Self-service credential management
First Claim
1. A method for determining whether to permit a user to reset a credential used to access a resource, comprising the steps of:
- receiving, by at least one processing unit, a first request from a first user to reset a first credential, wherein the first request includes first user information;
determining, based at least on the first user information, an applicable reset policy from among at least a first reset policy comprising a first gate and a second reset policy comprising a second gate identical to the first gate, wherein the first reset policy comprises a different pass/fail threshold than the second reset policy;
receiving a response from the first user; and
granting the first request if the response satisfies the applicable reset policy;
wherein the determining step further comprises determining;
that the first user is a member of both a first group having a first set of permissions within the resource and a second group having a second set of permissions within the resource;
that the first reset policy is associated with users in the first group and the second reset policy is associated with users in the second group;
that the first reset policy is more stringent than the second reset policy based on a ranking of the first reset policy and the second reset policy according to stringency; and
that the applicable reset policy is the first reset policy and not the second reset policy.
2 Assignments
0 Petitions
Accused Products
Abstract
A self-service system and method for credential reset permits an administrator to customize policies for credential reset based on any user or group of users. Administrators may choose to set a more stringent policy for credential reset for users or groups that have higher-level permissions to access sensitive information within the resource protected by the credential. Customizable, plug-in gates are provided to permit administrators fine grained control over reset policy definition. When the user initiates a credential reset, the reset policy applicable to that user is invoked, and the user is presented with gates to pass pursuant to the applicable reset policy. The user'"'"'s responses are compared to responses presented by the user at registration. If the responses meet the reset policy'"'"'s threshold for accuracy, the user is permitted to reset the credential.
-
Citations
13 Claims
-
1. A method for determining whether to permit a user to reset a credential used to access a resource, comprising the steps of:
-
receiving, by at least one processing unit, a first request from a first user to reset a first credential, wherein the first request includes first user information; determining, based at least on the first user information, an applicable reset policy from among at least a first reset policy comprising a first gate and a second reset policy comprising a second gate identical to the first gate, wherein the first reset policy comprises a different pass/fail threshold than the second reset policy; receiving a response from the first user; and granting the first request if the response satisfies the applicable reset policy; wherein the determining step further comprises determining; that the first user is a member of both a first group having a first set of permissions within the resource and a second group having a second set of permissions within the resource; that the first reset policy is associated with users in the first group and the second reset policy is associated with users in the second group; that the first reset policy is more stringent than the second reset policy based on a ranking of the first reset policy and the second reset policy according to stringency; and that the applicable reset policy is the first reset policy and not the second reset policy. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for determining whether to allow users to reset credentials protecting a resource, comprising:
-
a processing unit; and a memory coupled with and readable by the processing unit and having stored therein instructions which, when executed by the processing unit, cause a credential reset module to perform the following acts; receiving, by at least one processing unit, a first request from a first user to reset a first credential, wherein the first request includes first user information; determining, based at least on the first user information, an applicable reset policy from among at least a first reset policy comprising a first gate and a second reset policy comprising a second gate identical to the first gate, wherein the first reset policy comprises a different pass/fail threshold than the second reset policy; receiving a response from the first user; and granting the first request if the response satisfies the applicable reset policy; wherein the determining step further comprises determining; that the first user is a member of both a first group having a first set of permissions within the resource and a second group having a second set of permissions within the resource; that the first reset policy is associated with users in the first group and the second reset policy is associated with users in the second group; that the first reset policy is more stringent than the second reset policy based on a ranking of the first reset policy and the second reset policy according to stringency; and that the applicable reset policy is the first reset policy and not the second reset policy. - View Dependent Claims (12, 13)
-
-
9. A storage device encoding a computer executable instructions that, when executed by at least one processor, perform a method for setting requirements to permit reset of a credential used to access a resource, the method comprising:
-
associating a first user with a first group and a second group; associating the first group with a first reset policy comprising a first gate and the second group with a second reset policy comprising a second gate identical to the first gate, wherein the first reset policy comprises a different pass/fail threshold than the second reset policy, and wherein the first reset policy comprises a different pass/fail threshold than the second reset policy; ranking at least the first reset policy and the second reset policy based on stringency; receiving a request for access to the resource from the first user; determining that the first user is associated with the first group and the second group; determining that the first reset policy is more stringent based on the ranking; requiring the user to satisfy the first reset policy and not the second reset policy; receiving a response from the first user; when the response from the first user satisfies the first reset policy, allowing the first user to access the resource. - View Dependent Claims (10, 11)
-
Specification