Dynamic access policies
First Claim
Patent Images
1. A system for securely granting access to a target system to a user comprising:
- an interface configured to receive an access request;
a processor; and
a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when executed cause the processor to;
request a plurality of security policies from a plurality of distributed policy systems,wherein the plurality of distributed policy systems includes at least one of a change management system associated with planned events and a ticket system;
obtain the plurality of security policies from the plurality of distributed policy systems;
determine a temporary grant of access for the user, wherein the determining includes dynamically generating a temporary, multi-dimensional access policy for the user,wherein the multi-dimensional access policy is an aggregate of at least some of the plurality of security policies, and wherein the dynamically generated multi-dimensional access policy governs a set of network resources that the user is permitted to access and includes at least one of an authorized access time and an authorized access protocol;
implement the determined temporary grant of access for the user;
determine whether rules associated with the at least some of the plurality of security policies aggregated into the multi-dimensional access policy conflict with at least some of one another when applied in conjunction with implementing the determined temporary grant of access for the user; and
in the event that rules associated with the at least some of the plurality of security policies aggregated into the multi-dimensional access policy are determined to conflict with at least some of one another when applied in conjunction with implementing the determined temporary grant of access for the user, resolve the conflict.
6 Assignments
0 Petitions
Accused Products
Abstract
A technique for securely granting access to a target system to a user includes requesting a plurality of security policies from a plurality of distributed policy systems. It further includes obtaining a plurality of security policies from the plurality of distributed policy systems. It further includes granting a temporary grant of access that is an aggregate of the plurality of security policies. It further includes implementing the temporary access grant for the user.
-
Citations
17 Claims
-
1. A system for securely granting access to a target system to a user comprising:
-
an interface configured to receive an access request; a processor; and a memory coupled with the processor, wherein the memory is configured to provide the processor with instructions which when executed cause the processor to; request a plurality of security policies from a plurality of distributed policy systems, wherein the plurality of distributed policy systems includes at least one of a change management system associated with planned events and a ticket system; obtain the plurality of security policies from the plurality of distributed policy systems; determine a temporary grant of access for the user, wherein the determining includes dynamically generating a temporary, multi-dimensional access policy for the user, wherein the multi-dimensional access policy is an aggregate of at least some of the plurality of security policies, and wherein the dynamically generated multi-dimensional access policy governs a set of network resources that the user is permitted to access and includes at least one of an authorized access time and an authorized access protocol; implement the determined temporary grant of access for the user; determine whether rules associated with the at least some of the plurality of security policies aggregated into the multi-dimensional access policy conflict with at least some of one another when applied in conjunction with implementing the determined temporary grant of access for the user; and in the event that rules associated with the at least some of the plurality of security policies aggregated into the multi-dimensional access policy are determined to conflict with at least some of one another when applied in conjunction with implementing the determined temporary grant of access for the user, resolve the conflict. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of securely granting access to a target system to a user comprising:
-
receiving an access request; requesting a plurality of security policies from a plurality of distributed policy systems, wherein the plurality of distributed policy systems includes at least one of a change management system associated with planned events and a ticket system; obtaining the plurality of security policies from the plurality of distributed policy systems; determining, by a computer processor, a temporary grant of access for the user, wherein the determining includes dynamically generating a temporary, multi-dimensional access policy for the user, wherein the multi-dimensional access policy is an aggregate of at least some of the plurality of security policies, and wherein the dynamically generated multi-dimensional access policy governs a set of network resources that the user is permitted to access and includes at least one of an authorized access time and an authorized access protocol; implementing the determined temporary grant of access for the user; determining whether rules associated with the at least some of the plurality of security policies aggregated into the multi-dimensional access policy conflict with at least some of one another when applied in conjunction with implementing the determined temporary grant of access for the user; and in the event that rules associated with the at least some of the plurality of security policies aggregated into the multi-dimensional access policy are determined to conflict with at least some of one another when applied in conjunction with implementing the determined temporary grant of access for the user, resolving the conflict. - View Dependent Claims (15, 16)
-
-
17. A computer program product for securely granting access to a target system to a user, the computer program product being embodied in a non-transitory computer readable medium and comprising computer instructions for:
-
receiving an access request; requesting a plurality of security policies from a plurality of distributed policy systems, wherein the plurality of distributed policy systems includes at least one of a change management system associated with planned events and a ticket system; obtaining the plurality of security policies from the plurality of distributed policy systems; determining a temporary grant of access for the user, wherein the determining includes dynamically generating a temporary, multi-dimensional access policy for the user, wherein the multi-dimensional access policy is an aggregate of at least some of the plurality of security policies, and wherein the dynamically generated multi-dimensional access policy governs a set of network resources that the user is permitted to access and includes at least one of an authorized access time and an authorized access protocol; implementing the determined temporary grant of access for the user; determining whether rules associated with the at least some of the plurality of security policies aggregated into the multi-dimensional access policy conflict with at least some of one another when applied in conjunction with implementing the determined temporary grant of access for the user; and in the event that rules associated with the at least some of the plurality of security policies aggregated into the multi-dimensional access policy are determined to conflict with at least some of one another when applied in conjunction with implementing the determined temporary grant of access for the user, resolving the conflict.
-
Specification