Compliance monitoring

US 8,086,635 B1
Filed: 06/20/2006
Issued: 12/27/2011
Est. Priority Date: 06/20/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A user interface device, comprising:

a memory to store;

user information related to a plurality of users of system resources associated with a particular system;

system information related to the system resources; and

policy information related to a plurality of policies specifying access privileges for particular ones of the users with respect to particular ones of the system resources; and

a plurality of input devices to;

receive input information, from an operator, related to performing batch processing of particular ones of the plurality of policies, without performing a review of the user information pertaining to each user, of a set of the plurality of users, and without performing a review of the system information pertaining to a particular system resource, where performing the batch processing includes;

revoking access privileges, for the particular system resource, of a first group of users, of the set of the plurality of users, where revoking the access privileges is based on determining that each of the first group of users is associated with access privileges for the particular system resource, and that each of the first group of users is associated with a login identification and/or a login password, associated with the particular system, but is not associated with any other type of identifying information,revoking access privileges, for the particular system resource, of a second group of users, of the set of the plurality of users, based on the second group of users, of the set of the plurality of users, being identified, for disassociation from the particular system, by a system manager associated with the set of the plurality of users,granting continued access privileges, for the particular system resource, for a third group of users, of the set of the plurality of users, based on existing access privileges, for the particular system resource, that are common to each user, of the third group of users, andrevoking, for each user, of a fourth group of users, of the set of the plurality of users, particular user privileges, associated with the particular system resource, based on the particular user privileges not being identifiable by the system manager.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A managed service may include a device configured to receive a request for access information and to send the access information to a reviewer based on the request. The managed service may receive input information from the reviewer, where the input information reflects changes to the access information and may update the access information based on the input information. The managed service may produce a report related to the updated access information, where the report is configured to reflect actions performed by the reviewer with respect to the access information and where the reviewer'"'"'s actions are related to a compliance policy.

Citations

21 Claims

1. A user interface device, comprising:
- a memory to store;
  
  user information related to a plurality of users of system resources associated with a particular system;
  
  system information related to the system resources; and
  
  policy information related to a plurality of policies specifying access privileges for particular ones of the users with respect to particular ones of the system resources; and
  
  a plurality of input devices to;
  
  receive input information, from an operator, related to performing batch processing of particular ones of the plurality of policies, without performing a review of the user information pertaining to each user, of a set of the plurality of users, and without performing a review of the system information pertaining to a particular system resource, where performing the batch processing includes;
  
  revoking access privileges, for the particular system resource, of a first group of users, of the set of the plurality of users, where revoking the access privileges is based on determining that each of the first group of users is associated with access privileges for the particular system resource, and that each of the first group of users is associated with a login identification and/or a login password, associated with the particular system, but is not associated with any other type of identifying information,revoking access privileges, for the particular system resource, of a second group of users, of the set of the plurality of users, based on the second group of users, of the set of the plurality of users, being identified, for disassociation from the particular system, by a system manager associated with the set of the plurality of users,granting continued access privileges, for the particular system resource, for a third group of users, of the set of the plurality of users, based on existing access privileges, for the particular system resource, that are common to each user, of the third group of users, andrevoking, for each user, of a fourth group of users, of the set of the plurality of users, particular user privileges, associated with the particular system resource, based on the particular user privileges not being identifiable by the system manager.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The user interface device of claim 1, where one of the input devices receives input information to delete the user information, the system information, or the policy information associated with one of the plurality of users.
  - 3. The user interface device of claim 1, where one of the input devices receives input information to revoke access privileges with respect to first group of users.
  - 4. The user interface device of claim 1, where one of the input devices receives input information to send a message to one of the plurality of users or to the system manager.
  - 5. The user interface device of claim 4, where a content of the message is related to the selected batch processing performed.
  - 6. The user interface device of claim 1, where one of the input devices receives input information indicating that the policy information associated with one of the plurality of users was reviewed with respect to at least one of the system resources and the corresponding access privilege.

7. A managed service, comprising:
- a device to;
  
  receive a request for access information corresponding to a plurality of system resources associated with a system,send the access information to a reviewer based on the request,display, via a user interface, a plurality of selectable batch processes with respect to the access information, where the selectable batch processes include;
  
  a first process to modify, based on a single input received from the reviewer, access information, associated with a first set of users,where each user, of the first set of users, is currently allowed to access a particular system resource, of the system,where each user, of the first set of users, is associated with a login identification and/or a login password, that is associated with user privileges for the particular system resource, andwhere the access information associated with the first set of users is modified based on a determination that each user, of the first set of users, is not associated with identifying information other than the login identification and/or the login password,a second process to modify, based on a single input received from the reviewer, access information, associated with a second set of users, where the access information associated with the second set of users is modified to prevent the second set of users from further accessing the system, and where modifying the access information associated with the second set of users is based on the second set of users being identified for disassociation from the system by a system manager associated with the second set of users,a third process to approve, based on a single input received from the reviewer, access information, associated with a third set of users, based on existing privileges that are common to each of the third set of users, anda fourth process to modify, based on a single input received from the reviewer, access information, associated with an individual user,receive input information from the reviewer selecting one or more of the batch processes,modify, based on performing the selected one or more batch processes, the access information, andproduce a report related to the modified access information.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The managed service of claim 7, where the access information includes user information, system information, and access level information, and where the reviewer selects the one or more batch processes based on one or more of the user information, the system information, or the access level information.
  - 9. The managed service of claim 7, where the device is further to:
    - generate, based on modifying the access information, a user email or a manager email based on a template, andsend the user email or the manager email to a recipient based on an instruction related to the reviewer.
  - 10. The managed service of claim 7, where the reviewer is associated with a customer that subscribes to a managed service provided by the managed service.
  - 11. The managed service of claim 7, where the device is further to:
    - send the report to an auditor that performs an audit on behalf of a customer associated with the plurality of system resources.
  - 12. The managed service of claim 7, where the device is further to:
    - send the report to an agency associated with a customer associated with the access information.

13. A method comprising:
- receiving, via a user interface, a request for at least one of user information, system information related to a particular system, or access level information related to a plurality of users of system resources, of the particular system, and corresponding user privileges associated with a particular system resource;
  
  displaying, via the user interface, a plurality of selectable batch processes with respect to the user privileges corresponding to the at least one of the user information, the system information, or the access level information, where the plurality of selectable batch processes include;
  
  a first process to revoke user privileges associated with a first set of users, of the plurality of users,where the user privileges associated with the first set of users allow the first set of users to access the particular system resource,where the first set of users are determined to be associated with a login identification and/or a login password, associated with the particular system, and not to be associated with any other identifying information for each of the first set of users, based on the at least one of the user information, the system information, or the access level information, andwhere the first process is performed without performing a review of the at least one of user information, the system information, or the access level information associated with each user, of the first set users,a second process to revoke user privileges associated with a second set of users, of the plurality of users, where the user privileges associated with the second set of users allow the second set of users to access the particular system, andwhere the second set of users are identified for disassociation from the particular system, by a system manager associated with the second set of users, without performing a review of the at least one of user information, the system information, or the access level information associated with each user, of the second set of users,a third process to grant continued user privileges associated with a third set of users, of the plurality of users, where granting the continued user privileges is based on existing privileges that are common to each user, of the third set of users, without performing a review of the at least one of user information, the system information, or the access level information associated with each user, of the third set of users, anda fourth process to deny user privileges associated with an individual user, of the plurality of users, where the user privileges, associated with the individual user, are denied based on not being able to identify one or more of the user privileges associated with the individual user, and without performing a review of the at least one of user information, the system information, or the access level information associated with the particular user;
  
  updating the at least one of the user information, the system information, or the access level information based on one or more of the batch processes selected by a reviewer; and
  
  generating a report based on the updating.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, further comprising:
    - receiving selection, of the one or more batch processes, from the reviewer via a radio button or a window in the user interface.
  - 15. The method of claim 13, further comprising:
    - generating, based on the updating, a message for a particular user related to the user information or for the system manager, where the message informs the particular user or the system manager that the system information or the access level information related to the particular user has been reviewed.
  - 16. The method of claim 15, further comprising:
    - performing the generating based on information received from the reviewer; and
      
      sending the message to the particular user or to the system manager on behalf of the reviewer.
  - 17. The method of claim 13, further comprising:
    - providing the report to an auditor associated with the particular system.

18. A system, comprising:
- a processor;
  
  a database module to;
  
  store user information, system information, and access level information for each of a plurality of users associated with the system, andstore updated user information, updated system information, or updated access level information based on a review performed on behalf of a subscriber associated with the system;
  
  an authorization module to;
  
  authorize a reviewer, on behalf of the subscriber, to perform the review;
  
  an interface module to;
  
  accept a request, from the authorized reviewer, related to retrieving the user information, the system information, or the access level information,display a plurality of selectable batch processes with respect to the retrieved user information, the retrieved system information, or the retrieved access level information via a browser, where the selectable batch processes include;
  
  a first process to modify, based on a single input received from the reviewer, access level information associated with a first set of users, of the plurality of users, each of the first set of users currently being allowed access to a particular resource of the system via an associated having a login identification and/or a login password associated with user privileges for the particular resource and where the first access level information associated with the first set of users is modified based on a determination that each of the first set of users is not associated with information to determine an identity of the respective user of the first set of users,a second process to modify, based on a single input received from the reviewer, access level information associated with a second set of users, of the plurality of users, identified for disassociation from the system, by a system manager associated with the second set,a third process to approve, based on a single input received from the reviewer, access level information associated with a third set of users, of the plurality of users, based on existing privileges that are common to each user of the third set of users, anda fourth process to modify, based on a single input received from the reviewer, access level information associated with an individual user, of the plurality of users,generate the updated system information or the updated access level information based on one or more of the selectable batch processes selected by the reviewer during the review,provide the updated system information or the updated access information to the database module, andgenerate a report on behalf of the subscriber.
- View Dependent Claims (19, 20, 21)
- - 19. The system of claim 18, further comprising:
    - an email module to;
      
      generate a message based on an instruction related to the updated user information, the updated system information, or the updated access information, where the message includes content that notifies a recipient regarding the review.
  - 20. The system of claim 18, where the authorization module is further to:
    - authorize an auditor to perform audit activity associated with the system.
  - 21. The system of claim 20, where the interface module makes the report available to the auditor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Business Global LLC (Verizon Communications Inc.)
Inventors
Rinker, James Howard
Primary Examiner(s)
Alam, Hosain
Assistant Examiner(s)
Oberly, Van

Application Number

US11/425,255
Time in Patent Office

2,016 Days
Field of Search

707/783
US Class Current

707/783
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/104   Grouping of entities

Compliance monitoring

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Compliance monitoring

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links