Intelligent system for enabling automated secondary authorization for service requests in an agile information technology environment

US 8,966,578 B1
Filed: 08/07/2014
Issued: 02/24/2015
Est. Priority Date: 08/07/2014
Status: Active Grant

First Claim

Patent Images

1. An automated method for seeking and obtaining service request authorizations, comprising:

receiving, from a requesting entity and at a service request authorization management system that is communicably coupled to one or more elements of a managed computer system, a service request for a resource of the managed computer system, said service request having been granted a primary authorization indicating at least that the requesting entity is authorized for the service request;

determining whether or not secondary authorization is necessary for the received service request; and

if no secondary authorization is necessary for the received service request, deeming the received service request authorized, otherwise, if secondary authorization is necessary for the received service request, then;

determining whether, prior to seeking secondary authorization, any additional pre-authorization conditions require completion;

if no additional pre-authorization conditions require completion, requesting secondary authorization for the received service request according to configured policies for and a current context of the managed computer system, otherwise, if additional pre-authorization conditions do require completion, postponing requesting secondary authorization for the received service request pending resolution of the additional pre-authorization conditions requiring completion and periodically determining whether or not the additional pre-authorization conditions have been completed such that if the additional pre-authorization conditions are not completed at least within a time limit, denying the service request, otherwise, if the additional pre-authorization conditions are completed at least within the time limit requesting the secondary authorization for the received service request according to then-configured policies for and a then-current context of the managed computer system;

if the requested secondary authorization is received, deeming the received service request authorized, pending resolution of any post-secondary authorization conditions, otherwise, if the requested secondary authorization is not received, denying the service request;

if the received service request is deemed authorized, determining whether or not any post-authorization conditions must be satisfied before a service request authorization can be returned in response to the received service request, and, if so, postponing providing the service request authorization pending resolution of the post-authorization conditions requiring completion, otherwise, issuing the secondary authorization for the received service request.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A service request for a managed computer system is received and once a primary authorization for same has been given, a secondary authorization management system (SAMS) determines whether or not the service request requires secondary authorization. This determination is made according to a context of the managed computer system and an authorization profile for the received service request. If needed, the SAMS resolves the secondary authorization request and returns the resolution decision.

Citations

12 Claims

1. An automated method for seeking and obtaining service request authorizations, comprising:
- receiving, from a requesting entity and at a service request authorization management system that is communicably coupled to one or more elements of a managed computer system, a service request for a resource of the managed computer system, said service request having been granted a primary authorization indicating at least that the requesting entity is authorized for the service request;
  
  determining whether or not secondary authorization is necessary for the received service request; and
  
  if no secondary authorization is necessary for the received service request, deeming the received service request authorized, otherwise, if secondary authorization is necessary for the received service request, then;
  
  determining whether, prior to seeking secondary authorization, any additional pre-authorization conditions require completion;
  
  if no additional pre-authorization conditions require completion, requesting secondary authorization for the received service request according to configured policies for and a current context of the managed computer system, otherwise, if additional pre-authorization conditions do require completion, postponing requesting secondary authorization for the received service request pending resolution of the additional pre-authorization conditions requiring completion and periodically determining whether or not the additional pre-authorization conditions have been completed such that if the additional pre-authorization conditions are not completed at least within a time limit, denying the service request, otherwise, if the additional pre-authorization conditions are completed at least within the time limit requesting the secondary authorization for the received service request according to then-configured policies for and a then-current context of the managed computer system;
  
  if the requested secondary authorization is received, deeming the received service request authorized, pending resolution of any post-secondary authorization conditions, otherwise, if the requested secondary authorization is not received, denying the service request;
  
  if the received service request is deemed authorized, determining whether or not any post-authorization conditions must be satisfied before a service request authorization can be returned in response to the received service request, and, if so, postponing providing the service request authorization pending resolution of the post-authorization conditions requiring completion, otherwise, issuing the secondary authorization for the received service request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein determining whether or not the requesting entity is authorized for the service request comprises retrieving an authorization profile for the received service request from a database based upon attributes of the service request, the authorization profile being evaluated as part of the determination as to whether or not the requesting entity is authorized for the service request.
  - 3. The method of claim 2, wherein attributes of the service request include one or more of:
    - a type of operation specified in the service request, resources associated with the service request, the requesting entity, the time of request, and the managed computer system.
  - 4. The method of claim 2, wherein the authorization profile designates at least one knowledge system with at least one context that is a factor for servicing the service request by the managed computer system.
  - 5. The method of claim 4, wherein the context comprises one or more of:
    - data on an environment of operation and/or execution of the managed computer system, a situation, and an external consideration for the managed computer system.
  - 6. The method of claim 1, wherein determining whether secondary authorization for the service request is required or desired is based on at least one context of the managed computer system.
  - 7. The method of claim 1, wherein determining whether secondary authorization for the service request is required or desired depends on one or more of:
    - attributes of the service request, a resource specified in the service request, the requesting entity, the time of request, and a type of operation specified by the service request.
  - 8. The method of claim 1, wherein determining whether or not any post-authorization conditions must be satisfied before the service authorization can be returned in response to the service request comprises one or more activities requiring human input.
  - 9. The method of claim 1, further comprising, after resolving the service request, determining whether current conditions for approval of the service request remain appropriate and, if not, modifying approval criteria for future instances of the service request.
  - 10. The method of claim 1, wherein the pre-authorization conditions and/or post-authorization conditions for the received service request comprise conditions on execution of operations specified by the service request.
  - 11. The method of claim 1, wherein the pre-authorization conditions and/or post-authorization conditions for the received service request comprise one or more of provisioning of equipment or capacities of such equipment, and authorization of other service requests.
  - 12. The method of claim 1, wherein the pre-authorization conditions comprise one or more of:
    - an occurrence of a trigger event, elapsing of a specified time;
      
      tasks related to the managed computer system, tasks related to human operators or users of the managed environment, receipt of information which cannot be automatically obtained by the service request authorization management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Corp.
Original Assignee
HyTrust, Inc. (Entrust Corp.)
Inventors
Prafullchandra, Hemma, Rangarajan, Govindarajan, Belov, Boris
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
Lakhia, Viral

Application Number

US14/454,593
Time in Patent Office

201 Days
Field of Search

726/1, 726/23, 726/4, 726/26, 726/7, 713/153, 713/171, 709/203
US Class Current

726/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/00   Security arrangements for p...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45558   Hypervisor-specific managem...

G06N 5/022   Knowledge engineering; Know...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 67/10   in which an application is ...

Intelligent system for enabling automated secondary authorization for service requests in an agile information technology environment

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Intelligent system for enabling automated secondary authorization for service requests in an agile information technology environment

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links