What technology area does this patent fall under?

Primary CPC classification H04L63/02. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Password constraint enforcement used in external site authentication

US9300629B1 · US · B1

Patent metadata
Field	Value
Publication number	US-9300629-B1
Application number	US-201313951287-A
Country	US
Kind code	B1
Filing date	Jul 25, 2013
Priority date	May 31, 2013
Publication date	Mar 29, 2016
Grant date	Mar 29, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Techniques for password constraint enforcement used in external site authentication are disclosed. In some embodiments, password constraint enforcement used in external site authentication includes monitoring encrypted network communications between a client and an external site (e.g., a remote server), in which the encrypted network communications are encrypted using a first protocol (e.g., Secure Sockets Layer (SSL) protocol, HTTPS protocol, or another protocol for encrypted network communications); and determining if the client sends a request to create user credentials for an external site authentication. In some embodiments, password constraint enforcement used in external site authentication further includes performing password constraint enforcement used in the external site authentication.

First claim

Opening claim text (preview).

What is claimed is: 1. A system for password constraint enforcement used in external site authentication, comprising: a processor configured to: monitor encrypted network communications between a client of a plurality of clients and an external site, wherein the encrypted network communications are encrypted using a first protocol, comprising: decrypt the monitored encrypted network communications between the client and the external site to implement password constraint enforcement used in the external site authentication; and determine if the client sends a request to create user credentials for an external site authentication, comprising: determine whether the encrypted network communications includes the request received via a network from the client to be forwarded to the external site; and in the event that the encrypted network communications includes the request received via the network from the client, determine whether the request relates to creating a new user account on the external site, the request including a new password associated with the new user account; in the event that the client sends the request to create user credentials for the external site authentication: perform password constraint enforcement used in the external site authentication, wherein the password constraint enforcement includes password complexity constraints for internal users, password complexity constraints for internal users creating authentication credentials on external sites, a policy not to use the same password on a plurality of external sites, a policy not to use a user's enterprise password on an external site, or any combination thereof; and a memory coupled to the processor and configured to provide the processor with instructions. 2. The system recited in claim 1 , wherein the password constraint enforcement is based on a username constraint, a password constraint, or both a username constraint and a password constraint. 3. The system recited in claim 1 , wherein the processor is further configured to: perform an action in response to determining that the client sent the request to create user credentials for the external site authentication. 4. The system recited in claim 1 , wherein the processor is further configured to: intercept a request to establish an encrypted session from the client to the external site; and send a request to establish the encrypted session on behalf of the client to the external site. 5. The system recited in claim 1 , wherein the system is a firewall device, and wherein the processor is further configured to: intercept a request to establish an encrypted session from the client to the external site; send a request to establish the encrypted session on behalf of the client to the external site; and send an encrypted session response to the client on behalf of the external site using a session key associated with the firewall device. 6. The system recited in claim 1 , wherein the system includes a firewall device, and wherein the processor is further configured to: intercept a request to establish an encrypted session from the client to the external site; send a request to establish the encrypted session on behalf of the client to the external site; send an encrypted session response to the client on behalf of the external site using a session key associated with the firewall device; and decrypt encrypted session traffic between the client and the external site to monitor for a request from the client to create a tunnel using the first protocol with the external site. 7. The system recited in claim 1 , wherein the system includes a firewall device, and wherein the processor is further configured to: intercept a request to establish an encrypted session from the client to the external site; send a request to establish the encrypted session on behalf of the client to the external site; send an encrypted session response to the client on behalf of the external site using a session key associated with the firewall device; decrypt encrypted traffic between the client and the external site to monitor for a request from the client to create a tunnel using the first protocol with the external site; allow the request to create the tunnel; and monitor decrypted session traffic between the client and the external site over the tunnel based on one or more firewall policies that includes a policy for password constraint enforcement used in the external site authentication. 8. The system recited in claim 1 , wherein the system includes a firewall device, and wherein the processor is further configured to: intercept a request to establish an encrypted session from the client to the external site; send a request to establish the encrypted session on behalf of the client to the external site; send an encrypted session response to the client on behalf of the external site using a session key associated with the firewall device; decrypt encrypted traffic between the client and the external site to monitor for a request from the client to create a tunnel using the first protocol with the external site; allow the request to create the tunnel; monitor decrypted session traffic between the client and the external site over the tunnel based on one or more firewall policies; and block the session traffic if a violation of a first firewall policy is determined, wherein the first firewall policy includes a policy for password constraint enforcement used in the external site authentication. 9. The system recited in claim 1 , wherein the system includes a firewall device, and wherein the processor is further configured to: intercept a request to establish an encrypted session from the client to the external site; send a request to establish the encrypted session on behalf of the client to the external site; send an encrypted session response to the client on behalf of the external site using a session key associated with the firewall device; decrypt encrypted traffic between the client and the external site to monitor for a request from the client to create a tunnel using the first protocol with the external site; allow the request to create the tunnel; monitor decrypted session traffic between the client and the external site over the tunnel based on one or more firewall policies; and generate an alert if a violation of a first firewall policy is determined, wherein the first firewall policy includes a policy for password constraint enforcement used in the external site authentication. 10. The system recited in claim 1 , wherein the system includes a firewall device, and wherein the processor is further configured to: intercept a request to establish an encrypted session from the client to the external site; send a request to establish the encrypted session on behalf of the client to the external site; send an encrypted session response to the client on behalf of the external site using a session key associated with the firewall device; decrypt encrypted traffic between the client and the external site to monitor for a request from the client to create a tunnel using the first protocol with the external site; allow the request to create the tunnel; monitor decrypted session traffic between the client and the external site over the tunnel based on one or more firewall policies; and block the client from accessing the external site if a violation of a first firewall policy is determined, wherein the first firewall policy includes a policy for password constraint enforcement used in the external site authentication. 11. The system recited in claim 1 , wherein the system includes a firewall device, and wherein the processor is fu

Assignees

Palo Alto Networks Inc

Inventors

Jahr Jeffrey Stephen

Classifications

H04L67/02
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
H04L63/20
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
H04L63/0428
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
H04L63/02Primary
for separating internal from external traffic, e.g. firewalls · CPC title
H04L63/083Primary
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title

Patent family

Related publications grouped by family.

View patent family 55537622

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9300629B1 cover?: Techniques for password constraint enforcement used in external site authentication are disclosed. In some embodiments, password constraint enforcement used in external site authentication includes monitoring encrypted network communications between a client and an external site (e.g., a remote server), in which the encrypted network communications are encrypted using a first protocol (e.g., Se…
Who is the assignee on this patent?: Palo Alto Networks Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/02. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).