Increasingly, in the computing world, functionality is distributed. Such distribution is achieved through the separation of the devices, functionality or data (collectively resources), and the physical or logical decoupling of such resources. Components implementing various functionality of computer systems may therefore reside in different domains. A domain may include a logical grouping of network objects, such as an internetworked set of computers or applications associated with a particular entity, address, etc. Domains may also encompass a sub-domain, which itself may be a domain contained in the parent domain, etc. Thus, companies or other entities may establish domains for use by their employee or others. In such instances, when a user associated with the entity is provisioned with a computer, a domain administrator may configure the computer or domain such that access to the domain by the computer is accomplished using a set of authentication credentials such as user name and password. When the user's computer has been authenticated with these credentials the user's computer is considered a member of the domain network.
In particular, when a user's computer is a member of a domain these authentication credentials are managed by a computer within the domain. For example, in a Windows domain the computer system that manages such authentication credentials is referred to as a domain controller. This domain controller may only be accessible from a user's computer when the computer has been authenticated by the domain controller and is considered a member of the domain's network. In many cases, however, users travel away from the network and forget their passwords or they expire. If the user is not actively connected to the domain network they may, however, be effectively “locked out” of their computer until they can gain access to the domain network again. This creates a catch-22 situation. The user needs to access the domain controller to reset their credentials for the domain using the domain controller, however, the user can only access the domain controller if the computer has been authenticated by the domain controller using the proper authentication credentials.
Current solutions to this problem rely on the user physically providing their computer or device back to the network of origin (e.g., by mail or courier in the case where the user is located remotely from an administrator or entity). A network administrator for the domain then integrates the computer back into the domain, resets the credentials and physically provides the computer back to the user. This solution is clearly unacceptable, as it is inconvenient for both the user and the administrator and may result in additional security risks when the computer is in transit.
What is desired, then, are systems and methods that provide a secure way to reset domain based authentication credentials in a distributed network environment.