Quantifying risk based on relationships and applying protections based on business rules
First Claim
1. A method comprising:
- receiving a request to access a virtual private network (VPN) from a user, the request including a user identification;
receiving metadata of the request to access the VPN, the metadata including;
confirmation of the user identification by an entity physically proximate the user, the entity physically proximate to the user including a coworker of the user, anda VPN tunnel endpoint;
querying a database with the user identification and the metadata to identify relationship data, the relationship data indicating a relationship between an individual assigned the user identification and the VPN, wherein the relationship data includes a degree of risk of compromise;
inputting the relationship data into a rules engine; and
selecting at least one security measure with the rules engine based on the relationship data, wherein said selecting of the at least one security measure includes;
selecting a greater security measure the farther the relationship between the individual assigned the user identification and the VPN, andselecting a lesser security measure the closer the relationship between the individual assigned the user identification and the VPN.
2 Assignments
0 Petitions
Accused Products
Abstract
An embodiment of the invention provides a method for controlling access to a system, wherein a request to access the system and metadata of the request are received from a user, the request including a user identification. The metadata includes: information obtained from a history of prior accesses to an application access system, information obtained from a history of prior accesses to a wireless authentication system, and/or confirmation of the user identification by an entity physically proximate to the user. A database is queried with the user identification and the metadata to identify relationship data. The relationship data indicates the relationship between the individual assigned the user identification and an entity owning the system, an entity leasing the system, and/or an entity operating the system. The relationship data is input into a rules engine; and, security measure(s) are selected with the rules engine based on the relationship data.
13 Citations
25 Claims
-
1. A method comprising:
-
receiving a request to access a virtual private network (VPN) from a user, the request including a user identification; receiving metadata of the request to access the VPN, the metadata including; confirmation of the user identification by an entity physically proximate the user, the entity physically proximate to the user including a coworker of the user, and a VPN tunnel endpoint; querying a database with the user identification and the metadata to identify relationship data, the relationship data indicating a relationship between an individual assigned the user identification and the VPN, wherein the relationship data includes a degree of risk of compromise; inputting the relationship data into a rules engine; and selecting at least one security measure with the rules engine based on the relationship data, wherein said selecting of the at least one security measure includes; selecting a greater security measure the farther the relationship between the individual assigned the user identification and the VPN, and selecting a lesser security measure the closer the relationship between the individual assigned the user identification and the VPN. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for controlling access to a virtual private network (VPN), said method comprising:
-
receiving a request to access the VPN from a user, the request including a user identification; receiving metadata of the request to access the VPN, the metadata including; information obtained from a history of prior accesses to an application access system, information obtained from a history of prior accesses to a wireless authentication system, confirmation of the user identification by an entity physically proximate to the user, the entity physically proximate to the user including a coworker of the user, and a VPN tunnel endpoint; querying a database with the user identification and the metadata to identify relationship data, the relationship data indicating a relationship between an individual assigned the user identification and the VPN, wherein the relationship data includes a degree of risk of compromise; inputting the relationship data into a rules engine; and selecting at least one security measure with the rules engine based on the relationship data, wherein said selecting of the at least one security measure includes; selecting a greater security measure the farther the relationship between the individual assigned the user identification and the VPN, and selecting a lesser security measure the closer the relationship between the individual assigned the user identification and the VPN. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method for controlling access to a virtual private network (VPN), said method comprising:
-
receiving a request to access the VPN from a user, the request including a user identification; receiving metadata of the request to access the VPN, the metadata including at least one of; information obtained from a history of prior accesses to an application access system, information obtained from a history of prior accesses to a wireless authentication system, and confirmation of the user identification by an entity physically proximate the user, the entity physically proximate to the user including a coworker of the user, and a VPN tunnel endpoint; querying a database with the user identification and the metadata to identify relationship data, the relationship data indicating a relationship between the individual assigned the user identification and an entity owning the VPN, an entity leasing the VPN, and an entity operating the VPN, wherein the relationship data includes a degree of risk of compromise; inputting the relationship data into a rules engine; and selecting at least one security measure with the rules engine based on the relationship data, wherein said selecting of the at least one security measure includes; selecting a greater security measure the farther the relationship between the individual assigned the user identification and the VPN, and selecting a lesser security measure the closer the relationship between the individual assigned the user identification and the VPN. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method for controlling access to a virtual private network (VPN), said method comprising:
-
receiving a request to access the VPN from a user, the request including a user identification; receiving metadata of the request to access the VPN, the metadata including; information obtained from a history of prior accesses to an application access system, information obtained from a history of prior accesses to a wireless authentication system, and confirmation of the user identification by an entity physically proximate the user, the entity physically proximate to the user including a coworker of the user, and a VPN tunnel endpoint; querying a database with the user identification and the metadata to identify relationship data, the relationship data indicating a relationship between an individual assigned the user identification and the VPN, wherein the relationship data includes a degree of risk of compromise; inputting the relationship data into a rules engine; and selecting at least one security measure with the rules engine based on the relationship data, wherein said selecting of the at least one security measure includes; selecting a greater security measure the farther the relationship between the individual assigned the user identification and the VPN, and selecting a lesser security measure the closer the relationship between the individual assigned the user identification and the VPN. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification