Methods and systems for gradual expiration of credentials
First Claim
Patent Images
1. A computer-implemented method, comprising:
- receiving, at a first access request time, a first access request for accessing a resource using a credential, the first access request time occurring after an initial expiration time associated with the credential and before a final expiration time, the final expiration time determined by adding a predetermined grace period to the initial expiration time;
selecting a first access rule from a plurality of access rules based at least in part on first durations between the first access request time, the initial expiration time, and the final expiration time;
determining a first access right with respect to the resource based at least in part on the selected first access rule, the first access right configured to be more restrictive than an access granted prior to the initial expiration time;
generating a first access response corresponding to the first access request based at least in part on the first access right;
receiving, at a second access request time, a second request for accessing the resource using the credential, the second access request time occurring after the first access request time and before the final expiration time;
selecting a second access rule from the plurality of access rules based at least in part on second durations between the second access request time, the initial expiration time, and the final expiration time;
determining a second access right with respect to the resource based at least in part on the selected second access rule, historical access data associated with aggregated user behavior for selected previous access to the resource, and one or more attributes associated with sensor data indicating security breaches at the resource, the second access right being more restrictive than the first access right; and
generating a second access response corresponding to the second access request based at least in part on the second access right.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems are provided to enable gradual expiration of credentials. Instead of depriving a user of all his access rights upon expiration of his credential (e.g., password), the user'"'"'s access rights may be gradually restricted during a grace period after an expected or initial expiration time and/or before a final expiration time. The access right may be determined based on a duration from a time of the access request to the final expiration time or to the initial expiration time.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
receiving, at a first access request time, a first access request for accessing a resource using a credential, the first access request time occurring after an initial expiration time associated with the credential and before a final expiration time, the final expiration time determined by adding a predetermined grace period to the initial expiration time; selecting a first access rule from a plurality of access rules based at least in part on first durations between the first access request time, the initial expiration time, and the final expiration time; determining a first access right with respect to the resource based at least in part on the selected first access rule, the first access right configured to be more restrictive than an access granted prior to the initial expiration time; generating a first access response corresponding to the first access request based at least in part on the first access right; receiving, at a second access request time, a second request for accessing the resource using the credential, the second access request time occurring after the first access request time and before the final expiration time; selecting a second access rule from the plurality of access rules based at least in part on second durations between the second access request time, the initial expiration time, and the final expiration time; determining a second access right with respect to the resource based at least in part on the selected second access rule, historical access data associated with aggregated user behavior for selected previous access to the resource, and one or more attributes associated with sensor data indicating security breaches at the resource, the second access right being more restrictive than the first access right; and generating a second access response corresponding to the second access request based at least in part on the second access right. - View Dependent Claims (2, 3, 4)
-
-
5. One or more non-transitory computer-readable storage media storing computer-executable instructions that, when executed by a computing system, configure the computing system to perform operations comprising:
in response to receiving, at a request time, a request to access a resource using a credential, the request time occurring after an initial expiration time associated with the credential and before a final expiration time; selecting a first access rule from a plurality of access rules based at least in part on first durations between the request time, the initial expiration time, and the final expiration time; determining an access right with a level of a plurality of different access right levels with respect to the resource based at least in part on the selected first access rule, historical access data associated with aggregated user behavior for selected previous access to the resource, and one or more attributes associated with sensor data indicating security breaches at the resource, the different access right levels respectively corresponding to different durations between the request time and the final expiration time for the credential; and providing a level of access to the resource based at least in part on the level of determined access right. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
13. A computer system, comprising:
-
a memory that stores computer-executable instructions; and a processor configured to access the memory and execute the computer-executable instructions to at least; receive, at a request time, a request from a requester to access a plurality of resources using a credential, the request time occurring after an initial expiration time associated with the credential and before a final expiration time; select a first access rule from a plurality of access rules based at least in part on first durations between the request time, the initial expiration time, and the final expiration time; determine an access right with a level of a plurality of different access right levels with respect to a resource of the plurality of resources based at least in part on the selected first access rule, historical access data associated with aggregated user behavior for selected previous access to the resource, and one or more attributes associated with sensor data indicating security breaches at the resource, the different access right levels respectively corresponding to different durations between the request time and the initial expiration time for the credential; and provide access to the subset of resources for the requester based at least in part on the access right. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification