Microsoft Corporation
Authentication state-based permission model for a file storage system

Abstract:

A system is provided for controlling access to data stored in a cloud-based storage service. A first request is received to access data stored at the cloud-based storage service, the data associated with a user account. The first request is authenticated based on a username and password associated with the user account. A second request is received for a file that is stored in an area associated with a heightened authentication protocol. The heightened authentication protocol is performed to authenticate the second request. In response to authenticating the second request, permission is granted to a temporary strong authentication state. The permission is to access the file that is stored in the area associated with the heightened authentication protocol. In response to a failure to authenticate the second request, access to the file that is stored in the area associated with the heightened authentication protocol is denied, while access to files stored in other areas associated with the user account is allowed.