Identification and authentication management
First Claim
1. A computer-implemented method for managing temporary access to a first user'"'"'s data, comprising:
- receiving, from a first user, a message at an authentication server, the first user having an authentication credential with respect to a first user'"'"'s account used to interact with the first user'"'"'s data through an application, the message that a second user be granted temporary access to the first user'"'"'s data through the application;
receiving, from the second user, a request at the authentication server, the request to access the first user'"'"'s data through the application; and
responsive to the request from the second user, obtaining the first user'"'"'s authentication credential from the authentication server and granting the second user temporary access to the first user'"'"'s data through the application by providing to the application the first user'"'"'s authentication credential, wherein the first user'"'"'s authentication credential is not provided to the second user.
1 Assignment
0 Petitions
Accused Products
Abstract
An identification and authentication scheme maintains control relationships among identities in order to allow a user to dynamically grant or deny permission for a technical support representative to access the user'"'"'s data, while allowing the user to retain ultimate control over access to the data. Interactions entered by the representative can be distinguished from those entered by the user, while execution paths for representative-entered interactions are configured so that, to an application, the representative-entered transactions appear substantially identical to user-entered transactions. Technical support representatives are thereby able to duplicate users'"'"' problems to enable diagnosis and resolution of problems without requiring users to reveal their passwords or login credentials.
-
Citations
60 Claims
-
1. A computer-implemented method for managing temporary access to a first user'"'"'s data, comprising:
-
receiving, from a first user, a message at an authentication server, the first user having an authentication credential with respect to a first user'"'"'s account used to interact with the first user'"'"'s data through an application, the message that a second user be granted temporary access to the first user'"'"'s data through the application; receiving, from the second user, a request at the authentication server, the request to access the first user'"'"'s data through the application; and responsive to the request from the second user, obtaining the first user'"'"'s authentication credential from the authentication server and granting the second user temporary access to the first user'"'"'s data through the application by providing to the application the first user'"'"'s authentication credential, wherein the first user'"'"'s authentication credential is not provided to the second user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 32, 33)
-
-
16. A computer-implemented method for managing levels of access to a first user'"'"'s data for at least two users, comprising:
-
establishing a control relationship between a first user'"'"'s authentication credential and a second user'"'"'s authentication credential, the control relationship allowing the first user to specify at least one parameter of the second user'"'"'s level of access to a first user'"'"'s data; receiving, from a first user, a message at an authentication server, the first user having an authentication credential with respect to a first user'"'"'s account used to interact with the first user'"'"'s data through an application, the message that a second user be granted temporary access to the first user'"'"'s data through the application; receiving, from the second user, a request at the authentication server, the request to access the first user'"'"'s data through the application; and responsive to the request from the second user, granting the second user access to the first user'"'"'s data through the application according to the second user'"'"'s level of access as specified by the first user, by providing to the application the first user'"'"'s authentication credential, wherein the first user'"'"'s authentication credential is obtained from the authentication server and is not provided to the second user. - View Dependent Claims (17, 18, 31)
-
-
34. A system for granting to a second user access to a first user'"'"'s data in response to a message from a first user, comprising:
-
an authenticator communicatively adapted to receive over a network connection authentication credentials of the first and second users and adapted to authenticate each user from the authentication credentials; an access level control module, communicatively coupled to the authenticator, for defining for each user a level of access to a first user'"'"'s data; and a resource interface, communicatively coupled to the access level control module, for granting the second user access to the first user'"'"'s data through the resource interface by providing the first user'"'"'s authentication credential to the authenticator for authentication, wherein the first user'"'"'s authentication credential is obtained from an authentication server and is not provided to the second user. - View Dependent Claims (35, 36, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
37. A system for granting to a second user access to a first user'"'"'s data in response to a message from a first user, comprising:
-
an access level control module, for establishing a control relationship between an authentication credential associated with the first user and an authentication credential associated with the second user, the control relationship allowing the first user to control at least one parameter of the second user'"'"'s level of access; and a resource interface, coupled to the access level control module, for granting the second user access to the first user'"'"'s data through the resource interface according to the second user'"'"'s level of access, by providing the first user'"'"'s authentication credential to an authenticator, wherein the first user'"'"'s authentication credential is obtained from an authentication server and is not provided to the second user.
-
-
50. In a client/server system for granting to a second user access to a first user'"'"'s data in response to a message from a first user specifying that the second user be granted access to the first user'"'"'s data, a server comprising:
-
an authenticator, for authenticating each user according to authentication credentials; an access level control module, coupled to the authenticator, for defining a level of access to the first user'"'"'s data for each user; and a resource interface, coupled to the access level control module, for granting to a client operated by the second user access to the first user'"'"'s data through the resource interface by providing the first user'"'"'s authentication credential to the authenticator, wherein the first user'"'"'s authentication credential is obtained from an authentication server and is not provided to the second user.
-
-
51. In a client/server system for granting to a second user access to a first user'"'"'s data in response to a message from a first user specifying that the second user be granted access to the first user'"'"'s data, a server comprising:
-
an access level control module, for establishing a control relationship between the first user'"'"'s authentication credential and the second user'"'"'s authentication credential, the control relationship allowing the first user to control at least one parameter of the second user'"'"'s level of access; and a resource interface, coupled to the access level control module, for granting to the client operated by the second user access to the first user'"'"'s data through the resource interface according to the second user'"'"'s level of access, by providing the first user'"'"'s authentication credential to an authenticator, wherein the first user'"'"'s authentication credential is obtained from an authentication server and is not provided to the second user.
-
-
52. A computer program product comprising a computer-usable medium having computer-readable code embodied therein for managing temporary access to a first user'"'"'s data, comprising:
-
computer-readable program code configured to cause a computer to receive a message at an authentication server from a first user, the first user having an authentication credential with respect to the first user'"'"'s data, the message that a second user be granted temporary access to the first user'"'"'s data; computer-readable program code configured to cause a computer to receive a request at the authentication server from the second user, the request to access the first user'"'"'s data; and computer-readable program code configured to cause a computer to, responsive to the request from the second user, obtain the first user'"'"'s authentication credential and grant the second user temporary access to the first user'"'"'s data by providing the first user'"'"'s authentication credential to an authenticator, wherein the first user'"'"'s authentication credential is obtained from the authentication server and is not provided to the second user. - View Dependent Claims (53, 54, 55, 57, 58, 59, 60)
-
-
56. A computer-implemented computer program product for managing levels of access to a first user'"'"'s data for at least two users, comprising:
-
computer-readable program code configured to cause a computer to establish a control relationship between a first user'"'"'s authentication credential and a second user'"'"'s authentication credential, the control relationship allowing the first user to specify at least one parameter of the second user'"'"'s level of access to a first user'"'"'s data; computer-readable program code configured to cause a computer to receive, from a first user, a message at an authentication server, the first user having an authentication credential with respect to a first user'"'"'s account used to interact with the first user'"'"'s data through an application, the message that a second user be granted temporary access to the first user'"'"'s data through the application; computer-readable program code configured to cause a computer to receive, from the second user, a request at the authentication server the request to access the first user'"'"'s data through the application; and computer-readable program code configured to cause a computer to, responsive to the request from the second user, grant the second user access to the first user'"'"'s data through the application according to the second user'"'"'s level of access as specified by the first user, by providing to the application the first user'"'"'s authentication credential, wherein the first user'"'"'s authentication credential is obtained from the authentication server and is not provided to the second user.
-
Specification