Browse Prior Art Database

System and method for implementing password driven roles, privacy and security entitlements

IP.com Disclosure Number: IPCOM000246859D
Publication Date: 2016-Jul-08
Document File: 6 page(s) / 116K

Publishing Venue

The IP.com Prior Art Database

Abstract

This article provides a mechanism to advanced mechanisms of login service that caters for varying needs of security and privacy situations in modern desktop/laptop/server/mobile login systems. The Login service provides access like “limited permissions”, “granular access privileges”. It also provides “selective privacy methods” easily configurable to suite the risk of working environment. This is achieved by accepting additional code in login field of fixed length. This code is used to implement security and privacy rules on that system.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

Page 01 of 6

System and method for implementing password driven roles , privacy and security entitlements

Introduction

The system (server/laptop/desktop/mobile) will have a application that can be configured with custom security roles, custom security/privacy policies.

These roles and policies will be triggered based on code entered during login, and enforced.

The code entered during login could be a numbers or text (01,02, 03 or "office", "home", "bangalore", "usa"). Based on the code the application on the system will apply desired security policy, privacy policy, entitlements for roles.

1


Page 02 of 6

Disadvantages with existing system:-

◦ No mechanism to provide instant security/privacy modes as needed, while operating in high risk/average risk/public/private environment.

◦ No mechanism to switch between various security/privacy modes. ◦ No mechanisms to create dynamic roles with custom entitlements.

Advantages of proposed system:-

◦ Provides mechanism to block confidential/private/high security data in system when working in high risk environment.

◦ Easy to switch between various security/privacy modes.
◦ Easy to create new roles dynamically while sharing mobile or system.

Description of solution:


1. Architecture of application

In Figure-1, the architecture of the solution is explained. It consists of a application(A3) that runs in the system/mobile/laptop. The application interacts with the password management on the system. It provides ability to enter code along with password.

The application(A3) will configure various subsystems on the system(A5) like screens, hard disks, networks to interact when needed as per the code.

The application allows for roles, policies of security and privacy to be configured(A2). Each of these roles are associated with codes (like, 01, 02, etc or stringcodes like "home", "office" etc).

The policy and roles are stored in the system as table (A4).

When the user does login(A1), It intercepts the password being entered and extracts the code entered. Then the login is allowed to continue. In the background the roles/policies needed as per the code is applied to the frontend and filesystem, network systems and a session create...