System and method for permission-based access using a shared account
First Claim
1. A system for providing permission-based access to an existing logon session, comprising:
- a storage location holding a plurality of sets of interactive user credentials, each set of credentials associated with a different interactive user and indicating at least one permission level for at least one of at least one application and an access level for a server-hosted domain;
a server in connection with a client, the server hosting a session for a first local interactive user of the client, the client executing an active operating system logon session for a shared account, the active operating system logon session established with a default user profile not associated with a particular interactive user;
a credential delivery application communicating with the server and the client, the credential delivery application receiving an identifier identifying the first local interactive user via the client and using the identifier to retrieve a first set of credentials for the first local interactive user from the storage location, the first set of credentials delivered by the credential delivery application to the server, the first set of credentials used to map the first local interactive user to the server-hosted session for the first local interactive user.
8 Assignments
0 Petitions
Accused Products
Abstract
A mechanism for rapidly authenticating an interactive user in an operating system logon session based on a shared account by using a credential delivery application to enable permission-based access to a user'"'"'s remote session from the shared account is disclosed. The present invention provides the ability to switch local interactive users, authenticate the new interactive user, and switch the remote session without requiring the client to first establish a new logon session tied to the new local interactive user. The present invention also alters the normal locking mechanism found in operating system logon sessions so as to restrict access to an interactive local user'"'"'s applications (both local and remote) while still allowing the rapid switching of interactive users at the client device.
-
Citations
32 Claims
-
1. A system for providing permission-based access to an existing logon session, comprising:
-
a storage location holding a plurality of sets of interactive user credentials, each set of credentials associated with a different interactive user and indicating at least one permission level for at least one of at least one application and an access level for a server-hosted domain;
a server in connection with a client, the server hosting a session for a first local interactive user of the client, the client executing an active operating system logon session for a shared account, the active operating system logon session established with a default user profile not associated with a particular interactive user;
a credential delivery application communicating with the server and the client, the credential delivery application receiving an identifier identifying the first local interactive user via the client and using the identifier to retrieve a first set of credentials for the first local interactive user from the storage location, the first set of credentials delivered by the credential delivery application to the server, the first set of credentials used to map the first local interactive user to the server-hosted session for the first local interactive user. - View Dependent Claims (2, 3, 4)
-
-
5. In an electronic device, a method of providing permission-based access to an active operating system logon session, comprising the steps of:
-
hosting on an electronic device an active operating system logon session for a shared account, the electronic device in communication with a server, the shared account established with a default user profile not associated with a particular interactive user;
receiving a first identifier identifying a first local interactive user via the electronic device;
using the first identifier to retrieve a first set of credentials for the first local interactive user, the first set of credentials stored in a location accessible to the electronic device and the server and indicating at least one permission level for at least one of at least one application and an access level for a server-hosted session associated with the first local interactive user; and
mapping the first local interactive user to the server-hosted session for the first local interactive user using the first set of credentials. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. In an electronic device, a method of providing permission-based access to an existing operating system logon session, comprising the steps of:
-
hosting on an electronic device an active operating system logon session for a shared account, the shared account originally established with a default user profile not associated with a particular interactive user;
receiving a first identifier identifying a first local interactive user;
using the first identifier to retrieve a first set of credentials for the first local interactive user, the first set of credentials indicating at least one permission level for at least one of at least one application; and
accessing the at least one application using the first set of credentials. - View Dependent Claims (22, 23)
-
-
24. An article of manufacture having embodied thereon computer-readable program means for providing permission-based access to an existing session, the article of manufacture comprising:
-
computer-readable program means for hosting on an electronic device an active operating system logon session for a shared account, the electronic device in communication with a server, the shared account established with a default user profile not associated with a particular interactive user;
computer-readable program means receiving a first identifier identifying a first local interactive user via the electronic device;
computer-readable program means for using the first identifier to retrieve a first set of credentials for the first local interactive user, the first set of credentials stored in a location accessible to the electronic device and the server and indicating at least one permission level for at least one of at least one application and an access level for a server-hosted session associated with the first local interactive user; and
computer-readable program means for mapping the first local interactive user to the server-hosted session for the first local interactive user using the first set of credentials. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
-
Specification