METHOD AND SYSTEM FOR RESOURCE MANAGEMENT BASED ON ADAPTIVE RISK-BASED ACCESS CONTROLS

US 20130227712A1
Filed: 02/22/2013
Published: 08/29/2013
Est. Priority Date: 02/23/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method for management of resources, comprising:

accessing profiles of users;

computing first trust scores for the users;

receiving an access request from one of the users for access to a resource;

accessing a sensitivity score of the resource;

computing a confidence score for the requesting user;

computing a need-to-access score for the requesting user;

computing a second trust score for the requesting user; and

selectively granting the requesting user access to the requested resource, based on the second trust score.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer program products are provided for adaptively controlling access to resources, such as selectively granting a user'"'"'s request to access a confidential document. In one embodiment, the method may include making real-time access control decisions that respond promptly to changing organizational environments, thus reducing risks of the unauthorized use or access of resources. In addition, the method may include selectively granting a user'"'"'s request to access a resource based on dynamic risk factors including, for example, the user'"'"'s trust level, the sensitivity of the information resource requested, and the overall system status. Furthermore, the method may include adjusting those factors based on a change in conditions or organizational need.

89 Citations

View as Search Results

27 Claims

1. A method for management of resources, comprising:
- accessing profiles of users;
  
  computing first trust scores for the users;
  
  receiving an access request from one of the users for access to a resource;
  
  accessing a sensitivity score of the resource;
  
  computing a confidence score for the requesting user;
  
  computing a need-to-access score for the requesting user;
  
  computing a second trust score for the requesting user; and
  
  selectively granting the requesting user access to the requested resource, based on the second trust score.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein accessing profiles further comprises identifying credentials of the requesting user, and accessing at least one of historical logs or trust tokens.
  - 3. The method of claim 1, wherein computing first trust scores further comprises using user profiles to compute the first trust scores.
  - 4. The method of claim 1, wherein receiving an access request comprises receiving an access request from at least one of a human user or a computer system.
  - 5. The method of claim 1, wherein accessing a sensitivity score further comprises:
    - discovering the resource on the computer system;
      
      classifying the discovered resource;
      
      assigning a sensitivity score to the discovered resource; and
      
      outputting the sensitivity score.
  - 6. The method of claim 1, wherein computing a confidence score for the requesting user further comprises:
    - analyzing a historical log of the requesting user, the historical log comprising details of previous access requests of the requesting user for the requested resource and a status log of the system; and
      
      using the historical log to compute the confidence score of the requesting user.
  - 7. The method of claim 1, wherein computing the need-to-access score comprises analyzing resource sensitivity scores and user confidence scores.
  - 8. The method of claim 1, wherein computing a second trust score for the requesting user is based on:
    - the first trust score of the requesting user;
      
      the sensitivity score of the requested resource;
      
      the confidence score for the requesting user; and
      
      the need-to-access score for the requesting user.
  - 9. The method of claim 1, wherein selectively granting an access request of the user comprises:
    - adjusting a first trust score for the requesting user to generate the second trust score for the requesting user; and
      
      processing the access request based on the second trust score for the requesting user.

10. A computer-readable recording medium storing a computer-executable program which, when executed by a processor, performs a method for management of resources, comprising:
- accessing profiles of users;
  
  computing first trust scores for the users;
  
  receiving an access request from one of the users for access a resource;
  
  accessing a sensitivity score of the resource;
  
  computing a confidence score for the requesting user;
  
  computing a need-to-access score for the requesting user;
  
  computing a second trust score for the requesting user; and
  
  selectively granting the requesting user access to the requested resource, based on the second trust score.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer-readable recording medium of claim 10, wherein accessing profiles further comprises identifying credentials of the requesting user, and access at least one of historical logs or trust tokens
  - 12. The computer-readable recording medium of claim 10, wherein computing first trust scores further comprises using user profiles to compute the first trust scores.
  - 13. The computer-readable recording medium of claim 10, wherein receiving an access request further comprises receiving an access request from at least one of a human user or a computer system.
  - 14. The computer-readable recording medium of claim 10, wherein accessing a sensitivity score further comprises:
    - discovering the resource on the computer system;
      
      classifying the discovered resource;
      
      assigning a sensitivity score to the discovered resource; and
      
      outputting the sensitivity score.
  - 15. The computer-readable recording medium of claim 10, wherein computing a confidence score for the requesting user further comprises:
    - analyzing a historical log of the requesting user, the historical log comprising details of previous access requests of the requesting user for the requested resource and a status log of the system; and
      
      using the historical log to compute the confidence score of the requesting user.
  - 16. The computer-readable recording medium of claim 10, wherein computing the need-to-access score comprises analyzing resource sensitivity scores and user confidence scores.
  - 17. The computer-readable recording medium of claim 10, wherein computing a second trust score for the requesting user is based on:
    - the first trust score of the requesting user;
      
      the sensitivity score of the requested resource;
      
      the confidence score for the requesting user; and
      
      the need-to-access score for the requesting user.
  - 18. The computer-readable recording medium of claim 10, wherein selectively granting an access request of the user comprises:
    - adjusting a first trust score for the requesting user to generate the second trust score for the requesting user; and
      
      processing the access request based on the second trust score for the requesting user.

19. A system for management of resources, comprising:
- a memory to store data and instructions; and
  
  a processor configured to access the memory and when executing the instructions to;
  
  access profiles of users;
  
  compute first trust scores for the users;
  
  receive an access request from one of the users for access to a resource;
  
  access a sensitivity score of the resource;
  
  compute a confidence score for the requesting user;
  
  compute a need-to-access score for the requesting user;
  
  compute a second trust score for the requesting user; and
  
  selectively grant the requesting user access to the requested resource, based on the second trust score.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The system of claim 19, wherein when the processor is configured to access profiles, the processor is further configured to identify credentials of the requesting user, and access at least one of historical logs or trust tokens.
  - 21. The system of claim 19, wherein when the processor is configured to compute first trust scores the processor is further configured to use user profiles to compute the first trust scores.
  - 22. The system of claim 19, wherein when the processor is configured to receive an access request the processor is further configured to receive an access request from at least one of a human user or a computer system.
  - 23. The system of claim 19, wherein when the processor is configured to access a sensitivity score the processor is further configured to:
    - discover the resource on the computer system;
      
      classify the discovered resource;
      
      assign a sensitivity score to the discovered resource; and
      
      output the sensitivity score.
  - 24. The system of claim 19, wherein when the processor is configured to compute a confidence score for the requesting user the processor is further configured to:
    - analyze a historical log of the requesting users, the historical log comprising details of previous access requests of the requesting user for the requested resource and a status log of the system; and
      
      use the historical log to compute the confidence score of the requesting user.
  - 25. The system of claim 19, wherein the processor is configured to compute the need-to-access score the processor is configured to analyze resource sensitivity scores and user confidence scores.
  - 26. The system of claim 19, wherein the processor is configured to compute a second trust score for the requesting user the processor is further configured to use:
    - the first trust score of the requesting user;
      
      the sensitivity score of the requested resource;
      
      the confidence score for the requesting user; and
      
      the need-to-access score for the requesting user.
  - 27. The system of claim 19, wherein the processor is configured to selectively grant an access request of the user the processor is further configured to:
    - adjust a first trust score for the requesting user to generate the second trust score for the requesting user; and
      
      process the access request based on the second trust score for the requesting user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services Limited (Accenture PLC)
Original Assignee
Accenture Global Services Limited (Accenture PLC)
Inventors
Bhatti, Rafae, Salem, Malek Ben, Solderitsch, James

Application Number

US13/774,356
Publication Number

US 20130227712A1
Time in Patent Office

Days
Field of Search
US Class Current

726/30
CPC Class Codes

G06F 21/6218 to a system of files or obj...

METHOD AND SYSTEM FOR RESOURCE MANAGEMENT BASED ON ADAPTIVE RISK-BASED ACCESS CONTROLS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

89 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND SYSTEM FOR RESOURCE MANAGEMENT BASED ON ADAPTIVE RISK-BASED ACCESS CONTROLS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others