Browse Prior Art Database

Corporate Credentials Agent Disclosure Number: IPCOM000244809D
Publication Date: 2016-Jan-18
Document File: 3 page(s) / 59K

Publishing Venue

The Prior Art Database


A Corporate Credentials Agent is a desktop application that stores and transient copy of your corporate credentials and provides them, on request, to a number of pre-authorized programs and web pages.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 48% of the total text.

Page 01 of 3

Corporate Credentials Agent

Corporate Credentials Management

There are numerous programs or apps running on a device that require your current corporate network credentials to sign into various corporate servers. After a while you can end up with lots of them, which has issues:

A program with an old copy will generate security violations as it tries to use it's old password
Each program will be storing its copy of your password in a different place with, probably, different encryption techniques. There is, potentially, scope for a compare and contrast attack and for exploiting the weakest encryption of all of the programs.

People forget which programs they have authorised - so if a program popped up and said 'expired password, please enter current password' - how many people would give it their current password?

It can take some significant time and effort to locate all of the programs that have a users corporate password in order to update it.

Fundamentally, the problem is that Multiple programs are storing multiple copies of your corporate credentials in different places in the machines persistent storage.

So what can be done to reduce the number of places where the password is stored?

A means of securing network credentials on a computer and making them available to multiple other programs on the same computer to



The storing of the credentials only in the computers memory, requiring them to be provided by the user the first time they are needed after


the system (or the Agent program) is restarted.

The pre-authorisation of the specific programs that are allowed to access the credentials. The tracking of access requests.


The monitoring of the authorised programs for changes in the programs code and for changes in its access patterns. Where a change is


detected, the user is requested to review and reauthorise the program.


Page 02 of 3


The de-authorisation of programs that stop making access requests after a number of days. If the program subsequently requests access the user will be prompted to reauthorise it.

A web browser plugin that would recognise requests for corporate credentials and request them via the API. The Agent checking if the web page/domain is preauthorised. If it wasn't, prompting the user to authorise it. Checking the domain of the website and indicating it is a suspicious request if it comes from outside a white list of approved domains. Rejecting the request if it comes from a blacklist of domains.

Add a new Corporate Credentials Agent to the desktop.

When you set it up you provide it with a list of applications and web domains/pages that are authorised to access your corporate account details. When you install new software it can request to be authorised for access - but you have to go into the Corporate Credentials Agent to actually authorise it. When software is updated, the agent will prompt you to reauthorise it before giving it your password.

The Corporate Credentials...