SECURE PASSWORD RESET FOR APPLICATION
First Claim
Patent Images
1. A method of controlling access to an interaction context of an application, the method comprising:
- receiving login requests pertaining to an access account, each login request including a login password to be matched against an access password associated with the access account;
maintaining a database comprising at least one account record including a password state field indicating whether the access password is a temporary password or a permanent password and a security hold field indicating whether a security hold has been placed on the access account by an administrator;
denying access upon receipt of a login request when the login password fails to match the access password;
denying access upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is a security hold on the access account;
granting access upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is no security hold on the access account; and
granting access which is limited to permitting changing of the access password and prompting a change of the access password upon receipt of a login request when the login password matches the access password and the access password is a temporary password.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of controlling access to an interaction context of an application, including receiving login requests pertaining to an access account, each login request including a login password to be matched against an access password associated with the access account. A database includes at least one account record including a password state field indicating whether the access password is a temporary password or a permanent password and a security hold field indicating whether a security hold has been placed on the access account by an administrator. Access is denied upon receipt of a login request when the login password fails to match the access password. Access is denied upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is a security hold on the access account. Access is granted upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is no security hold on the access account. The method includes granting access which is limited to permitting changing of the access password and prompting a change of the access password upon receipt of a login request when the login password matches the access password and the access password is a temporary password.
-
Citations
4 Claims
-
1. A method of controlling access to an interaction context of an application, the method comprising:
-
receiving login requests pertaining to an access account, each login request including a login password to be matched against an access password associated with the access account; maintaining a database comprising at least one account record including a password state field indicating whether the access password is a temporary password or a permanent password and a security hold field indicating whether a security hold has been placed on the access account by an administrator; denying access upon receipt of a login request when the login password fails to match the access password; denying access upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is a security hold on the access account; granting access upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is no security hold on the access account; and granting access which is limited to permitting changing of the access password and prompting a change of the access password upon receipt of a login request when the login password matches the access password and the access password is a temporary password.
-
-
2. A computer readable storage medium storing computer-executable instructions for controlling at least one computer system to perform a method of controlling access to an interaction context of a multi-user application, the method comprising:
-
receiving a change of password request pertaining to one of a plurality of user accounts of a virtual application instance of the multi-user application, the change of password request including a new password and each user account including a user password; maintaining a database comprising user account records, each user account record including a password state field indicating whether the user password is a temporary password or a permanent password and a security hold field indicating whether a security hold has been placed on the user account by an administrator; changing the user password to the new password and setting the password state field to indicate that the user password is a permanent password; and informing a user that the a security hold is on the user account and prompting the user to contact the administrator to have the security hold lifted if the security hold field indicates that there is a security hold on the user account.
-
-
3. A server computer comprising:
-
at least one virtual application instance; an instance database for each virtual application instance including one or more user records, each user record containing login data for accessing an associated user account of the virtual application instance and including a user ID, a user password, a password state field indicating whether the user password is a temporary password or a permanent password, and a security hold field indicating whether a security hold has been placed on the user account by an administrator; and a login module configured to receive a login request for a virtual application instance from a user including a login ID and a login password, and if the login ID matches a user ID of a user record of the corresponding instance database, configured to; deny access upon receipt of a login request when the login password fails to match the user password; deny access upon receipt of a login request when the login password matches the user password, the password state field indicates that the user password is a permanent password, and the security hold field indicates that there is a security hold on the user account; grant access upon receipt of a login request when the login password matches the user password, the password state field indicates that the user password is a permanent password, and the security hold field indicates that there is no security hold on the user account; and grant access which is limited to permitting the user to change the user password and prompt the user to change the user password upon receipt of a login request when the login password matches the user password and the user password is a temporary password. - View Dependent Claims (4)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeStripe, Inc.
-
Original AssigneeFrancisco Corella
-
InventorsCorella, Francisco
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/6
-
CPC Class CodesG06F 21/31 User authenticationH04L 63/083 using passwords cryptograph...H04L 63/20 for managing network securi...
