Access management in an off-premise environment
First Claim
1. A system that facilitates data management, the system comprising:
- an interface component that receives a data request for data from a user;
a data auditing component that;
performs analysis of the data to determine at least one of a content, a type or a context of the data;
establishes an identity of the user;
automatically creates an access control list (ACL) based on at least one of the content, the type or the context of the data and the identity of the user;
selectively renders data in response to the data request as a function of the ACL;
establishes one or more identities of an owner of the data; and
maps the data to the one or more identities;
a sensor component to facilitate establishment of the identity of the user, wherein the sensor component is configured to gather information comprising;
a role of the user;
a location of the user; and
an organizational affiliation of the user; and
a machine learning and reasoning component to automatically establish a policy related to the data, the policy is employed to establish the ACL, the machine learning and reasoning component is trained using a data log, the data log includes user identities and information relating to access patterns pertaining to user access of data.
2 Assignments
0 Petitions
Accused Products
Abstract
A system that can assist users to manage a personal active directory for all of their information maintained within a cloud-based environment is provided. The identity of a client that accesses data is monitored and recorded in a log. In turn, this information can be made available to the owner of the information in order to develop a desired access control list (ACL). Additionally, the system can employ a heuristic component that can automatically establish the ACL on the owner'"'"'s behalf. As well, the system can track how information is being accessed (or attempted to be accessed) by other people therefore, giving the owner of the information the opportunity to restrict or allow access based upon any number of recorded factors (e.g., identity, context).
188 Citations
19 Claims
-
1. A system that facilitates data management, the system comprising:
-
an interface component that receives a data request for data from a user; a data auditing component that; performs analysis of the data to determine at least one of a content, a type or a context of the data; establishes an identity of the user; automatically creates an access control list (ACL) based on at least one of the content, the type or the context of the data and the identity of the user; selectively renders data in response to the data request as a function of the ACL; establishes one or more identities of an owner of the data; and maps the data to the one or more identities; a sensor component to facilitate establishment of the identity of the user, wherein the sensor component is configured to gather information comprising; a role of the user; a location of the user; and an organizational affiliation of the user; and a machine learning and reasoning component to automatically establish a policy related to the data, the policy is employed to establish the ACL, the machine learning and reasoning component is trained using a data log, the data log includes user identities and information relating to access patterns pertaining to user access of data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented method of managing data, the computer-implemented method comprising:
-
analyzing data items to determine at least one of a content, a type or a purpose of the data items; receiving a request for access to a data item from a requestor; employing machine learning and machine reasoning using a data log the includes user identities and information relating to access patterns pertaining to user access of data to establish a policy related to the data; automatically creating an access control list (ACL) based at least on the analyzing and the employing machine learning and machine reasoning; establishing an identity of the requestor, wherein the establishing includes sensing aspects of the requestor, the aspects including; a role of the requestor; a location of the requestor; and an organizational affiliation of the requestor; searching the ACL for the data item; and granting or denying access to the data item based upon the identity in view of the ACL. - View Dependent Claims (16, 17)
-
-
18. A computer-readable storage device comprising instructions stored thereon that, when executed by a processor, perform acts that facilitate managing access to a plurality of data items, the acts including:
-
determining an access preference of an owner of a plurality of data items; generating an access control list (ACL) that controls access to a subset of the data items as a function of the access preference; monitoring access attempts and denials of the subset of data items; notifying the owner of unauthorized attempts to access at least one of the subset of data items; notifying the owner of an identity of a client or user that accesses or attempts access to at least one of the subset of data items; determining access patterns and denial patterns based on the monitoring; logging the access patterns and the denial patterns in a log; employing artificial intelligence (AI) and/or machine learning and reasoning (MLR) on the log and the subset of data items to infer at least one additional access preference of the owner; and updating the ACL based at least in part upon the at least one additional access preference. - View Dependent Claims (19)
-
Specification