×

Vertically integrated access control system for identifying and remediating flagged combinations of capabilities resulting from user entitlements to computing resources

  • US 10,607,022 B2
  • Filed: 02/13/2018
  • Issued: 03/31/2020
  • Est. Priority Date: 02/13/2018
  • Status: Active Grant
First Claim
Patent Images

1. A computerized vertically integrated access control system for identifying and remediating flagged combinations of capabilities resulting from user entitlements to computing resources, comprising:

  • a computer processor;

    a memory;

    a network communication device; and

    an access control module stored in the memory, executable by the computer processor, and configured to perform the steps of;

    collecting information regarding a plurality of entity capabilities of an entity;

    storing, in a database, a plurality of entity capability data records, each entity capability data record corresponding to an entity capability of the plurality of entity capabilities;

    collecting information regarding a plurality of flagged combinations of entity capabilities;

    storing, in the database, a plurality of flagged combination data records, each flagged combination data record corresponding to a flagged combination of entity capabilities;

    collecting information regarding interfaces of an information system of the entity;

    collecting information regarding access control rules of the information system;

    collecting information regarding computing resources of the information system;

    storing, in the database, a plurality of data records corresponding to the interfaces, access control rules, and computing resources of the information system;

    for each entity capability, linking in the database said entity capability to each interface that implements said entity capability;

    for each interface, linking in the database said interface to each access control rule for accessing said interface;

    for each computing resource, linking in the database said computing resource to each access control rule for accessing said computing resource;

    for each interface, linking in the database said interface to each computing resource accessed by said interface;

    identifying entitlements of a first user within the information system;

    based on the entitlements of the first user, identifying access control rules assigned to the first user;

    identifying entity capabilities of the first user by identifying entity capabilities linked in the database to the access control rules assigned to the first user;

    comparing the entity capabilities of the first user to the plurality of flagged combinations of entity capabilities;

    in response to comparing the entity capabilities of the first user to the plurality of flagged combinations of entity capabilities, determining that the entity capabilities of the first user comprise a first flagged combination of entity capabilities;

    in response to determining that the entity capabilities of the first user comprise the first flagged combination of entity capabilities, performing an information security action to remediate the first flagged combination of entity capabilities.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×