Secure credentials control method
First Claim
1. A method for securing access to an account of a user, wherein the account comprises at least a first credential set as at least a portion of an access feature in a credential database for authenticating the user, the method comprising:
- permitting the user to set a universal reset credential associated with the account that is stored in the credential database;
permitting a system administrator of the account, who is not the user, to reset the access feature from the first credential in the credential database to the universal reset credential in the credential database without input across a computer network from the user;
denying the system administrator of the account, who is not the user, permission to change the first credential of the access feature in the credential database, wherein the first credential of the access feature is not known by the system administrator and wherein the first credential is within a secure area of the credential database restricting access from the system administrator to the first credential, wherein the system administrator is restricted from viewing the first credential;
and denying the system administrator of the account permission to change the universal reset credential that is stored in the credential database;
denying the system administrator permission to change the access feature from the universal reset credential to the first credential not known by the system administrator, after the universal reset credential is set;
and denying use of the first credential of the access feature, after the universal reset credential is set,wherein the system administrator is restricted to resetting the access feature to the universal reset credential.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparatus, and systems are provided to secure access to an account of a user. The account may have a system administrator. The user may have a credential for accessing the secure data on the account. The methods, apparatus, and systems involve setting a universal reset credential associated with the account, denying the system administrator of the account permission to change the first credential of the access feature, and permitting the system administrator to reset the access feature from the first credential to the universal reset credential.
-
Citations
22 Claims
-
1. A method for securing access to an account of a user, wherein the account comprises at least a first credential set as at least a portion of an access feature in a credential database for authenticating the user, the method comprising:
-
permitting the user to set a universal reset credential associated with the account that is stored in the credential database; permitting a system administrator of the account, who is not the user, to reset the access feature from the first credential in the credential database to the universal reset credential in the credential database without input across a computer network from the user; denying the system administrator of the account, who is not the user, permission to change the first credential of the access feature in the credential database, wherein the first credential of the access feature is not known by the system administrator and wherein the first credential is within a secure area of the credential database restricting access from the system administrator to the first credential, wherein the system administrator is restricted from viewing the first credential; and denying the system administrator of the account permission to change the universal reset credential that is stored in the credential database; denying the system administrator permission to change the access feature from the universal reset credential to the first credential not known by the system administrator, after the universal reset credential is set; and denying use of the first credential of the access feature, after the universal reset credential is set, wherein the system administrator is restricted to resetting the access feature to the universal reset credential. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 20)
-
-
11. A computer program product for enabling a computer to secure access to an account of a user, wherein the account comprises at least a first credential set as at least a portion of an access feature for authenticating the user, the computer program product comprising:
-
software instructions for enabling a computer to perform predetermined operations; and
a non-transitory computer readable storage medium bearing the software instructions;the predetermined operations including; permitting the user to set a universal reset credential associated with the account that is stored in a credential database; permitting a system administrator of the account, who is not the user, to reset the access feature from the first credential in the credential database to the universal reset credential in the credential database without input across a computer network from the user; denying the system administrator of the account, who is not the user, permission to change the first credential of the access feature, wherein the first credential of the access feature is not known by the system administrator and wherein the first credential is within a secure area of the credential database restricting access from the system administrator to the first credential, wherein the system administrator is restricted from viewing the first credential; denying the system administrator of the account permission to change the universal reset credential that is stored in the credential database; denying the system administrator of the account permission to change the access feature from the universal reset credential to the first credential not known by the system administrator, after the universal reset credential is set; and denying use of the first credential, after the resetting the access feature from the first credential in the credential database to the universal reset credential, wherein the system administrator is restricted to resetting the access feature to the universal reset credential. - View Dependent Claims (12, 13, 14, 15, 16, 17, 21)
-
-
18. A method for securing access to an account of a user, wherein the account comprises at least a first credential set as at least a portion of an access feature in a credential database for authenticating the user, the method comprising:
-
permitting the user to set a universal reset credential associated with the account that is stored in the credential database; permitting a system administrator of the account, who is not the user, to reset the access feature from the first credential in the credential database to the universal reset credential in the credential database without input across a computer network from the user; denying the system administrator of the account, who is not the user, permission to change the first credential of the access feature that is stored in the credential database, wherein the first credential of the access feature is not known by the system administrator and wherein the first credential is within a secure of the credential database restricting access from system administrator to the first credential, wherein the system administrator is restricted from viewing the first credential; denying the system administrator permission to change the access feature from the universal reset credential to the first credential not known by the system administrator and in the credential database; denying the system administrator permission to change the universal reset credential that is stored in the credential database; denying use of the first credential of the access feature, after the resetting the access feature from the first credential in the credential database to the universal reset credential, wherein the system administrator is restricted to resetting the access feature to the universal reset credential; recording information related to a change to the first credential in a secure table; electronically sending a notification of the change to the first credential to the user; recording information related to a reset of the first credential in the secure table; and electronically sending a notification of the reset of the first credential to the user. - View Dependent Claims (22)
-
-
19. A method for securing access to an email account of a user, the method comprising:
-
requiring the user to provide a first password to access the email account prior to a requiring the user to provide a universal reset password; permitting the user to set the universal reset password associated with the email account to be stored in a credential database; denying a system administrator of the email account, who is not the user, permission to view the first password; denying the system administrator of the email account permission to change the first password; permitting the system administrator of the email account to view the universal reset password; denying the system administrator of the email account permission to change the universal reset password stored in the credential database; and permitting the system administrator of the email account, without input from the user, to require the user to provide the universal reset password stored in the credential database, rather than the first password, to access the email account; denying the system administrator permission to require the user to provide the first password after the requiring the user to provide the universal reset password; and denying the system administrator permission to provide the first credential to access the email account after the requiring the user to provide the universal reset password.
-
Specification