摘要 |
In one example, a method for controlling access to data includes receiving, by an authenticator, a request from a user for access to a backup of data associated with a computing device. The authenticator then transmits a request that the user identify a shared secret that is unique to the computing device and that is known to the authenticator. When the user is a member of a permissible class of user, the shared secret is accessible by the user. The authenticator then receives a response from the user purporting to identify the shared secret, and the authenticator compares the shared secret identified in the response from the user with the known shared secret. When the shared secret identified in the user response matches the known shared secret, the authenticator grants user access to the backup. |
主权项 |
1. An access control method, comprising:
receiving, by an authenticator, a request from a user for access to a backup of data associated with a computing device; transmitting, from the authenticator to the user, a request that the user identify a shared secret that is unique to the computing device, wherein the shared secret is known to the authenticator, and wherein the shared secret is not known to the user at the time of the request from the authenticator but the shared secret is obtainable by the user when the user is a member of a permissible class of user, and wherein the shared secret is not obtainable by the user if the user is not a member of the permissible class of user; receiving, by the authenticator, a response from the user purporting to identify the shared secret; comparing, by the authenticator, the shared secret identified in the response from the user with the known shared secret; and granting, by the authenticator, user access to the backup when the shared secret identified in the user response matches the known shared secret. |