Systems and methods of secure self-service access to content
First Claim
1. A method comprising, by a computer system:
- receiving a request from a user to access particular content;
determining a trust measure of the user, wherein the trust measure is based, at least in part, on an analysis of logged user-initiated communication events of the user on a plurality of communications platforms;
wherein the determining the trust measure comprises;
enumerating historical data loss prevention (DLP) policy violations by the user on the plurality of communications platforms;
determining a communication profile of the user based, at least in part, on the logged user-initiated communication events;
determining directory-services information for the user from a directory service; and
quantitatively evaluating a combination of the DLP policy violations, the communication profile, and the directory-services information via one or more rules, wherein the trust measure comprises a numerical result of the quantitatively evaluating;
accessing a self-service access policy applicable to the particular content;
ascertaining, from the self-service access policy, a trust threshold applicable to the particular content; and
responsive to a determination that the trust measure fails to satisfy the trust threshold, automatically denying access by the user to the particular content.
8 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a method is performed by a computer system. The method includes receiving a request from a user to access particular content. The method further includes determining a trust measure of the user, wherein the trust measure is based, at least in part, on an analysis of logged user-initiated communication events of the user on a plurality of communications platforms. In addition, the method includes accessing a self-service access policy applicable to the particular content. Further, the method includes ascertaining, from the self-service access policy, a trust threshold applicable to the particular content. Moreover, the method includes, responsive to a determination that the trust measure fails to satisfy the trust threshold, automatically denying access by the user to the particular content.
-
Citations
20 Claims
-
1. A method comprising, by a computer system:
-
receiving a request from a user to access particular content; determining a trust measure of the user, wherein the trust measure is based, at least in part, on an analysis of logged user-initiated communication events of the user on a plurality of communications platforms; wherein the determining the trust measure comprises; enumerating historical data loss prevention (DLP) policy violations by the user on the plurality of communications platforms; determining a communication profile of the user based, at least in part, on the logged user-initiated communication events; determining directory-services information for the user from a directory service; and quantitatively evaluating a combination of the DLP policy violations, the communication profile, and the directory-services information via one or more rules, wherein the trust measure comprises a numerical result of the quantitatively evaluating; accessing a self-service access policy applicable to the particular content; ascertaining, from the self-service access policy, a trust threshold applicable to the particular content; and responsive to a determination that the trust measure fails to satisfy the trust threshold, automatically denying access by the user to the particular content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An information handling system comprising at least one processor coupled to a memory, wherein the at least one processor is operable to implement a method comprising:
-
receiving a request from a user to access particular content; determining a trust measure of the user, wherein the trust measure is based, at least in part, on an analysis of logged user-initiated communication events of the user on a plurality of communications platforms; wherein the determining the trust measure comprises; enumerating historical data loss prevention (DLP) policy violations by the user on the plurality of communications platforms; determining a communication profile of the user based, at least in part, on the logged user-initiated communication events; determining directory-services information for the user from a directory service; and quantitatively evaluating a combination of the DLP policy violations, the communication profile, and the directory-services information via one or more rules, wherein the trust measure comprises a numerical result of the quantitatively evaluating; accessing a self-service access policy applicable to the particular content; ascertaining, from the self-service access policy, a trust threshold applicable to the particular content; and responsive to a determination that the trust measure fails to satisfy the trust threshold, automatically denying access by the user to the particular content. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer-program product comprising a non-transitory computer-usable medium having computer-readable program code embodied therein, the computer-readable program code adapted to be executed to implement a method comprising:
-
receiving a request from a user to access particular content; determining a trust measure of the user, wherein the trust measure is based, at least in part, on an analysis of logged user-initiated communication events of the user on a plurality of communications platforms; wherein the determining the trust measure comprises; enumerating historical data loss prevention (DLP) policy violations by the user on the plurality of communications platforms; determining a communication profile of the user based, at least in part, on the logged user-initiated communication events; determining directory-services information for the user from a directory service; and quantitatively evaluating a combination of the DLP policy violations, the communication profile, and the directory-services information via one or more rules, wherein the trust measure comprises a numerical result of the quantitatively evaluating; accessing a self-service access policy applicable to the particular content; ascertaining, from the self-service access policy, a trust threshold applicable to the particular content; and responsive to a determination that the trust measure fails to satisfy the trust threshold, automatically denying access by the user to the particular content.
-
Specification