US 12,107,847 B2
Password reset using an asymmetric encryption key pair
Subhamay Barui, Pune (IN); Ramesh Gupta, Pune (IN); and Jagriti Jalal, Haldwani (IN)
Assigned to SAP SE, Walldorf (DE)
Filed by SAP SE, Walldorf (DE)
Filed on Apr. 11, 2022, as Appl. No. 17/717,352.
Prior Publication US 2023/0328055 A1, Oct. 12, 2023
Int. Cl. H04L 9/40 (2022.01); H04L 9/08 (2006.01)
CPC H04L 63/083 (2013.01) [H04L 9/0825 (2013.01); H04L 9/0861 (2013.01); H04L 9/0891 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer implemented method for securely performing a password change, comprising:
receiving a password change request from a user, wherein the password change request comprises an encrypted version of a new password for the user, a cleartext version of the new password, and a login name for the user, and wherein the encrypted version of the new password is encrypted with a private key associated with the user;
executing a command from a password rotator user account with the cleartext version of the new password, the encrypted version of the new password, and the login name;
retrieving a public key associated with the login name;
determining, based on the public key, that the password change request comes from the user and that the cleartext version of the new password has not been modified; and
setting the password of a user login associated with the user to the new password in response to the determining.