Constraining a login to a subset of access rights
First Claim
Patent Images
1. A computer-implemented method comprising:
- generating, by a first computing device, a constrained password by at least executing a one-way-transformation algorithm on a product of a cryptographic algorithm executed on a general password that is associated with a user account, the execution of the one-way-transformation algorithm providing an output that includes the constrained password, the constrained password being based on one or more constraints defining a subset of access rights of a full set of access rights associated with the user account;
sending an authentication request including the constrained password to a second computing device capable of authenticating the user account; and
receiving, from the second computing device, access to the subset of access rights.
2 Assignments
0 Petitions
Accused Products
Abstract
This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
generating, by a first computing device, a constrained password by at least executing a one-way-transformation algorithm on a product of a cryptographic algorithm executed on a general password that is associated with a user account, the execution of the one-way-transformation algorithm providing an output that includes the constrained password, the constrained password being based on one or more constraints defining a subset of access rights of a full set of access rights associated with the user account; sending an authentication request including the constrained password to a second computing device capable of authenticating the user account; and receiving, from the second computing device, access to the subset of access rights. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method comprising:
-
receiving, by a computing device, an authentication request comprising; a user identifier (ID) associated with a user account; and a constrained password that is based on one or more constraints defining a subset of access rights of a full set of access rights associated with the user account; determining that the constrained password is valid by at least; performing a cryptographic algorithm on at least the user ID to generate a new constrained password; and comparing the new constrained password to the constrained password received in the authentication request to determine a match; and responsive to determining that the constrained password is valid based on the match, granting the subset of access rights. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A computer-implemented method comprising:
-
receiving input at a computing device, the input comprising; a user ID; a general password that is; associated with a user account represented by the user ID; and configured to give access to a full set of access rights associated with the user account; and one or more desired constraints that, when applied to the full set of access rights associated with the user account, define a subset of the full set of access rights; executing a first one-way cryptographic algorithm on the input to provide a result; generating a constrained password that is based on the one or more desired constraints, the generating comprising; executing a second one-way cryptographic algorithm on the result of the first one-way cryptographic algorithm; and receiving the constrained password as output from the second one-way cryptographic algorithm; sending an authentication request, the authentication request including the user ID, the one or more desired constraints, and the constrained password; and receiving access to the subset of the full set of access rights, the subset of the full set of access rights configured to give at least partial access to one or more protected entities. - View Dependent Claims (20)
-
Specification