Systems and methods to authenticate users and/or control access made by users on a computer network based on scanning elements for inspection according to changes made in a relation graph
First Claim
1. A controller for user authentication and access control, the controller comprising:
- at least one microprocessor;
a network interface controlled by the at least one microprocessor to communicate over a computer network with at least one computing site; and
memory coupled with the at least one microprocessor and storing;
graph data representing a graph having;
nodes representing data elements associated with accesses made using access tokens, including first nodes representing the access tokens and second nodes representing attributes of the accesses, andlinks among the nodes representing connections between the data elements identified in collected data about the accesses, including connects between the access tokens and the attributes of the accesses;
instructions which, when executed by the at least one microprocessor, cause the controller to process an access made using an access token based on changes to the graph caused by the access, including;
receive, from the computing site, input data specifying details of the access made using the access token;
update the graph according to the input data of the access made using the access token;
identify the changes in the graph resulting from updating the graph according to the input data of the access made using the access token;
identify, for each respective change among the changes resulting from the updating of the graph caused by the access made using the access token, a first set of elements corresponding to nodes in the graph that are up to a first predetermined number of degrees of separation from the respective change;
evaluate trustworthiness of first user identities corresponding to the first set of elements, wherein the trustworthiness of the first user identities is based on a trust score;
process the access made using the access token based on the trustworthiness of the first user identities corresponding to the first set of elements; and
in response to a determination that the trustworthiness of the first user identities does not meet a predetermined requirement;
identify a second set of elements corresponding to nodes in the graph that are up to a second predetermined number of degrees of separation from the respective change, wherein the second predetermined number of degrees of separation is larger than the first predetermined number of degrees of separation;
evaluate trustworthiness of second user identities corresponding to the second set of elements; and
process the access made using the access token based at least in part on the trustworthiness of the second user identities corresponding to the second set of elements.
6 Assignments
0 Petitions
Accused Products
Abstract
A controller for user authentication and access control, configured to: store data representing a graph having: nodes representing data elements associated with accesses made using an access token; and links among the nodes representing connections between the data elements identified in details of the accesses. In response to receiving details of an access made using the access token, the controller updates the graph according to the details and identifies changes in the graph resulting from update. For each of the changes, the controller identifies a set of elements in the graph that are up to a predetermined number of degrees of separate from the change and evaluates the trustworthiness of user identities corresponding to the set of elements identified for the change. Based on the trustworthiness, the controller authenticates the user of the access and/or controls the access.
148 Citations
17 Claims
-
1. A controller for user authentication and access control, the controller comprising:
-
at least one microprocessor; a network interface controlled by the at least one microprocessor to communicate over a computer network with at least one computing site; and memory coupled with the at least one microprocessor and storing; graph data representing a graph having; nodes representing data elements associated with accesses made using access tokens, including first nodes representing the access tokens and second nodes representing attributes of the accesses, and links among the nodes representing connections between the data elements identified in collected data about the accesses, including connects between the access tokens and the attributes of the accesses; instructions which, when executed by the at least one microprocessor, cause the controller to process an access made using an access token based on changes to the graph caused by the access, including; receive, from the computing site, input data specifying details of the access made using the access token; update the graph according to the input data of the access made using the access token; identify the changes in the graph resulting from updating the graph according to the input data of the access made using the access token; identify, for each respective change among the changes resulting from the updating of the graph caused by the access made using the access token, a first set of elements corresponding to nodes in the graph that are up to a first predetermined number of degrees of separation from the respective change; evaluate trustworthiness of first user identities corresponding to the first set of elements, wherein the trustworthiness of the first user identities is based on a trust score; process the access made using the access token based on the trustworthiness of the first user identities corresponding to the first set of elements; and in response to a determination that the trustworthiness of the first user identities does not meet a predetermined requirement; identify a second set of elements corresponding to nodes in the graph that are up to a second predetermined number of degrees of separation from the respective change, wherein the second predetermined number of degrees of separation is larger than the first predetermined number of degrees of separation; evaluate trustworthiness of second user identities corresponding to the second set of elements; and process the access made using the access token based at least in part on the trustworthiness of the second user identities corresponding to the second set of elements. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer storage medium storing instructions which when executed by a controller, cause the controller to perform a set of steps for user authentication and access control, the set of steps comprising:
-
storing, in the controller coupled to a network, graph data representing a graph having; nodes representing data elements associated with accesses made using access tokens, including first nodes representing the access tokens and second nodes representing attributes of the accesses, and links among the nodes representing connections between the data elements identified in collected data about the accesses, including connects between the access tokens and the attributes of the accesses; and processing an access made using an access token based on changes to the graph caused by the access, by at least; receiving, in the controller over the network from a computing site, input data specifying details of access made using access token; updating, by the controller, the graph according to the input data of the access made using the access token; identifying, by the controller, the changes in the graph resulting from updating the graph according to the input data of the access made using the access token; identifying, by the controller for each respective change among the changes resulting from the updating of the graph caused by the access made using the access token, a first set of elements corresponding to nodes in the graph that are up to a first predetermined number of degrees of separation from the respective change; evaluating, by the controller, trustworthiness of first user identities corresponding to the first set of elements, wherein the trustworthiness of the first user identities is based on a trust score; processing, by the controller, the access made using the access token based on the trustworthiness of the first user identities corresponding to the first set of elements; and in response to a determination that the trustworthiness of the first user identities does not meet a predetermined requirement; identifying a second set of elements corresponding to nodes in the graph that are up to a second predetermined number of degrees of separation from the respective change, wherein the second predetermined number of degrees of separation is larger than the first predetermined number of degrees of separation; evaluating trustworthiness of second user identities corresponding to the second set of elements; and processing the access made using the access token based at least in part on the trustworthiness of the second user identities corresponding to the second set of elements.
-
-
15. A method for user authentication and access control, the method comprising:
-
storing, in a controller coupled to a network, graph data representing a graph having; nodes representing data elements associated with accesses made using access tokens, including first nodes representing the access tokens and second nodes representing attributes of the accesses, and links among the nodes representing connections between the data elements identified in collected data about the accesses, including connects between the access tokens and the attributes of the accesses; and processing an access made using an access token based on changes to the graph caused by the access, by at least; receiving, in the controller over the network from a computing site, input data specifying details of the access made using the access token; updating, by the controller, the graph according to the input data of the access made using the access token; identifying, by the controller, the changes in the graph resulting from updating the graph according to the input data of the access made using the access token; identifying, by the controller for each respective change among the changes resulting from the updating of the graph caused by the access made using the access token, a first set of elements corresponding to nodes in the graph that are up to a first predetermined number of degrees of separation from the respective change; evaluating, by the controller, trustworthiness of first user identities corresponding to the first set of elements, wherein the trustworthiness of the first user identities is based on a trust score; processing, by the controller, the access made using the access token based on the trustworthiness of the first user identities corresponding to the first set of elements; making a determination by the controller that the trustworthiness of the first user identities does not meet a predetermined requirement; and in response to the determination; identifying, by the controller, a second set of elements corresponding to nodes in the graph that are up to a second predetermined number of degrees of separation from the respective change, wherein the second predetermined number of degrees of separation is larger than the first predetermined number of degrees of separation; evaluating trustworthiness of second user identities corresponding to the second set of elements; and processing the access made using the access token based at least in part on the trustworthiness of the second user identities corresponding to the second set of elements. - View Dependent Claims (16, 17)
-
Specification