User permissions in computing systems

US 8,484,724 B2
Filed: 07/29/2010
Issued: 07/09/2013
Est. Priority Date: 07/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, at a permissions verification system, a plurality of records, the plurality of records comprising a first record that includes at least a user identifier and an associated first access level that indicates a level of access to a first mainframe system, and a second record that includes at least the user identifier and an associated second access level that indicates a level of access to a second mainframe system, wherein the first record is of a first format and the second record is of a second format, the second format differing from the first format;

determining, at the permissions verification system, that the first access level associated with the user identifier in the first record does not match the second access level associated with the user identifier in the second record, wherein determining that the first access level associated with the user identifier in the first record does not match the second access level associated with the user identifier in the second record comprises converting the first format of the first record and the second format of the second record to a common format; and

responsive to determining that the first access level does not match the second access level, providing a notification of an inconsistency between the first access level and the second access level.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of verifying accuracy of permission and access levels in a mainframe system are presented. The system and method may include receiving a plurality of records including a user identifier and an associated access level. The access level in the record may be matched (e.g., the access level on the stored record must be less than or equal to the access on the new system to “pass” the test) to the access level in a mainframe system. If the access levels match, the access level may be stored in the mainframe system. If the access levels do not match, the record may be flagged and correction of the inconsistency may be performed.

33 Citations

15 Claims

1. A method, comprising:
- receiving, at a permissions verification system, a plurality of records, the plurality of records comprising a first record that includes at least a user identifier and an associated first access level that indicates a level of access to a first mainframe system, and a second record that includes at least the user identifier and an associated second access level that indicates a level of access to a second mainframe system, wherein the first record is of a first format and the second record is of a second format, the second format differing from the first format;
  
  determining, at the permissions verification system, that the first access level associated with the user identifier in the first record does not match the second access level associated with the user identifier in the second record, wherein determining that the first access level associated with the user identifier in the first record does not match the second access level associated with the user identifier in the second record comprises converting the first format of the first record and the second format of the second record to a common format; and
  
  responsive to determining that the first access level does not match the second access level, providing a notification of an inconsistency between the first access level and the second access level.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein providing the notification of the inconsistency includes a request to correct the inconsistency.
  - 3. The method of claim 2, further including receiving a correction of the inconsistency and saving a corrected access level to the second mainframe system.
  - 4. The method of claim 1, wherein the first mainframe system includes a plurality of mainframe systems.
  - 5. The method of claim 1, wherein the plurality of records are collected over a predetermined period of time.
  - 6. The method of claim 1, wherein the plurality of records are received from a plurality of systems.

7. One or more non-transitory computer readable media storing computer readable instructions that, when executed, cause an apparatus to:
- receive a plurality of records, the plurality of records comprising a first record that includes at least a user identifier and an associated first access level that indicates a level of access to a first mainframe system, and a second record that includes at least the user identifier and an associated second access level that indicates a level of access to a second mainframe system, wherein the first record is of a first format and the second record is of a second format, the second format differing from the first format;
  
  determine that the first access level associated with the user identifier in the first record does not match the second access level associated with the user identifier in the second record by converting the first format of the first record and the second format of the second record to a common format; and
  
  responsive to determining that the first access level does not match the second access level, provide a notification of an inconsistency between the first access level and the second access level.
- View Dependent Claims (8, 9, 10)
- - 8. The one or more non-transitory computer readable media of claim 7, wherein providing the notification of the inconsistency includes a request to correct the inconsistency.
  - 9. The one or more non-transitory computer readable media of claim 8, further including instructions that, when executed, cause the apparatus to correct the inconsistency and save the corrected access level to the second mainframe system.
  - 10. The one or more non-transitory computer readable media of claim 7, wherein the plurality of records are collected over a predetermined period of time.

11. An apparatus comprising:
- a processor; and
  
  memory operatively coupled to the processor and storing computer readable instructions that, when executed, cause the apparatus to;
  
  receive a plurality of records, the plurality of records comprising a first record that includes at least a user identifier and an associated first access level that indicates a level of access to a first mainframe system, and a second record that includes at least the user identifier and an associated second access level that indicates a level of access to a second mainframe system, wherein the first record is of a first format and the second record if of a second format, the second format differing from the first format;
  
  determine that the first access level associated with the user identifier in the first record does not match the second access level associated with the user identifier in the second record by converting the first format of the first record and the second format of the second record to a common format; and
  
  responsive to determining that the first access level does not match the second access level, provide a notification of an inconsistency between the first access level and the second access level.
- View Dependent Claims (12, 13)
- - 12. The apparatus of claim 11, wherein providing the notification of the inconsistency includes a request to correct the inconsistency.
  - 13. The apparatus of claim 12, further including instructions that, when executed, cause the apparatus to correct the inconsistency and save the corrected access level to the second mainframe system.

14. A method, comprising:
- receiving, at a permissions verification system, a first user identifier;
  
  attempting a first login to a mainframe system, by the permissions verification system, including inputting the first user identifier and a default password, the default password being a password provided upon creation of the first user identifier, and the default password comprising one or more of a generic password assigned by the mainframe system to each user identifier upon creation and the user identifier;
  
  responsive to determining that the first login was successful, notifying a user associated with the first user identifier that the default password is associated with the first user identifier and does not meet a predetermined level of security;
  
  responsive to determining that the first login was unsuccessful, attempting a second login to the mainframe system including inputting a second user identifier and the default password; and
  
  responsive to determining that the second login was successful, notifying a user associated with the second user identifier that the default password is associated with the second user identifier and does not meet the predetermined level of security.
- View Dependent Claims (15)
- - 15. The method of claim 14, wherein notification of the user associated with the first user identifier includes a request to change the password associated with the first user identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Todd, Paul H.
Primary Examiner(s)
McNally, Michael S

Application Number

US12/845,881
Publication Number

US 20120030756A1
Time in Patent Office

1,076 Days
Field of Search

726/4, 726 21- 28
US Class Current

726/21
CPC Class Codes

G06F 21/46   by designing passwords or c...

G06F 21/604   Tools and structures for ma...

G06F 21/6236   between heterogeneous systems

User permissions in computing systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

User permissions in computing systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links