CONSTRAINING A LOGIN TO A SUBSET OF ACCESS RIGHTS
First Claim
Patent Images
1. One or more computer-readable storage media comprising instructions that, responsive to execution by a computing device, cause the computing device to:
- generate a constrained password by executing a one-way-transformation algorithm on data associated with a general password of a user account,the execution of the one-way-transformation algorithm providing an output that includes the constrained password,the constrained password being based on a constraint defining a subset of access rights associated with the user account; and
send an authentication request that includes the constrained password to another computing device capable of using the authentication request to access a resource based on the subset of access rights.
2 Assignments
0 Petitions
Accused Products
Abstract
This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.
-
Citations
20 Claims
-
1. One or more computer-readable storage media comprising instructions that, responsive to execution by a computing device, cause the computing device to:
-
generate a constrained password by executing a one-way-transformation algorithm on data associated with a general password of a user account, the execution of the one-way-transformation algorithm providing an output that includes the constrained password, the constrained password being based on a constraint defining a subset of access rights associated with the user account; and send an authentication request that includes the constrained password to another computing device capable of using the authentication request to access a resource based on the subset of access rights. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
memory and one or more processors configured to utilize instructions in the memory to implement an authentication request module, the authentication request module configured to; receive an authentication request comprising; a user identifier (ID) associated with a user account; and a constrained password that is based on one or more constraints that define a subset of access rights associated with the user account; and perform a cryptographic algorithm on at least the user ID to generate a new constrained password; and compare the new constrained password to the constrained password received in the authentication request to determine a match, a validity of the constrained password being determinable based on the match, and the subset of access rights being grantable based on the validity of the constrained password. - View Dependent Claims (14, 15, 16, 17)
-
18. A computing device comprising:
one or more computer-readable storage media comprising instructions that, responsive to execution by the computing device, cause the computing device to; execute a one-way-transformation algorithm on data associated with a general password of a user account, the execution of the one-way-transformation algorithm providing an output that includes a constrained password, the constrained password being based on one or more constraints that define a subset of access rights associated with the user account; and send an authentication request that includes the constrained password to another computing device capable of using the authentication request to access a resource based on the subset of access rights. - View Dependent Claims (19, 20)
Specification