CONSTRAINING A LOGIN TO A SUBSET OF ACCESS RIGHTS
First Claim
Patent Images
1. A method comprising:
- sending an authentication request including a constrained password to an entity capable of authenticating a user account, the constrained password based on a general password for the user account and one or more constraints defining a subset of access rights of a full set of access rights associated with the user account; and
receiving, from the entity, access to the subset of access rights.
2 Assignments
0 Petitions
Accused Products
Abstract
This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.
23 Citations
20 Claims
-
1. A method comprising:
-
sending an authentication request including a constrained password to an entity capable of authenticating a user account, the constrained password based on a general password for the user account and one or more constraints defining a subset of access rights of a full set of access rights associated with the user account; and receiving, from the entity, access to the subset of access rights. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method comprising:
-
receiving an authentication request comprising; a user identifier (ID) associated with a user account; and a constrained password associated with a subset of access rights of access rights associated with the user account; determining that the constrained password is valid; and responsive to determining that the constrained password is valid, granting the subset of access rights. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
receiving input, the input comprising; a user ID; a general password that is; associated with a user account represented by the user ID; and configured to give access to a full set of rights associated with the user account; and one or more desired constraints that, when applied to the full set of access rights associated with the user account, define a subset of the full set of access rights; generating a constrained password, the generating comprising; executing a one-way cryptographic algorithm on the input; and receiving the constrained password as output from the one-way cryptographic algorithm; sending an authentication request, the authentication request including the user ID, the one or more desired constraints, and the constrained password; and receiving access to the subset of the full set access rights, the subset of the full set of access rights configured to give at least partial access to one or more protected entities.
-
Specification