Methods, devices, and mediums associated with security access requested on an as-needed basis

US 8,826,394 B1
Filed: 03/20/2012
Issued: 09/02/2014
Est. Priority Date: 03/20/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising memory having instructions stored thereon that, in response to execution by a processing device, cause the processing device to perform operations comprising,authenticating a user based on a first pre-shared secret associated with a first login request as a condition to granting the user limited access to a resource, wherein the first pre-shared secret is associated with the user;

after granting the user the limited access to the resource, receiving a second request for the user, wherein the second request is received over a first communication path;

determining whether the second request corresponds to an additional level of access to the resource;

and in response to determining that the second request corresponds to the additional level of access to the resource, authenticating the user based on a second pre-shared secret as a condition to granting the user the additional level of access to the resource, wherein the additional level of access includes an access privilege that is not included in the grant of the limited access, wherein the second pre-shared secret is associated with the user, and wherein the second pre-shared secret is different than the first pre-shared secret;

wherein granting the additional level of access to the resource further comprises transmitting control access information over a second communication path that is different than the first communication path.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one example, a network device may be configured to authenticate a user based on a first pre-shared secret associated with a first login request as a condition to granting the user limited access. The network device may be configured to determine whether a received second request for the user is associated with an additional level of access. The network device may be configured to, in response to determining that the second request is associated with the additional level of access, authenticate the user based on a second pre-shared secret as a condition to granting the user the additional level of access.

14 Citations

View as Search Results

38 Claims

1. An apparatus comprising memory having instructions stored thereon that, in response to execution by a processing device, cause the processing device to perform operations comprising,authenticating a user based on a first pre-shared secret associated with a first login request as a condition to granting the user limited access to a resource, wherein the first pre-shared secret is associated with the user;
- after granting the user the limited access to the resource, receiving a second request for the user, wherein the second request is received over a first communication path;
  
  determining whether the second request corresponds to an additional level of access to the resource;
  
  and in response to determining that the second request corresponds to the additional level of access to the resource, authenticating the user based on a second pre-shared secret as a condition to granting the user the additional level of access to the resource, wherein the additional level of access includes an access privilege that is not included in the grant of the limited access, wherein the second pre-shared secret is associated with the user, and wherein the second pre-shared secret is different than the first pre-shared secret;
  
  wherein granting the additional level of access to the resource further comprises transmitting control access information over a second communication path that is different than the first communication path.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 33, 36)
- - 2. The apparatus of claim 1, wherein the operations further comprise assigning a lifetime to a grant of the additional level of access to the resource.
  - 3. The apparatus of claim 1, wherein the first pre-shared secret comprises a first password, and wherein the second pre-shared secret comprises a second password that is different than the first password.
  - 4. The apparatus of claim 1, where the operations further comprise:
    - determining whether a device that originated the first login request is registered with the resource;
      
      granting the limited access only in response to determining that the device is not registered with the resource; and
      
      granting a different access in response to determining that the device is registered with the resource.
  - 5. The apparatus of claim 1, wherein the limited access comprises read only access, and wherein the additional level of access to the resource comprises write access.
  - 6. The apparatus of claim 5, wherein the additional level of access to the resource is for a predetermined number of transactions.
  - 7. The apparatus of claim 1, wherein granting the additional level of access to the resource further comprises transmitting information to an email address.
  - 8. The apparatus of claim 1, wherein granting the additional level of access to the resource further comprises transmitting information to a mobile device.
  - 9. The apparatus of claim 1, wherein granting the additional level of access to the resource further comprises transmitting a token.
  - 10. The apparatus of claim 9, wherein the second request identifies a particular transaction to be performed.
  - 11. The apparatus of claim 10, wherein the token comprises a verification code to be sent back by the user in order to enable the particular transaction.
  - 33. The apparatus of claim 1, wherein the second request identifies a particular transaction to be performed.
  - 36. The apparatus of claim 1, wherein the resource comprises an account corresponding to the user, and wherein the second request identifies a requested change to the account.

12. A method comprising:
- receiving a first login request for a user;
  
  in response to receiving the first login request, authenticating the user based on a first pre-shared secret as a condition to storing data in a memory device to grant the user limited access to a resource, wherein the first pre-shared secret is associated with the user;
  
  after granting the user the limited access to the resource, receiving a second request for the user, wherein the second request is received over a first communication path;
  
  determining whether the second request corresponds to an additional level of access to the resource; and
  
  in response to determining that the second request corresponds to the additional level of access to the resource, wherein the additional level of access includes an access privilege that is not included in the grant of the limited access, authenticating the user based on a second pre-shared secret as a condition to changing the data stored in the memory device to grant the user the additional level of access to the resource, wherein the second pre-shared secret is associated with the user, and wherein the second pre-shared secret is different than the first pre-shared secret;
  
  wherein granting the additional level of access to the resource further comprises transmitting control access information over a second communication path that is different than the first communication path.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 34, 37)
- - 13. The method of claim 12, further comprising assigning a lifetime to a grant of the additional level of access to the resource.
  - 14. The method of claim 12, wherein the first pre-shared secret comprises a first password, and wherein the second pre-shared secret comprises a second password that is different than the first password.
  - 15. The method of claim 12, further comprising:
    - determining whether a device that originated the first login request is registered with the resource;
      
      granting the limited access only in response to determining that the device is not registered with the resource; and
      
      granting a different access in response to determining that the device is registered with the resource.
  - 16. The method of claim 12, wherein the limited access comprises read only access, and wherein the additional level of access to the resource comprises write access.
  - 17. The method of claim 16, wherein the additional level of access to the resource is for a predetermined number of transactions.
  - 18. The method of claim 12, wherein changing the data stored in the memory device to grant the additional level of access to the resource further comprises transmitting information to an email address.
  - 19. The method of claim 12, wherein changing the data stored in the memory device to grant the additional level of access to the resource further comprises transmitting information to a mobile device.
  - 20. The method of claim 12, wherein changing the data stored in the memory device to grant the additional level of access to the resource further comprises transmitting a token.
  - 21. The method of claim 20, wherein the second request identifies a particular transaction to be performed.
  - 22. The method of claim 21, wherein the token comprises a verification code to be sent back by the user in order to enable the particular transaction.
  - 23. The method of claim 22, further comprising assigning a lifetime to the token.
  - 34. The method of claim 12, wherein the second request identifies a particular transaction to be performed.
  - 37. The method of claim 12, wherein the resource comprises an account corresponding to the user, and wherein the second request identifies a requested change to the account.

24. An apparatus, comprising:
- means for authenticating the user based on a first pre-shared secret associated with a first login request as a condition to granting the user limited access to a resource, wherein the first pre-shared secret is associated with the user;
  
  means for determining whether a second request for the user corresponds to an additional level of access to the resource after granting the user the limited access to the resource and in response to receiving the second request; and
  
  means for authenticating the user based on a second pre-shared secret as a condition to granting the user the additional level of access to the resource in response to determining that the second request corresponds to the additional level of access to the resource, wherein the additional level of access includes an access privilege that is not included in the grant of the limited access, wherein the second pre-shared secret is associated with the user, and wherein the second pre-shared secret is different than the first pre-shared secret; and
  
  means for granting the additional level of access to the resource transmitting control access information over a second communication path that is different than a first communication path corresponding to the second request.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 35, 38)
- - 25. The apparatus of claim 24, further comprising means for assigning a lifetime to a grant of the additional level of access to the resource.
  - 26. The apparatus of claim 24, wherein the first pre-shared secret comprises a first password, and wherein the second pre-shared secret comprises a second password that is different than the first password.
  - 27. The apparatus of claim 24, wherein the limited access comprises read only access, and wherein the additional level of access to the resource comprises write access.
  - 28. The apparatus of claim 27, wherein the additional level of access to the resource is for a predetermined number of transactions.
  - 29. The apparatus of claim 24, further comprising means for transmitting a token in response to authenticating the user based on the second pre-shared secret.
  - 30. The apparatus of claim 29, wherein the second request identifies a particular transaction to be performed.
  - 31. The apparatus of claim 30, wherein the token comprises a verification code to be sent back by the user in order to enable the particular transaction.
  - 32. The apparatus of claim 24, further comprising means for transmitting information to an email address to grant the additional level of access to the resource.
  - 35. The apparatus of claim 24, wherein the second request identifies a particular transaction to be performed.
  - 38. The apparatus of claim 24, wherein the resource comprises an account corresponding to the user, and wherein the second request identifies a requested change to the account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TP-Link USA Corporation (TP-Link Technologies Co Limited)
Original Assignee
Intellectual Ventures Fund 79 LLC (Intellectual Ventures LLC)
Inventors
Bastani, Behfar, Sidhu, Sagan
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
WRIGHT, BRYAN F

Application Number

US13/425,223
Time in Patent Office

896 Days
Field of Search

726/5
US Class Current

726/5
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

Methods, devices, and mediums associated with security access requested on an as-needed basis

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, devices, and mediums associated with security access requested on an as-needed basis

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links