SYSTEMS AND METHODS FOR DIFFERENTIAL ACCESS CONTROL BASED ON SECRETS

US 20160140333A1
Filed: 11/13/2014
Published: 05/19/2016
Est. Priority Date: 11/13/2014
Status: Active Grant

First Claim

Patent Images

1. A processor-based system for allowing the user to select a view, said view comprising a set of data, a set of resources, said resources interacting with said data and a set of tasks, said tasks interacting with said processor-based system, the processor-based system comprising:

a processor;

a computer readable storage media, said computer-readable storage media configured to store computer-readable instructions;

said processing in communications with a database, said database comprising data associated with a user;

said processor providing a user interface, said user interface accepting input from a user, the input comprising at least one indicia of the user'"'"'s identity and a first input secret;

wherein the first input secret is selectable by the user among a plurality of input secrets; and

wherein further each input secret is associated with an associated view.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Differential access to data for a user of a processor-based system is disclosed wherein the user may select one secret from among a plurality of secrets that allows and/or enables access to potentially different sets of data, different resources for accessing the data and/or different tasks for the user to interact with the system. The selection of any particular secret may arise as to the user'"'"'s feeling as to how secure the environment is for accessing the data. For example, if the user is in a very secure environment, the user may select a secret that allows substantially broad access to data, resources and tasks. If the environment is not secure, or if the user is under duress, the user may select a secret that provides limited access, or a decoy set of data and/or may provide the user with access to defensive measures to protect the data.

29 Citations

View as Search Results

20 Claims

1. A processor-based system for allowing the user to select a view, said view comprising a set of data, a set of resources, said resources interacting with said data and a set of tasks, said tasks interacting with said processor-based system, the processor-based system comprising:
- a processor;
  
  a computer readable storage media, said computer-readable storage media configured to store computer-readable instructions;
  
  said processing in communications with a database, said database comprising data associated with a user;
  
  said processor providing a user interface, said user interface accepting input from a user, the input comprising at least one indicia of the user'"'"'s identity and a first input secret;
  
  wherein the first input secret is selectable by the user among a plurality of input secrets; and
  
  wherein further each input secret is associated with an associated view.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1 wherein said plurality of input secrets is selectable by the user according to the user'"'"'s perception of the security of the environment in which the user is accessing the view.
  - 3. The system of claim 2 wherein at least one input secret selectable by the user allows the user to access sensitive data and a substantially complete set of resources for interacting with said data.
  - 4. The system of claim 2 wherein at least one input secret selectable by the user renders a decoy message in user'"'"'s view.
  - 5. The system of claim 4 wherein at least one input secret selectable by the user allows the user to perform defensive measures to protect said data.
  - 6. The system of claim 4 wherein said input secret selectable by the user is selected by the user when the user is in situation of duress.
  - 7. The system of claim 1 wherein said processor-based system is one of a group, said group comprising:
    - an email system, an Automatic Teller Machine (ATM) system, a file server, a server system and a database.
  - 8. The system of claim 1 wherein one of said tasks associated with at least one input secret allows the user to dynamically escalate the user'"'"'s view.
  - 9. The system of claim 1 wherein said processor-based system further comprises a two-factor authentication process for enabling at least one view for the user.

10. A processor-implemented method for allowing a user differential access to data within one of a set of views, each said view comprising a set of associated data, a set of associated resources interacting with said data and a set of associated tasks, said tasks allowing the user to interact with a processor-based system, the method comprising:
- presenting the user with an interface;
  
  accepting at least one indicia of the user'"'"'s identity;
  
  accepting at least one secret, said one secret being one of a plurality of secrets selectable by the user, and said one secret associated with said user'"'"'s indicia;
  
  authenticating said user, based upon said at least one indicia and said at least one secret; and
  
  presenting the user with a view, the view associated with said at least one secret.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 20)
- - 11. The method of claim 10 wherein said interface comprises one of a group, said group comprising:
    - a display, a keyboard and a card reader.
  - 12. The method of claim 10 wherein said at least one indicia comprises one of a group, said group comprising:
    - a user name, a user account number, biometric data, a magnetic stripe card and an electronic device.
  - 13. The method of claim 10 wherein said plurality of secrets comprises one of a group, said group comprising:
    - a secret for when the user is in a secure environment and a secret for when the user is in an insecure environment.
  - 14. The method of claim 13 wherein said method further comprises:
    - presenting the user with a decoy interface when the user selects a secret for when the user is in an insecure environment.
  - 15. The method of claim 14 wherein said method further comprises:
    - allowing the user to perform defensive measures to protect the data.
  - 16. The method of claim 10 wherein said method further comprises:
    - allowing the user to dynamically escalate the user'"'"'s view during a single session.
  - 17. The method of claim 10 wherein said method further comprises:
    - initiating a two-factor authentication process with the user when presented with the input of at least one secret.
  - 18. The method of claim 10 wherein said method implements one of a group, said group comprising:
    - an email system, an Automatic Teller Machine (ATM) system, a file server, a server system and a database.
  - 20. The method of claim 18 wherein said method further comprising:
    - initiating a two-factor authentication process for allowing access to said second view.

19. A processor-implemented method for allowing escalation of a user'"'"'s first view to a second view, where each said view comprising a set of associated data, a set of associated resources interacting with said data and a set of associated tasks, said tasks allowing the user to interact with a processor-based system;
- the method comprising;
  
  while the user has been authenticated for access to data via a first view during a session, said first view associated with a first secret, allowing the user to request an escalation to a second view; and
  
  accepting a second secret, said second secret associated with a second view.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Samineni, Naga Rohit

Granted Patent

US 9,785,765 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06F 21/40   by quorum, i.e. whereby two...

G06F 3/0484   for the control of specific...

G06F 3/04842   Selection of displayed obje...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/0861   using biometrical features,...

SYSTEMS AND METHODS FOR DIFFERENTIAL ACCESS CONTROL BASED ON SECRETS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR DIFFERENTIAL ACCESS CONTROL BASED ON SECRETS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links