1. Technical Field of the Invention
The present technique relates in general to a method and a system for authorizing an authenticated user to access in a service of higher trust level and performs the desirable actions, and more particularly a method and a system for attaining a higher trust level on the basis of passwords provided to the users and enabling access in the service to perform the desirable actions thereon.
2. Description of the Related Arts
In an environment of multiple users in a computerized system, say in an organization, security to access in a system and perform desired action thereon has always been a foremost concern. The requested user is authenticated by comparing the user's credentials e.g., ID, password etc. stored in the database of the system of the organization. Every authenticated user is authorized to execute the authorized tasks. Since an organization has plenty of data and the relevant actions to perform thereon, it is desirable to control who has what kind of access to what kind of data to perform what kind of actions. Usually, the accessibility of the type of data is controlled by providing a minimum threshold value to the type of data. If the credentials provided by the authenticated user comprises equivalent to or more value than the assigned threshold value of the type of the data, access to the data is allowed otherwise the access to the data is denied.
Generally, a login ID and password is provided as a credential element where a password is a sequence of alphanumeric characters known only to an authenticated user that can be entered on a keyboard. Upon authentication after entering the credentials using keyboard, the user is authorized to perform predetermined certain actions.
However, under some circumstances, an authenticated user is desired to execute some tasks for which the access is not allowed to him. Various solutions have been provided to enable a user perform a task for which initial access is inhibited. One of the solutions is to provide additional PIN number to the user. To access such unauthorized data, the authenticated user is required to enter PIN number in the system, which in turns, enhance his overall credential values. Once the credential value exceeds the threshold value of data, the access is allowed otherwise access in denied. However, it requires a user to remember multiple objects i.e., password and PIN which may create the state of confusion and also there is more likelihood of forgetting any one the objects. In another solution, the user is provided a physical device which generates a number on initiation. When the user inputs generated information in the system, it enhances overall credibility value. Thereafter, if the credibility value exceeds threshold value of data, access is provided otherwise access is denied. However, there is always a possibility of missing device. In yet another solution, a messaging system is used where an authenticated user request the system to provide access to him. In response to it, the system validates the requester and sends a message to the mobile/mail/other system of the user where the message is embedded with information to access the requested service and method of use of it. However, in this technique, the accessibility to the requested services essentially depends on external sources i.e., mobile/mail system, speed of transfer of message and other related activities.
Therefore, a system and method is required where an authenticated user can be authorized to access a service and perform the desirable tasks for which he is not permitted to access and forbidden to execute the desirable tasks thereof.