Methods and arrangements for controlling access to resources based on authentication method
First Claim
Patent Images
1. A method for use in a computer capable of supporting multiple authentication mechanisms, the method comprising:
- generating at least one access token that identifies a user, and is associated with and identifies at least one authentication mechanism that has been used to authenticate the user, wherein generating the access token further includes identifying within the access token at least one characteristic associated with the authentication mechanism, wherein the at least one characteristic associated with the authentication mechanism includes a measure of strength of the authentication mechanism, wherein the measure of strength of the authentication mechanism depends on the length of key employed in an encryption process; and
controlling the user'"'"'s access to at least one resource based on the access token.
2 Assignments
0 Petitions
Accused Products
Abstract
In accordance with certain aspects of the present invention, improved methods and arrangements are provided that improve access control within a computer. The methods and arrangements specifically identify the authentication mechanism/mechanisms, and/or characteristics thereof, that were used in verifying that a user with a unique name is the actual user that the name implies, to subsequently operating security mechanisms. Thus, differentiating user requests based on this additional information provides additional control.
38 Citations
17 Claims
-
1. A method for use in a computer capable of supporting multiple authentication mechanisms, the method comprising:
-
generating at least one access token that identifies a user, and is associated with and identifies at least one authentication mechanism that has been used to authenticate the user, wherein generating the access token further includes identifying within the access token at least one characteristic associated with the authentication mechanism, wherein the at least one characteristic associated with the authentication mechanism includes a measure of strength of the authentication mechanism, wherein the measure of strength of the authentication mechanism depends on the length of key employed in an encryption process; and controlling the user'"'"'s access to at least one resource based on the access token. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable medium for use in a device capable of supporting multiple authentication mechanisms, the computer-readable medium having computer-executable instructions for performing acts comprising:
-
producing at least one access token that identifies a user, and uniquely identifies at least one authentication mechanism supported by the device that has been used to authenticate the user, wherein producing the access token further includes identifying within the access token at least one characteristic of the authentication mechanism, wherein the at least one characteristic of the authentication mechanism includes a strength characteristic of the authentication mechanism, wherein the strength characteristic of the authentication mechanism depends on the length of key employed in an encryption process; and causing the device to selectively control the user'"'"'s access to at least one resource operatively coupled to the device based at least in part on the access token. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
at least one authentication mechanism facilitating generation of at least one access token that identifies a user, and identifies the authentication mechanism that has been used to authenticate the user, wherein the access token further includes at least one identifying characteristic associated with the authentication mechanism, wherein the at least one identifying characteristic associated with the authentication mechanism indicates a measure of strength of the authentication mechanism, wherein the measure of strength of the authentication mechanism depends on the length of key employed in an encryption process; an access control list; at least one access controlled resource; and logic operatively facilitating comparison of the access token with the access control list and selectively control the user'"'"'s access to the resource based on the access token. - View Dependent Claims (16, 17)
-
Specification