What technology area does this patent fall under?

Primary CPC classification H04L63/083. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Shared access with account restriction and promotion utilizing virtual accounts

US9300671B1 · US · B1

Patent metadata
Field	Value
Publication number	US-9300671-B1
Application number	US-201314143403-A
Country	US
Kind code	B1
Filing date	Dec 30, 2013
Priority date	Dec 30, 2013
Publication date	Mar 29, 2016
Grant date	Mar 29, 2016

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A restricted account may be created responsive to a successful login by a user for a shared account. The restricted account may have fewer access privileges to resources of the computer system than the shared account. The user may have access to the operating system through the restricted account rather than the shared account. The user is prompted for higher authentication information responsive to a request by the user to promote the restricted account to a higher authentication account during the session. The restricted account is promoted to the higher authentication account during the session. The higher authentication account has greater access privileges to resources of the computer system than the restricted account.

First claim

Opening claim text (preview).

What is claimed is: 1. A method, comprising: responsive to a successful login by a user for a shared account on an operating system of a computer system during a session on the operating system of the computer system, performing operations comprising: intercepting the successful login by the user for the shared account prior to control of the session on the operating system corresponding to the successful login for the shared account being returned to the user; creating, by the computer system during the interception of the successful login by the user for the shared account, a restricted account having fewer access privileges to resources of the computer system during the session on the operating system than the shared account, wherein the restricted account is a virtual account on the operating system for the user different from an identity of the user on the operating system for the session on the operating system, and wherein creating the restricted account comprises changing an identity of the user in a session identity store on the operating system from the shared account to the restricted account without changing the identity of the user on the operating system for the session on the operating system; returning control of the session on the operating system corresponding to the successful login for the shared account to the user; and restricting access of the user during the session on the operating system to the fewer access privileges of the restricted account to the resources of the computer system; responsive to a request by the user to promote the restricted account to a higher authentication account during the session on the operating system, prompting the user for higher authentication information; and responsive to a successful validation of the higher authentication information, promoting the restricted account to the higher authentication account during the session on the operating system, wherein the higher authentication account has greater access privileges to resources of the computer system than the restricted account. 2. The method of claim 1 , wherein promoting the restricted account to the higher authentication account comprises: changing the identity of the user in the session identity store from the restricted account to the higher authentication account. 3. The method of claim 1 , wherein the shared account has administrative access privileges to resources of the computer system during the session on the operating system, comprising read, write, modify and execute file access privileges. 4. The method of claim 3 , wherein the restricted account comprises read and execute file access privileges and not write and modify file access privileges during the session. 5. The method of claim 4 , wherein the higher authentication account comprises read, execute, write and modify file access privileges. 6. The method of claim 1 , wherein the higher authentication account has a different level of access privileges to resources of the computer system than the shared account. 7. The method of claim 1 , further comprising: tracking activity of the user through the higher authentication account. 8. A system, comprising: a processor; and a memory coupled to the processor and comprising computer readable program code embodied in the memory that when executed by the processor causes the processor to perform operations comprising: responsive to a successful login by a user for a shared account on an operating system of a computer system during a session on the operating system of the computer system, performing operations comprising: intercepting the successful login by the user for the shared account prior to control of the session on the operating system corresponding to the successful login for the shared account being returned to the user; creating, during the interception of the successful login by the user for the shared account, a restricted account having fewer access privileges to resources of the computer system during the session on the operating system than the shared account, wherein the restricted account is a virtual account on the operating system for the user different from an identity of the user on the operating system for the session on the operating system, and wherein creating the restricted account comprises changing an identity of the user in a session identity store on the operating system from the shared account to the restricted account without changing the identity of the user on the operating system for the session on the operating system; returning control of the session on the operating system corresponding to the successful login for the shared account to the user; and restricting access of the user during the session on the operating system to the fewer access privileges of the restricted account to the resources of the computer system; responsive to a request by the user to promote the restricted account to a higher authentication account during the session on the operating system, prompting the user for higher authentication information; and responsive to a successful validation of the higher authentication information, promoting the restricted account to the higher authentication account during the session on the operating system, wherein the higher authentication account has greater access privileges to resources of the computer system than the restricted account. 9. The system of claim 8 , wherein the operations further comprise: changing the identity of the user in the session identity store from the restricted account to the higher authentication account. 10. The system of claim 8 , wherein the shared account has administrative access privileges to resources of the computer system during the session on the operating system, comprising read, write, modify and execute file access privileges. 11. The system of claim 10 , wherein the restricted account comprises read and execute file access privileges and not write and modify file access privileges during the session. 12. The system of claim 11 , wherein the higher authentication account comprises read, execute, write and modify file access privileges. 13. The system of claim 8 , wherein the higher authentication account has a different level of access privileges to resources of the computer system than the shared account. 14. A computer program product, comprising: a non-transitory computer readable storage medium having computer readable program code embodied in the non-transitory computer readable storage medium that when executed by a processor causes the processor to perform operations comprising: responsive to a successful login by a user for a shared account on an operating system of a computer system during a session on the operating system of the computer system, performing operations comprising: intercepting the successful login by the user for the shared account prior to control of the session on the operating system corresponding to the successful login for the shared account being returned to the user; creating, during the interception of the successful login by the user for the shared account, a restricted account having fewer access privileges to resources of the computer system during the session on the operating system than the shared account, wherein the restricted account is a virtual account on the operating system for the user different from an identity of the user on the operating system for the session on the operating system, and wherein creating the restricted account comprises changing an identity of the user in a session identity store on the operating system from the shared account to

Assignees

Ca Inc

Inventors

Classifications

H04L63/08
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
H04L63/083Primary
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
H04L63/10Primary
for controlling access to devices or network resources · CPC title
G06F21/604
Tools and structures for managing or administering access control systems · CPC title

Patent family

Related publications grouped by family.

View patent family 55537631

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9300671B1 cover?: A restricted account may be created responsive to a successful login by a user for a shared account. The restricted account may have fewer access privileges to resources of the computer system than the shared account. The user may have access to the operating system through the restricted account rather than the shared account. The user is prompted for higher authentication information responsi…
Who is the assignee on this patent?: Ca Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/083. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).