System and method to protect a resource using an active avatar

US 10,229,280 B2
Filed: 06/14/2011
Issued: 03/12/2019
Est. Priority Date: 06/14/2011
Status: Active Grant

First Claim

Patent Images

1. A method for protecting a data source in a physical computing environment, the data source associated with an owner, comprising:

associating an avatar with the data source, the avatar having an aggregate set of access rights and privileges in the physical computing environment created by combining into a composite set actual access rights and privileges that a set of entities possess with respect to the data source in the physical computing environment, the avatar being an actual human-like presence in the physical computing environment with actual access rights and privileges with respect to the data source and defined by a non-human user identifier;

associating one or more actions to be performed by the avatar upon occurrence of an actionable event with respect to the data source;

on behalf of the owner, and in the physical computing environment, using the avatar to monitor the data source in the physical computing environment against a set of permissible events associated with the data source, wherein monitoring of the data source is enabled by the avatar'"'"'s actual presence in the physical computing environment; and

upon determination of an actionable event, the avatar initiating an action with respect to the data source in the physical computing environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data source owner in a computing system protects that source via a “virtual” or surrogate entity or “avatar.” The entity is an object whose presence in the system is human-like, and it is given the specific task of protecting the data source for the owner. The avatar is associated with (or defined by) a non-human userid that has the same accesses and privileges of all (or defined) users, user groups and other resources that have access to the data source to be protected. During an initial setup, one or more actions to be performed by the non-human userid upon an occurrence of an actionable event with respect to the data source are specified, and a “baseline” associated with the data source is determined. Following setup, a monitor process is executed under the non-human userid, and this process records one or more accesses to the data source. Periodically, or upon a given occurrence, the monitor process spawns one or more ancillary processes to determine whether an actionable event has been triggered. If the avatar'"'"'s monitoring efforts indicate an actionable event (such as an access violation), an action as defined in an action matrix is taken. The action typically includes reporting to the data source owner and, optionally, a security administrator, and restricting access to the data source.

Citations

23 Claims

1. A method for protecting a data source in a physical computing environment, the data source associated with an owner, comprising:
- associating an avatar with the data source, the avatar having an aggregate set of access rights and privileges in the physical computing environment created by combining into a composite set actual access rights and privileges that a set of entities possess with respect to the data source in the physical computing environment, the avatar being an actual human-like presence in the physical computing environment with actual access rights and privileges with respect to the data source and defined by a non-human user identifier;
  
  associating one or more actions to be performed by the avatar upon occurrence of an actionable event with respect to the data source;
  
  on behalf of the owner, and in the physical computing environment, using the avatar to monitor the data source in the physical computing environment against a set of permissible events associated with the data source, wherein monitoring of the data source is enabled by the avatar'"'"'s actual presence in the physical computing environment; and
  
  upon determination of an actionable event, the avatar initiating an action with respect to the data source in the physical computing environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as described in claim 1 wherein the set of entities comprise one of:
    - permitted users, permitted groups of users, permitted other resources, and combinations thereof.
  - 3. The method as described in claim 1 wherein the action initiated by the avatar is one of:
    - issuing a notification to the owner of the data source, issuing a notification to an administrator, and combinations thereof.
  - 4. The method as described in claim 1 wherein the one or more actions are specified in an action matrix, wherein an action matrix is specified for the avatar associated with the data source.
  - 5. The method as described in claim 1 wherein the avatar operates autonomously with respect to a centralized security function.
  - 6. The method as described in claim 1 further including the avatar restricting access to the data source when the actionable event indicates that the data source is at risk.
  - 7. The method as described in claim 1 wherein the actionable event is a compound event formed by correlating multiple actionable events.
  - 8. The method as described in claim 1 wherein using the avatar to monitor the data source includes the avatar spawning a process to search for a partial or full copy of the data source being protected in another location in the physical computing environment, wherein locating such a copy constitutes the actionable event.

9. Apparatus, comprising:
- a processor;
  
  computer memory holding computer program instructions that when executed by the processor perform a set of operations to protect a data source in a physical computing environment, the data source associated with an owner, the operations comprising;
  
  associating an avatar with the data source, the avatar having an aggregate set of access rights and privileges in the physical computing environment created by combining into a composite set actual access rights and privileges that a set of entities possess with respect to the data source in the physical computing environment, the avatar being an actual human-like presence in the physical computing environment with actual access rights and privileges with respect to the data source and defined by a non-human user identifier;
  
  associating one or more actions to be performed by the avatar upon occurrence of an actionable event with respect to the data source;
  
  on behalf of the owner, and in the physical computing environment, using the avatar to monitor the data source in the physical computing environment against a set of permissible events associated with the data source, wherein monitoring of the data source is enabled by the avatar'"'"'s actual presence in the physical computing environment; and
  
  upon determination of an actionable event, the avatar initiating an action with respect to the data source in the physical computing environment.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The apparatus as described in claim 9 wherein the set of entities comprise one of:
    - permitted users, permitted groups of users, permitted other resources, and combinations thereof.
  - 11. The apparatus as described in claim 9 wherein the action initiated by the avatar is one of:
    - issuing a notification to the owner of the data source, issuing a notification to an administrator, and combinations thereof.
  - 12. The apparatus as described in claim 9 wherein the one or more actions are specified in an action matrix, wherein an action matrix is specified for the avatar associated with the data source.
  - 13. The apparatus as described in claim 9 wherein the avatar operates autonomously with respect to a centralized security function.
  - 14. The apparatus as described in claim 9 wherein the operations further include the avatar restricting access to the data source when the actionable event indicates that the data source is at risk.
  - 15. The apparatus as described in claim 9 wherein using the avatar to monitor the data source includes the avatar spawning a process to search for a partial or full copy of the data source being protected in another location in the physical computing environment, wherein locating such a copy constitutes the actionable event.

16. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a set of operations to protect a data source in a physical computing environment, the operations comprising:
- associating an avatar with the data source, the avatar having an aggregate set of access rights and privileges in the physical computing environment created by combining into a composite set actual access rights and privileges that a set of entities possess with respect to the data source in the physical computing environment, the avatar being an actual human-like presence in the physical computing environment with actual access rights and privileges with respect to the data source and defined by a non-human user identifier;
  
  associating one or more actions to be performed by the avatar upon occurrence of an actionable event with respect to the data source;
  
  on behalf of the owner, and in the physical computing environment, using the avatar to monitor the data source in the physical computing environment against a set of permissible events associated with the data source, wherein monitoring of the data source is enabled by the avatar'"'"'s actual presence in the physical computing environment; and
  
  upon determination of an actionable event, the avatar initiating an action with respect to the data source in the physical computing environment.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The computer program product as described in claim 16 wherein the set of entities comprise one of:
    - permitted users, permitted groups of users, permitted other resources, and combinations thereof.
  - 18. The computer program product as described in claim 16 wherein the action initiated by the avatar is one of:
    - issuing a notification to the owner of the data source, issuing a notification to an administrator, and combinations thereof.
  - 19. The computer program product as described in claim 16 wherein the one or more actions are specified in an action matrix, wherein an action matrix is specified for the avatar associated with the data source.
  - 20. The computer program product as described in claim 16 wherein the avatar operates autonomously with respect to a centralized security function.
  - 21. The computer program product as described in claim 16 wherein the operations further include the avatar restricting access to the data source when the actionable event indicates that the data source is at risk.
  - 22. The computer program product as described in claim 16 wherein using the avatar to monitor the data source includes the avatar spawning a process to search for a partial or full copy of the data source being protected in another location in the physical computing environment, wherein locating such a copy constitutes the actionable event.

23. A security server operative in a multi-component physical computing system that includes a mainframe operating system, comprising:
- a processor;
  
  computer memory holding computer program instructions executed by the processor to protect a data source in the physical computing system according to the following operations;
  
  receiving a request to create a non-human userid associated with the data source, the non-human userid having an aggregate set of access rights and privileges in the physical computing system created by combining into a composite set actual access rights and privileges that a set of entities possess with respect to the data source in the physical computing system, the non-human userid being an actual human-like presence in the physical computing system with actual access rights and privileges with respect to the data source;
  
  associating one or more actions to be performed by the avatar upon occurrence of an actionable event with respect to the data source;
  
  generating a baseline of permissible events associated with the data source;
  
  on behalf of an owner of the data source, and in the physical computing system, using an avatar to monitor the data source in the physical computing system against the baseline, wherein monitoring of the data source is enabled by the non-human userid'"'"'s actual presence in the physical computing environment; and
  
  upon determination of an actionable event, the avatar initiating an action with respect to the data source in the physical computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
McCormack, Robert John
Primary Examiner(s)
Parsons, Theodore C

Application Number

US13/159,963
Publication Number

US 20120324591A1
Time in Patent Office

2,828 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

System and method to protect a resource using an active avatar

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to protect a resource using an active avatar

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links