COMPUTERIZED MANAGEMENT OF GROUPING ACCESS RIGHTS

US 20080086473A1
Filed: 10/06/2006
Published: 04/10/2008
Est. Priority Date: 10/06/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving transaction activity;

analyzing the transaction activity by comparing actual utilization of one or more transactions in the transaction activity to a permitted list of transactions to determine a set of one or more transactions to be assigned to a grouping,assigning the set of one or more transactions to the grouping; and

assigning the grouping to one or more users.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus determine a set of transactions that may be assigned to a grouping within a computer system or application. The set of transactions may be analyzed and assigned on the basis of statistical analysis of the actual usage versus current authorizations. In addition, the set of transactions may be analyzed for policy conflicts. The assignment of transactions to groupings may further be determined according to the presence of policy conflicts. Additionally, groupings may be assigned to users based on organizational characteristics such as membership in a company, division, department, business unit, or vocation.

65 Citations

View as Search Results

21 Claims

1. A method comprising:
- receiving transaction activity;
  
  analyzing the transaction activity by comparing actual utilization of one or more transactions in the transaction activity to a permitted list of transactions to determine a set of one or more transactions to be assigned to a grouping,assigning the set of one or more transactions to the grouping; and
  
  assigning the grouping to one or more users.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, further comprising summarizing detailed activity within the transaction activity into one or more user profiles representing typical use.
  - 3. The method of claim 1, wherein assigning the set of one or more transactions to the grouping includes associating user identifications with the grouping.
  - 4. The method of claim 1, wherein one or more rules are applied to identify a set of users, wherein the set of users are organized according to an organization membership;
    - andfurther comprising assigning a subset of the set of users to a grouping according to the organization membership.
  - 5. The method of claim 4, wherein the organization membership includes a membership selected from the group consisting of:
    - company, division, business unit, department or job code.
  - 6. The method of claim 1, wherein the grouping includes an existing role or directory group.
  - 7. The method of claim 1, further comprising identifying one or more rules to be utilized for automatically assigning the grouping when provisioning a new user.
  - 8. The method of claim 1, wherein the grouping comprises a role or directory group.
  - 9. The method of claim 1, wherein the transaction activity includes activity selected from at least one of the group consisting of:
    - transaction activity related to the use of a computer application by a user, firewall activity, directory activity, access management activity, web server activity, network operating system activity, or operating system activity.
  - 10. The method of claim 9, wherein the computer application includes computer applications selected from the group consisting of Active Directory, RACF, ACF2, Access Manager, PeopleSoft, SAP, JD Edwards, Oracle, Great Plains, Lotus Notes, Baan, Siebel, Lawson or Ariba.
  - 11. The method of claim 1, wherein analyzing the transaction activity comprises performing a statistical analysis of transaction activity and permitted access rights.
  - 12. The method of claim 1, wherein analyzing the transaction activity and the permitted access rights includes one or more of:
    - performing a neural network analysis, group clustering analysis, iteration or the application of fuzzy logic related to the transaction activity.
  - 13. The method of claim 1, further comprising:
    - analyzing the assignment of the set of one or more transactions to a grouping for one or more corporate policy rules violations; and
      
      removing from the grouping at least one of the set of one or more transactions that violate the one or more corporate policy rules.
  - 14. The method of claim 13, wherein the corporate policy rules include one or more separation of duties rules.
  - 15. The method of claim 13, wherein the corporate policy rules conform to company directed compliance policies, legislated compliance laws or generally accepted accounting practices.
  - 16. The method of claim 15, wherein the legislated compliance law includes at least one of:
    - the Sarbanes-Oxley act of 2002, HIPAA or GLBA.
  - 17. The method of claim 7, further comprising providing a report file regarding the assignment of the set of one or more transactions to a grouping, a set of users qualifying for the assignment of the grouping and the rules to be used for automatically assigning the groupings when provisioning new users.
  - 18. The method of claim 17, further comprising uploading the report file to an application.
  - 19. The method of claim 1, wherein assigning the set of one or more transactions to the grouping modifies an existing grouping.

20. A computer-readable medium having computer executable instructions for causing one or more processors to perform a method, the method comprising:
- receiving transaction activity;
  
  analyzing the transaction activity by comparing actual utilization of one or more transactions in the transaction activity to a permitted list of transactions to determine a set of one or more transactions to be assigned to a grouping; and
  
  assigning the set of one or more transactions to the grouping.

21. A system comprising:
- A group data manager operable to receive a set of transaction activity representing actual access patterns and to produce a set of activity records for a set of users; and
  
  a group building engine operable to;
  
  receive a set of permitted activities,receive the set of activity records,receive a set of rules,analyze the set of activity records and the set of permitted activities to determine according to the set of rules a set of one or more transactions to be assigned to a grouping,assign the set of one or more transactions to the grouping, andassigning the grouping to one or more users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Prodigen LLC
Original Assignee
Prodigen LLC
Inventors
Obershaw, Michael, Searl, Kenneth

Application Number

US11/539,450
Publication Number

US 20080086473A1
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/604   Tools and structures for ma...

G06F 21/62   Protecting access to data v...

G06F 2221/2101   Auditing as a secondary aspect

COMPUTERIZED MANAGEMENT OF GROUPING ACCESS RIGHTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

65 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

COMPUTERIZED MANAGEMENT OF GROUPING ACCESS RIGHTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links