System for controlling access to a plurality of target systems and applications
First Claim
1. A system for controlling access to one or more of a plurality of target systems and/or applications, the system comprising:
- an input/output (IO) subsystem configured to receive profile data that defines one or more features associated with a target individual from a first user management system, and to communicate instructions to one or more target systems to facilitate access to the one or more target systems/applications by the target individual;
a storage device that includes a plurality of rules, at least some of the rules arranged in one or more sets of rules, each set of rules being associated with an entitlement of the profile data, each entitlement being indicative of target system/application access, wherein each rule within a set relates a combination of one or more features of the profile data with a confidence value, the confidence value indicative of a ratio of a number of the rules arranged within the one or more sets associated with the entitlement to a total number of the plurality of rules having the combination of the one or more features;
a processor in communication with the IO subsystem and the storage device; and
non-transitory computer readable media in communication with the processor that stores instruction code which, when executed by the processor, causes the processor to;
control the IO subsystem to receive the profile data associated with a target individual;
generate, based on the profile data and the one or more sets of rules, a listing that includes one or more entitlements associated with the target individual, and confidence values associated with the one or more entitlements, each confidence value indicative of whether the target individual should be granted a corresponding entitlement; and
for each entitlement having a corresponding confidence value higher than a predetermined threshold, control the IO subsystem to communicate an instruction to a target system associated with the entitlement to allow the target individual access to the target system.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for controlling access to one or more of a plurality of target systems includes receiving profile data that defines one or more features associated with a plurality of individuals with one or more entitlements of those individuals. Each entitlement is indicative of target system access. The method further includes generating a model that includes one or more sets of rules where each set of rules is associated with an entitlement of the profile data. Each entitlement is indicative of target system/application access. Each rule within a set relates a combination of one or more features of the profile data with a confidence value. Profile data that defines one or more features associated with a target individual is received from a first user management system. A listing that includes one or more entitlements associated with the target individual, and confidence values associated with the one or more entitlements is generated based on the profile data and the rules. Each confidence value is indicative of whether the target individual should be granted a corresponding entitlement. For each entitlement having a corresponding confidence value higher than a predetermined threshold, an instruction is communicated to a target system associated with the entitlement to allow the target individual access to the target system.
14 Citations
20 Claims
-
1. A system for controlling access to one or more of a plurality of target systems and/or applications, the system comprising:
-
an input/output (IO) subsystem configured to receive profile data that defines one or more features associated with a target individual from a first user management system, and to communicate instructions to one or more target systems to facilitate access to the one or more target systems/applications by the target individual; a storage device that includes a plurality of rules, at least some of the rules arranged in one or more sets of rules, each set of rules being associated with an entitlement of the profile data, each entitlement being indicative of target system/application access, wherein each rule within a set relates a combination of one or more features of the profile data with a confidence value, the confidence value indicative of a ratio of a number of the rules arranged within the one or more sets associated with the entitlement to a total number of the plurality of rules having the combination of the one or more features; a processor in communication with the IO subsystem and the storage device; and
non-transitory computer readable media in communication with the processor that stores instruction code which, when executed by the processor, causes the processor to;
control the IO subsystem to receive the profile data associated with a target individual;generate, based on the profile data and the one or more sets of rules, a listing that includes one or more entitlements associated with the target individual, and confidence values associated with the one or more entitlements, each confidence value indicative of whether the target individual should be granted a corresponding entitlement; and for each entitlement having a corresponding confidence value higher than a predetermined threshold, control the IO subsystem to communicate an instruction to a target system associated with the entitlement to allow the target individual access to the target system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for controlling access to one or more of a plurality of target systems, the method comprising:
-
receiving profile data that defines one or more features associated with a plurality of individuals with one or more entitlements of those individuals, each entitlement indicative of target system access; generating one or more sets of rules, each set of rules being associated with an entitlement of the profile data, each entitlement being indicative of target system/application access, wherein each rule within a set relates a combination of one or more features of the profile data with a confidence value, the confidence value indicative of a ratio of a number of the rules arranged within the one or more sets associated with the entitlement to a total number of the plurality of rules having the combination of the one or more features; receiving profile data that defines one or more features associated with a target individual from a first user management system; generating, based on the profile data and the one or more sets of rules, a listing that includes one or more entitlements associated with the target individual, and confidence values associated with the one or more entitlements, each confidence value indicative of whether the target individual should be granted a corresponding entitlement; and for each entitlement having a corresponding confidence value higher than a predetermined threshold, communicating an instruction to a target system associated with the entitlement to allow the target individual access to the target system. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. Non-transitory computer readable media that stores instruction code for controlling access to one or more of a plurality of target systems, the instruction code being executable by a machine for causing the machine to perform acts comprising:
- receiving profile data that defines one or more features associated with a plurality of individuals with one or more entitlements of those individuals, each entitlement indicative of target system access;
generating one or more sets of rules, each set of rules being associated with an entitlement of the profile data, each entitlement being indicative of target system/application access, wherein each rule within a set relates a combination of one or more features of the profile data with a confidence value, the confidence value indicative of a ratio of a number of the rules arranged within the one or more sets associated with the entitlement to a total number of the plurality of rules having the combination of the one or more features;
receiving profile data that defines one or more features associated with a target individual from a first user management system;
generate, based on the profile data and the one or more sets of rules, a listing that includes one or more entitlements associated with the target individual, and confidence values associated with the one or more entitlements, each confidence value indicative of whether the target individual should be granted a corresponding entitlement; and
for each entitlement having a corresponding confidence value higher than a predetermined threshold, communicating an instruction to a target system associated with the entitlement to allow the target individual access to the target system. - View Dependent Claims (18, 19, 20)
- receiving profile data that defines one or more features associated with a plurality of individuals with one or more entitlements of those individuals, each entitlement indicative of target system access;
Specification