Apparatus and method for access validation

US 8,931,057 B2
Filed: 05/13/2011
Issued: 01/06/2015
Est. Priority Date: 10/24/2006
Status: Active Grant

First Claim

Patent Images

1. An apparatus configured for performing access validation, comprising:

one or more processors;

an access validation application executable by said one or more processors, said access validation application configured for;

receiving a request to perform access validation of a particular resource to which access had previously been granted;

responsive to receiving the request, determining whether the previously granted access to said resource is valid by using a structure of a hierarchy of resources and a location of the particular resource within the hierarchy and byrequesting access validation from at least two owners of at least two sub-resources of the particular resource, respectively, as defined by the structure of the hierarchy, by sending a request for approval to each of the at least two owners;

in response to determining whether the previously granted access to said resource is valid, responding with any of the following five options;

an affirmation of validity;

a negative indication that said previously granted access to said resource is not valid;

a stronger condition;

an answer indicating that it cannot be determined whether the previously granted access to said resource is valid; and

an exception, wherein it was determined that the previously granted access to the resource is not valid, however that temporary access to the resource is required;

wherein the owner of the particular resource is responsible for validating entities which are in the realm of responsibility of the owner and wherein entities which are in the realm of responsibility of the owner comprise one or more sub-resources, each said sub-resource having a corresponding owner, and wherein each corresponding owner is required to perform access validation for its sub-resource and is responsible for validation entities which are in its realm of responsibility; and

wherein configuring said access validation application does not require business rules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One or more techniques for access validation are provided. Access validation may be performed automatically or in real-time. Access validation may be at the resource level or at a sub-resource level. Techniques provided herein may be applied in a large variety of situations and industries, e.g. compliance management or inventory. Access validation reports may be generated in real-time or may link to indications of access validation in real-time. Five outcomes or options are provided, including affirmative, negative, stronger negative with larger implication, undetermined, and negative, however with temporarily granted access. A field for allowing entry of justification for access to a particular resource is provided. Reminders to validate privileges are provided. A continuous access validation process is provided. A technique for extending the hierarchy and corresponding workflow that is generated thereof is provided.

34 Citations

View as Search Results

18 Claims

1. An apparatus configured for performing access validation, comprising:
- one or more processors;
  
  an access validation application executable by said one or more processors, said access validation application configured for;
  
  receiving a request to perform access validation of a particular resource to which access had previously been granted;
  
  responsive to receiving the request, determining whether the previously granted access to said resource is valid by using a structure of a hierarchy of resources and a location of the particular resource within the hierarchy and byrequesting access validation from at least two owners of at least two sub-resources of the particular resource, respectively, as defined by the structure of the hierarchy, by sending a request for approval to each of the at least two owners;
  
  in response to determining whether the previously granted access to said resource is valid, responding with any of the following five options;
  
  an affirmation of validity;
  
  a negative indication that said previously granted access to said resource is not valid;
  
  a stronger condition;
  
  an answer indicating that it cannot be determined whether the previously granted access to said resource is valid; and
  
  an exception, wherein it was determined that the previously granted access to the resource is not valid, however that temporary access to the resource is required;
  
  wherein the owner of the particular resource is responsible for validating entities which are in the realm of responsibility of the owner and wherein entities which are in the realm of responsibility of the owner comprise one or more sub-resources, each said sub-resource having a corresponding owner, and wherein each corresponding owner is required to perform access validation for its sub-resource and is responsible for validation entities which are in its realm of responsibility; and
  
  wherein configuring said access validation application does not require business rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1, wherein a designated approver representing an owner from the at least two owners is a group rather than an individual and wherein the request to access validation is sent to any member of the group or to all members in the group.
  - 3. The apparatus of claim 1, wherein an answer indicating that it cannot be determined whether the previously granted access to said resource is valid, further comprises escalating the request for performing access validation of the particular resource to a compliance manager or to a higher node on the hierarchy to determine whether the access is validated.
  - 4. The apparatus of claim 1, wherein the stronger condition is that access should not be granted to a higher node on the hierarchy, the higher node containing the resource.
  - 5. The apparatus of claim 1, wherein access validation is performed in real-time or automatically.
  - 6. The apparatus of claim 1, wherein access validation is performed at a later point in time from when one or more privileges were granted.
  - 7. The apparatus of claim 1, wherein access validation occurs on a scheduled basis.
  - 8. The apparatus of claim 1, wherein determining whether the previously granted access to said resource is valid is based in part on one or more business-related attributes.
  - 9. The apparatus of claim 1, wherein a particular request is a type of resource and wherein said access validation application is further configured for:
    - performing validation of said particular request, wherein performing validation of the particular request comprises determining whether the particular request is granted;
      
      wherein determining whether the particular request is granted comprises invoking the workflow process that is dynamically generated at least in part from a structure of a hierarchy of resources and a location of the particular request within the hierarchy, wherein the invoked workflow process comprises requesting access validation from a chain of one or more owners corresponding to sub-resources as defined by the structure of the hierarchy.

10. A computer-implemented method for performing access validation, comprising:
- receiving a request to perform access validation of a particular resource to which access had previously been granted;
  
  responsive to receiving the request, determining whether the previously granted access to said resource is valid by using a structure of a hierarchy of resources and a location of the particular resource within the hierarchy and byrequesting access validation from at least two owners of at least two sub-resources of the particular resource, respectively, as defined by the structure of the hierarchy, by sending a request for approval to each of the at least two owners;
  
  in response to determining whether the previously granted access to said resource is valid, responding with any of the following five options;
  
  an affirmation of validity;
  
  a negative indication that said previously granted access to said resource is not valid;
  
  a stronger condition;
  
  an answer indicating that it cannot be determined whether the previously granted access to said resource is valid; and
  
  an exception, wherein it was determined that the previously granted access to the resource is not valid, however that temporary access to the resource is required;
  
  wherein the owner of the particular resource is responsible for validating entities which are in the realm of responsibility of the owner and wherein entities which are in the realm of responsibility of the owner comprise one or more sub-resources, each said sub-resource having a corresponding owner, and wherein each corresponding owner is required to perform access validation for its sub-resource and is responsible for validation entities which are in its realm of responsibility; and
  
  wherein business rules are not required; and
  
  wherein said method is performed by a computer system configured to perform said method.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein a designated approver representing an owner from the at least two owners is a group rather than an individual and wherein the request to access validation is sent to any member of the group or to all members in the group.
  - 12. The method of claim 10, wherein an answer indicating that it cannot be determined whether the previously granted access to said resource is valid, further comprises escalating the request for performing access validation of the particular resource to a compliance manager or to a higher node on the hierarchy to determine whether the access is validated.
  - 13. The method of claim 10, wherein the stronger condition is that access should not be granted to a higher node on the hierarchy, the higher node containing the resource.
  - 14. The method of claim 10, wherein access validation is performed in real-time or automatically.
  - 15. The method of claim 10, wherein access validation is performed at a later point in time from when one or more privileges were granted.
  - 16. The method of claim 10, wherein access validation occurs on a scheduled basis.
  - 17. The method of claim 10, wherein determining whether the previously granted access to said resource is valid is based in part on one or more business-related attributes.
  - 18. The method of claim 10, further comprising:
    - performing validation of said particular request, wherein performing validation of the particular request comprises determining whether the particular request is granted;
      
      wherein determining whether the particular request is granted comprises invoking the workflow process that is dynamically generated at least in part from a structure of a hierarchy of resources and a location of the particular request within the hierarchy, wherein the invoked workflow process comprises requesting access validation from a chain of one or more owners corresponding to sub-resources as defined by the structure of the hierarchy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avatier Corporation
Original Assignee
Avatier Corporation
Inventors
Cicchitto, Nelson A.
Primary Examiner(s)
Gee, Jason K

Application Number

US13/107,760
Publication Number

US 20110258683A1
Time in Patent Office

1,334 Days
Field of Search

726/4
US Class Current

726/4
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

H04L 63/102   Entity profiles

Apparatus and method for access validation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for access validation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links