Adaptive model for database security and processing
First Claim
1. A computer-implemented method for adaptive access control of data objects, the method comprising:
- receiving, by a security system, input data from a first client device to provide authorization to a given entity to access a data object of a plurality of data objects in a software system, the authorization to access the data object associated with a geographical domain;
determining a current location of a second client device of the given entity based on a first set of sensor data received by the security system from the second client device;
determining, using a model of the security system, that the current location is within the geographical domain, the model including a set of expressions for determining authorizations of entities to access data objects based on common parameters describing the entities;
responsive to the determination that the current location is within the geographical domain;
automatically updating an authorization database record of the security system to authorize the given entity to access the data object,transmitting an indication of the updated authorization database record to one or more systems associated with the given entity;
determining an updated location of the second client device based on a second set of sensor data received by the security system from the second client device;
determining, using the model, that the updated location is outside of the geographical domain;
responsive to the determination that the updated location is outside of the geographical domain;
automatically updating the authorization database record to remove authorization for the given entity to access the data object, andtransmitting another indication of the updated authorization database record to the one or more systems associated with the given entity;
after updating the authorization database record to remove authorization for the given entity, determining a different location of the second client device based on a third set of sensor data received by the security system from the second client device; and
responsive to determining that the different location is within the geographical domain, automatically updating the authorization database record to authorize the given entity to access the data object.
2 Assignments
0 Petitions
Accused Products
Abstract
A security system determines authorizations for entities to access data objects. The security system may train an adaptive model to predict the intent of a user who provides authorization for various entities or other users. In an embodiment, the adaptive model may be configured to determine latent properties of training data by identifying common parameters between entities that are, or are not, permitted to access given data object(s). The training data may include previous authorizations provided to the entities. Based on the identified common parameters, the model may generate usage expressions for determining a likelihood that the user intends to provide authorization for a given entity to access the given data object. If the likelihood is greater than a threshold value, the security system may provide a recommendation to the user to provide the authorization for the given entity.
15 Citations
17 Claims
-
1. A computer-implemented method for adaptive access control of data objects, the method comprising:
-
receiving, by a security system, input data from a first client device to provide authorization to a given entity to access a data object of a plurality of data objects in a software system, the authorization to access the data object associated with a geographical domain; determining a current location of a second client device of the given entity based on a first set of sensor data received by the security system from the second client device; determining, using a model of the security system, that the current location is within the geographical domain, the model including a set of expressions for determining authorizations of entities to access data objects based on common parameters describing the entities; responsive to the determination that the current location is within the geographical domain; automatically updating an authorization database record of the security system to authorize the given entity to access the data object, transmitting an indication of the updated authorization database record to one or more systems associated with the given entity; determining an updated location of the second client device based on a second set of sensor data received by the security system from the second client device; determining, using the model, that the updated location is outside of the geographical domain; responsive to the determination that the updated location is outside of the geographical domain; automatically updating the authorization database record to remove authorization for the given entity to access the data object, and transmitting another indication of the updated authorization database record to the one or more systems associated with the given entity; after updating the authorization database record to remove authorization for the given entity, determining a different location of the second client device based on a third set of sensor data received by the security system from the second client device; and responsive to determining that the different location is within the geographical domain, automatically updating the authorization database record to authorize the given entity to access the data object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable storage medium storing instructions for adaptive access control of data objects by a security system, the instructions when executed by a processor causing the processor to:
-
receive input data from a first client device to provide authorization to a given entity to access a data object of a plurality of data objects in a software system, the authorization to access the data object associated with a geographical domain; determine a current location of a second client device of the given entity based on a first set of sensor data received by the security system from the second client device; determine, using a model of the security system, that the current location is within the geographical domain, the model including a set of expressions for determining authorizations of entities to access data objects based on common parameters describing the entities; responsive to the determination that the current location is within the geographical domain; automatically update an authorization database record of the security system to authorize the given entity to access the data object, transmit an indication of the updated authorization database record to one or more systems associated with the given entity; determine an updated location of the second client device based on a second set of sensor data received by the security system from the second client device; determine, using the model, that the updated location is outside of the geographical domain; responsive to the determination that the updated location is outside of the geographical domain; automatically update the authorization database record to remove authorization for the given entity to access the data object, and transmit another indication of the updated authorization database record to the one or more systems associated with the given entity; after updating the authorization database record to remove authorization for the given entity, determine a different location of the second client device based on a third set of sensor data received by the security system from the second client device; and responsive to determining that the different location is within the geographical domain, automatically update the authorization database record to authorize the given entity to access the data object. - View Dependent Claims (10, 11, 12)
-
-
13. A security system for adaptive access control of data objects, the security system comprising:
-
a processor; and a non-transitory computer-readable storage medium storing program instruction that, when executed by the processor, implement; a user interface engine configured to receive input data from a first client device to provide authorization to a given entity to access a data object of a plurality of data objects in a software system, the authorization associated with a geographical domain; and an authorization engine configured to; determine a current location of a second client device of the given entity based on a first set of sensor data received by the security system from the second client device; determine, using a model of the security system, that the current location is within the geographical domain, the model including a set of expressions for determining authorizations of entities to access data objects based on common parameters describing the entities; responsive to the determination that the current location is within the geographical domain; automatically update an authorization database record of the security system to authorize the given entity to access the data object, and transmit an indication of the updated authorization database record to one or more systems associated with the given entity; determine an updated location of the second client device based on a second set of sensor data received by the security system from the second client device; determine, using the model, that the updated location is outside of the geographical domain; responsive to the determination that the updated location is outside of the geographical domain; automatically update the authorization database record to remove authorization for the given entity to access the data object, and transmit another indication of the updated authorization database record to the one or more systems associated with the given entity; after updating the authorization database record to remove authorization for the given entity, determine a different location of the second client device based on a third set of sensor data received by the system from the second client device; and responsive to determining that the different location is within the geographical domain, automatically update the authorization database record to authorize the given entity to access the data object. - View Dependent Claims (14, 15, 16, 17)
-
Specification