Constraining a login to a subset of access rights
First Claim
Patent Images
1. One or more computer-readable storage memories comprising instructions that, responsive to execution by a computing device, cause the computing device to:
- generate a constrained password by executing a cryptographic one-way-transformation algorithm on a general password of a user account, the general password being associated with a full set of access rights to resources associated with the user account, the execution of the cryptographic one-way-transformation algorithm providing an output that includes the constrained password, the constrained password being based on a constraint defining a subset of the full set of access rights associated with the user account; and
send an authentication request that includes the constrained password to another computing device configured to use the authentication request to access a resource based on the subset of access rights.
2 Assignments
0 Petitions
Accused Products
Abstract
This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.
22 Citations
20 Claims
-
1. One or more computer-readable storage memories comprising instructions that, responsive to execution by a computing device, cause the computing device to:
-
generate a constrained password by executing a cryptographic one-way-transformation algorithm on a general password of a user account, the general password being associated with a full set of access rights to resources associated with the user account, the execution of the cryptographic one-way-transformation algorithm providing an output that includes the constrained password, the constrained password being based on a constraint defining a subset of the full set of access rights associated with the user account; and send an authentication request that includes the constrained password to another computing device configured to use the authentication request to access a resource based on the subset of access rights. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
memory and one or more processors configured to utilize instructions in the memory to implement an authentication request module, the authentication request module configured to; receive an authentication request comprising; a user identifier (ID) associated with a user account; and a constrained password that is based on one or more constraints that define a subset of a full set of access rights associated with the user account; and perform a cryptographic algorithm on at least the user ID to generate a new constrained password; and compare the new constrained password to the constrained password received in the authentication request to determine a match; and responsive to determining that the constrained password is valid based on the match, granting the subset of access rights. - View Dependent Claims (14, 15, 16, 17)
-
18. A computing device comprising:
one or more computer-readable storage memories comprising instructions that, responsive to execution by the computing device, cause the computing device to; execute a one-way-transformation algorithm on data associated with a general password of a user account, the data comprising a product of a cryptographic algorithm on the general password, the general password being associated with a full set of access rights to resources associated with the user account, the execution of the one-way-transformation algorithm providing an output that includes a constrained password, the constrained password being based on one or more constraints that define a subset of the full set of access rights associated with the user account; and send an authentication request that includes the constrained password to another computing device configured to use the authentication request to access a resource based on the subset of access rights. - View Dependent Claims (19, 20)
Specification