2017510283A priority patent/JP2017521800A/en
Priority to CN201580034623.3A priority patent/CN106489151A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords

Abstract

The present invention relates to a password management apparatus and method capable of effectively managing passwords of users for a plurality of services provided in a system. By inputting information such as an IP address and a password in various network environments as parameters, And to provide a method and apparatus for effectively supporting functions such as change, last password renewal time inquiry, and registered account list inquiry.

Description

[0001] DEVICE FOR PASSWORD MANAGEMENT [

The present invention relates to a structure of a password management apparatus, and more particularly, to a password management apparatus for notifying a user of a password change timing.

The activity of exchanging information through e-mail exchange or portal site through access to many information systems connected to the Internet is an important part of everyday life. Many are also exchanging goods in the form of e-commerce, and much of the banking work that has been done off-line can now be done online through tele-banking or internet banking.

The exchange of information actively on the Internet and the transaction of services and goods are usually done by accessing certain information systems. One of the most commonly used methods to safeguard this connection to the information system is to set each individual One password is used.

A survey of more than 2,500 people from an international information protection company called Webroot in October 2012 found that many people do not pay much attention to password management in using a variety of information systems. This can be a security vulnerability to the various information systems they use. Therefore, organizations that manage valuable information within the information system should have a way to manage passwords effectively.

In order to eliminate such security flaws, Quest Software's Total Privileged Account Management (TPAM) technology has been proposed as a representative technology for representing domestic and foreign companies. The Quest Software's TPAM manages the password of the management object information system, and provides an efficient password management such as a technique of providing a one-time password in real time to a user who desires access, a periodical and temporary update of the password, This is a good example.

TPAM is known as a technology that provides comprehensive password management for over 40 different environments and provides secure and efficient password management for the entire information system with only a single appliance.

However, until now, companies and organizations managing and operating a large number of information systems have not been able to properly manage individual users' passwords. That is, it does not provide services such as recommending the exchange of periodic passwords to the users at the appropriate time, or informing the time when the password is last changed.

In addition, in the present situation in which a plurality of different services (operating system, database management system, network management, etc.) provide cloud service systems and the like, an ID / password pair management There is a problem that the security manager relies only on the manual operation without a dedicated solution.

Korean Patent Publication No. 10-2013-0043061 (April 29, 2013) Korean Patent Publication No. 10-2014-0027603 (Mar. 07, 2014)

Accordingly, it is an object of the present invention to provide a password management apparatus that allows service users accessing various service systems providing different services to access a password regardless of the platform of the service system.

It is another object of the present invention to provide a password management apparatus that notifies a user of a password change and a point-in-time, thereby managing a password more securely.

The objects of the present invention are not limited to the above-mentioned objects, and other objects and advantages of the present invention which are not mentioned can be understood by the following description and more clearly understood by the embodiments of the present invention. It is also to be easily understood that the objects and advantages of the present invention can be realized by the means and the combination thereof set forth in the claims.

According to an aspect of the present invention, there is provided a method for providing a service to a user terminal, the method comprising: providing a user connection processing unit for remotely connecting to one of management modules providing different services according to parameters included in a connection request of a user terminal; And a password management unit for performing a password management request of the user transmitted through the user connection processing unit.

The management module includes an operating system password management module, a DBMS password management module, and a network equipment password management module, and uses different platforms.

And a management console unit for providing the password information to the user terminal or checking the status of the changed password information and managing the password update information by the system administrator.

The password management device encapsulates and processes information transmitted and received when the user terminal requests a remote access.

The user terminal can inquire the list of the users registered in the management console unit and the information that the users finally changed the password.

The present invention relates to a statistical information management module for storing user access time and user access request processing history information; And a password information management module for managing password change information and backup information.

The terminal device can confirm the most recent password information assigned for each user through the password information management module.

According to the present invention configured as described above, by shortening the password renewal period, the security of the information system can be increased, and the possibility of password loss can be reduced, so that users can set a password having a high complexity. This reduces the likelihood of user-generated security vulnerabilities outside the system and, as a result, increases the security benefits of using passwords.

In addition, special management of the administrator password, that is, notification and forced update through e-mail when the password is not updated can be performed, so that security weakness due to weak password management is reduced. In addition, users' inconvenience caused by using a password is reduced, so that users can use the system more conveniently and safely. In addition, users can easily access a system providing services based on different platforms and use a password management service.

1 is a system configuration diagram of a password management apparatus according to a preferred embodiment of the present invention;
2 is a flowchart of a password management method according to a preferred embodiment of the present invention.
FIG. 3 is a block diagram illustrating a database and a table definition related algorithm for inquiring a final password change time according to a preferred embodiment of the present invention.
4 is a flowchart illustrating a DBMS event definition related algorithm for returning a final password change according to an exemplary embodiment of the present invention.

The above and other objects, features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings, in which: FIG. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. 1 is a system configuration diagram of a password management apparatus proposed by the present invention.

1, includes a user connection request unit 110 and a password management apparatus 100 for managing password information according to a user request.

The user connection request unit 110 may be a user terminal connected to the password management apparatus 100 by a user, such as a PC, a portable device, a smart device, or the like. The user connection request unit 110 includes a parameter generation unit 115.

The parameter generating unit 115 provides a function of generating a parameter for connection with the password management apparatus 100, and a management module to be connected through the parameter is determined.

The management module will be described later. The parameters include identifier information such as the IP address of each management module, system type information of each management module, password management function type information, user account and password information, and the like. The password management apparatus 100 may be, for example, a server for managing a password. Hereinafter, the configuration of the password management apparatus 100 will be described in detail.

The password management apparatus 100 includes a password management performing unit 130. The password management performing unit 130 includes an operating system password management module 132, a database management system (DBMS) password management module 134, and a network equipment password management module 136.

Each of the management modules provides different services and is operated based on different platforms. For example, the operating system password management module 132 is based on a platform of Windows Server 2000, Windows Server 2003, Windows Server 2008, and Linux, and the password management module 134 of the database management system is based on Microsoft SQL Server, MySQL and the Oracle database, and the network device password management module 136 is based on a platform such as a Cisco network device (CISCO network device) and a netgear network device (netgear network device).

In addition, the password management apparatus 100 includes a configuration for managing password backup and statistical information. In other words, a password backup and statistical information management unit 140 is composed of a password information management module 142 for storing and backing up passwords, and a statistical information management module 144 for managing statistical information such as connection times.

Also, the password management apparatus 110 includes a management console unit 150 and a system administrator 160. The management console unit 150 stores an event information about the user account activity, and the system manager 160 manages password information. For example, if the user can not remember the password, the password of the user account is provided, the password change status can be identified based on the user account information, and the password can be updated manually.

The operation of the password management apparatus 100 configured as described above will be described with reference to FIG. 2 is a flowchart illustrating a method of managing a password according to the password management apparatus of FIG.

First, the user determines a management module to be connected remotely by using the user connection request unit 110. For this, the user operates the parameter generating unit 115 to generate a parameter for determining the connected management module (s200).

As described above, the parameters include a network identifier including information such as an IP address of a management module to be accessed, a system type information of a management module having a different platform, a password management function type information to be performed, ID) and a user password, it is possible to determine a management module to be remotely accessed by using the information.

Accordingly, when a parameter is generated by the parameter generating unit 115 included in the user connection request unit 110, the parameter is transmitted to the user connection processing unit 120. Then, the remote connection generation unit 125 of the user connection processing unit causes the user terminal to be connected to one of the management modules based on the information included in the parameter.

On the other hand, when the user connection request unit 110 and the password management apparatus 100 are remotely connected, a connection should be made in advance of a secure security policy. To this end, the present embodiment performs a series of operations such as selection of a security policy including a connection method according to an encryption technique supported by each management module, and selection of a port number for information exchange.

This is because heterogeneous security policies and connection generation techniques are applied to secure remote connection establishment for each management module. In particular, operating systems such as Linux use encrypted network protocols such as Secure Shell (SSH).

For example, to connect to a Linux-based information system, you need to create a remote connection using SSH. In addition, Microsoft's Windows operating system provides a technology that facilitates the creation of remote connections such as Windows Management Instrumentation (WMI).

When the user connection request unit 115 and the password management apparatus 100 are connected to each other remotely, the mode information is encapsulated and transmitted. If the management module to be connected is determined by the parameter and the information for remote connection is encapsulated and transmitted, the user can easily access the password management apparatus 100 safely regardless of various platforms designed to support the specific service .

Meanwhile, the password management function requested by the user may include a password change operation, a last password change time inquiry, and a user account inquiry. The password management function will be described in detail. First, the password change job may be requested by the user or the system administrator 160. [ In this case, the changed password information is newly stored / registered.

Also, the last password change time inquiry function and the user account inquiry function can inquire the time when the user changes his password, and also can inquire a series of records such as inquiry and change of his / her ID and password have. At this time, the password is changed, the password change time is inquired, and the related information is always stored every time the user account is inquired.

In the case of information storage, the user is automatically stored in the management module through the operating system password management module 132 and the DBMS password management module 134, respectively (S240). Accordingly, the password change record of the user can be retrieved through the user identification information such as the user ID and the password described in the parameter. However, when an event related to the user account activity is generated by the system administrator 160, the corresponding event is stored in the management console unit 150 in the form of a record store.

In this case, the system manager 160 creates and manages a storage so as to store events related to the user account activity. Such a definition of the user account activity record storage and the database and table definition related algorithms for the last password change time are represented in FIG.

Also, FIG. 4 defines an event triggering to store the last password change time in the user account activity record, but it can be easily extended to other events related to the user account activity. Meanwhile, the present invention provides various services as a password management function.

That is, the password backup and statistics information management unit 140 encrypts the user's password, periodically backs up the password to the password information management module 142, records the user's connection request processing history and the like in the statistical information management module 144, And notifies the system manager 160 of the information. In this case, a password having a high complexity can be used, thereby preventing a password from being easily leaked. If there is a request from the user or the system administrator 160 in case the user does not remember the password, the password management device 100 delivers the password information to the user.

In addition, to prevent the password from being outdated and the vulnerability to increase, a service for notifying the user of the password change point and forcibly updating (automatically changing) is also provided. In other words, the system manager 160 continuously checks the set time information of the stored password to check the change point of the password.

As a result, if there is no change history of the password for the user ID for a preset time or even after a lapse of time, the user is prompted to change the password. If the password changing operation is not performed even after the message for recommending the password change is transmitted, the password for the user ID is automatically changed, and the message including the changed password information is transmitted to the user. Message delivery can utilize user's e-mail, text message, etc.

In this manner, the password management apparatus 100 of the present invention records the details of the password management activity of the user and generates statistical information for the recorded password management activity. The generated statistical information is used as a basis for judging how frequently the user has performed the password change and inquiry function. In addition, it can be seen that the user is forced to update (automatically change) a message to recommend a password change to prevent the user from using the password which is old and having security vulnerability continuously. Meanwhile, the method of the present invention as described above can be written in a computer program.

And the code and code segments constituting the program can be easily deduced by a computer programmer in the field. Furthermore, the created program is stored in a computer-readable recording medium (information storage medium), and is read and executed by a computer to implement the method of the present invention. And the recording medium includes all types of recording media (intangible medium such as a carrier wave as well as tangible media such as CD and DVD) readable by a computer.

While the present invention has been described in connection with what is presently considered to be practical exemplary embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, But the present invention is not limited thereto.

100: Password management device
110: user connection request unit
115: Parameter generating unit
120: user connection processing unit
125: remote connection creation unit
130: Password management performing unit
132: Operating system password management module
134: DBMS password management module
136: Network equipment password management module
140: password backup and statistics information management unit
142: Password information management module
144: statistical information management module
150:
160: System Administrator

Claims (7)

A management module for managing a plurality of management modules based on information included in a parameter generated by a parameter generator configured in a user terminal to provide different services or to determine a connection with each management module using a different platform, A user connection processing unit for remotely accessing the server;
A password management performing unit for performing a password management request of a user transmitted through the user connection processing unit; And
A system for automatically changing a password for a user ID when a password is not changed even after a message for password change is delivered to the user terminal according to the password management request and for transmitting a message including the changed password information to the user terminal Manager,
Wherein the parameter includes identifier information of the management module, system type information of the management module, password management function type information to be performed, user account (ID), and user password information. The method according to claim 1,
Wherein the management module includes an operating system password management module, a DBMS password management module, and a network equipment password management module. The method according to claim 1,
Further comprising: a management console unit for providing password information to the user terminal or checking status of changed password information and managing password update information by a system administrator. The method of claim 3,
Wherein the password management device encapsulates and processes information transmitted and received when the user terminal requests remote access. The method of claim 3,
Wherein the user terminal inquires a list of users registered in the management console unit and inquires information that the users finally changed the password. The method according to claim 1,
A statistical information management module for storing user access time and user connection request processing history information; And a password information management module for managing password change information and backup information. The method according to claim 6,
Wherein the user terminal confirms the most recent password information assigned for each user through the password information management module.
KR1020140052890A 2014-04-30 2014-04-30 Device for password management KR101449381B1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
KR1020140052890A KR101449381B1 (en) 2014-04-30 2014-04-30 Device for password management
PCT/KR2015/003894 WO2015167152A1 (en) 2014-04-30 2015-04-17 Device for managing password
JP2017510283A JP2017521800A (en) 2014-04-30 2015-04-17 Password management device
CN201580034623.3A CN106489151A (en) 2014-04-30 2015-04-17 password management device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020140052890A KR101449381B1 (en) 2014-04-30 2014-04-30 Device for password management

Publications (1)

Publication Number Publication Date
KR101449381B1 true KR101449381B1 (en) 2014-10-10

Family

ID=51997225

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020140052890A KR101449381B1 (en) 2014-04-30 2014-04-30 Device for password management

Country Status (4)

Country Link
JP (1) JP2017521800A (en)
KR (1) KR101449381B1 (en)
CN (1) CN106489151A (en)
WO (1) WO2015167152A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7302412B2 (en) * 2019-09-27 2023-07-04 コニカミノルタ株式会社 User authentication system, biometric information server, image forming apparatus and its program
CN114679368A (en) * 2022-03-04 2022-06-28 南方电网数字电网研究院有限公司 Multi-state type domain control terminal management method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000020469A (en) 1998-07-02 2000-01-21 Nec Corp Method and devise for managing password
KR20020032892A (en) * 2000-10-27 2002-05-04 구자홍 Integrated Management System And Method For User Password Of Multi UNIX Server
JP2008507865A (en) 2004-06-29 2008-03-13 アボセント フレモント コーポレイション System and method for integrating, securing and automating out-of-band access to nodes in a data network
JP2010049331A (en) 2008-08-19 2010-03-04 Creationline Inc Management device, method, and program for network equipment

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000029836A (en) * 1998-07-13 2000-01-28 Hitachi Ltd User management system and management method
US7984487B2 (en) * 2002-03-18 2011-07-19 Sony Corporation Information processing system, and information processing apparatus and method
JP2003330885A (en) * 2002-05-08 2003-11-21 Nec Corp System, method, and program for altering directory server password, and password alteration control server
JP2006185330A (en) * 2004-12-28 2006-07-13 Kyocera Mita Corp Password management device, and its management method and management program
JP4863777B2 (en) * 2006-06-07 2012-01-25 富士通株式会社 Communication processing method and computer system
JP5824744B2 (en) * 2011-09-28 2015-11-25 西日本電信電話株式会社 Information processing system and information processing method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000020469A (en) 1998-07-02 2000-01-21 Nec Corp Method and devise for managing password
KR20020032892A (en) * 2000-10-27 2002-05-04 구자홍 Integrated Management System And Method For User Password Of Multi UNIX Server
JP2008507865A (en) 2004-06-29 2008-03-13 アボセント フレモント コーポレイション System and method for integrating, securing and automating out-of-band access to nodes in a data network
JP2010049331A (en) 2008-08-19 2010-03-04 Creationline Inc Management device, method, and program for network equipment

Also Published As

Publication number Publication date
CN106489151A (en) 2017-03-08
JP2017521800A (en) 2017-08-03
WO2015167152A1 (en) 2015-11-05

Similar Documents

Publication Publication Date Title
RU2691211C2 (en) Technologies for providing network security through dynamically allocated accounts
JP2020167744A (en) Federated key management
WO2017063524A1 (en) Method, apparatus and system for generating device identifier
US9043456B2 (en) Identity data management system for high volume production of product-specific identity data
US20040128551A1 (en) Remote feature activation authentication file system
US9158910B2 (en) Password resetting method and electronic device having password resetting function
US20160323292A1 (en) Systems and methods for profiling client devices
US20090287936A1 (en) Managing passwords used when detecting information on configuration items disposed on a network
CN101246455A (en) System and method of storage device data encryption and data access
US8973113B1 (en) Systems and methods for automatically resetting a password
CN104615916B (en) Account management method and device, account authority control method and device
CN104717223A (en) Data access method and device
AU2015246089A1 (en) Remote monitoring system and remote monitoring apparatus
CN104391874A (en) Database password management method and system
CN109472130A (en) Linux cipher management method, middle control machine, readable storage medium storing program for executing
CN105100034A (en) Method and apparatus for an access function in network applications
KR101449381B1 (en) Device for password management
CN101923610A (en) Data protection method and system
CN104935608A (en) Identity authentication method in cloud computing network
CN107181589A (en) A kind of fort machine private key management method and device
JP3973563B2 (en) Login request receiving apparatus, login request receiving method, and program therefor
JP2019506660A (en) Data leak detection system
CN107070881B (en) Key management method, system and user terminal
CN111737747A (en) Database security method, device, equipment and computer storage medium
CN104935606A (en) Terminal login method in cloud computing network

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20180104

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20190514

Year of fee payment: 5

R401 Registration of restoration