System and method for implementing password driven roles, privacy and security entitlements
Publication Date: 2016-Jul-08
The IP.com Prior Art Database
This article provides a mechanism to advanced mechanisms of login service that caters for varying needs of security and privacy situations in modern desktop/laptop/server/mobile login systems. The Login service provides access like “limited permissions”, “granular access privileges”. It also provides “selective privacy methods” easily configurable to suite the risk of working environment. This is achieved by accepting additional code in login field of fixed length. This code is used to implement security and privacy rules on that system.
Page 01 of 6
System and method for implementing password driven roles , privacy and security entitlements
The system (server/laptop/desktop/mobile) will have a application that can be configured with custom security roles, custom security/privacy policies.
These roles and policies will be triggered based on code entered during login, and enforced.
Page 02 of 6
Disadvantages with existing system:-
◦ No mechanism to provide instant security/privacy modes as needed, while operating in high risk/average risk/public/private environment.
◦ No mechanism to switch between various security/privacy modes. ◦ No mechanisms to create dynamic roles with custom entitlements.
Advantages of proposed system:-
◦ Provides mechanism to block confidential/private/high security data in system when working in high risk environment.
◦ Easy to switch between various security/privacy modes.
◦ Easy to create new roles dynamically while sharing mobile or system.
Description of solution:
1. Architecture of application
In Figure-1, the architecture of the solution is explained. It consists of a application(A3) that runs in the system/mobile/laptop. The application interacts with the password management on the system. It provides ability to enter code along with password.
The application(A3) will configure various subsystems on the system(A5) like screens, hard disks, networks to interact when needed as per the code.
The application allows for roles, policies of security and privacy to be configured(A2). Each of these roles are associated with codes (like, 01, 02, etc or stringcodes like "home", "office" etc).
The policy and roles are stored in the system as table (A4).
When the user does login(A1), It intercepts the password being entered and extracts the code entered. Then the login is allowed to continue. In the background the roles/policies needed as per the code is applied to the frontend and filesystem, network systems and a session create...