Reputation based access control

US 9,219,739 B2
Filed: 03/09/2015
Issued: 12/22/2015
Est. Priority Date: 05/06/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A method in a computer system having a network input/output (I/O), a central processing unit (CPU), a reputation based access control unit and one or more databases including a reputation based access control database, the method comprising:

identifying a requesting subject that is requesting access to a controlled resource;

retrieving a reputation of the requesting subject stored as a virtual attribute in the reputation-based access control database, wherein the reputation of the requesting subject comprises a value for skill for operating with the requested controlled resource;

determining whether the requesting subject is a known security risk;

modifying a reputation of an associate of the requesting subject and the reputation of the requesting subject in the case that the requesting subject is a known security risk and the security risk of the requesting subject meets a threshold;

modifying the reputation of the requesting subject based on peer feedback indicating that the requesting subject'"'"'s value for skill is diminished, in the case that the requesting subject is not a known security risk;

retrieving a policy of the requested controlled resource;

determining if the reputation of the requesting subject meets the policy of the requested controlled resource;

if the reputation of the requesting subject meets the policy of the requested controlled resource, allowing the requesting subject access to the requested controlled resource; and

if the reputation of the requesting subject does not meet the policy of the requested controlled resource, denying the requesting subject access to the requested controlled resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Approaches for providing reputation based access control are provided. Specifically, at least one approach includes: identifying a requesting subject requesting access to a controlled resource; retrieving a reputation of the subject stored as a virtual attribute in a reputation-based access control database, the reputation comprising a value for skill for operating with the requested controlled resource; determining whether the subject is a known security risk; modifying a reputation of the subject and an associate in the case that a security risk of the subject meets a threshold; modifying the reputation of the subject based on at least one of: peer feedback and expert opinion, in the case that the subject is not a known security risk; retrieving a policy of the requested controlled resource; determining if the reputation of the subject meets the policy, and if so, allowing the subject access to the resource, and if not, denying the access.

28 Citations

View as Search Results

20 Claims

1. A method in a computer system having a network input/output (I/O), a central processing unit (CPU), a reputation based access control unit and one or more databases including a reputation based access control database, the method comprising:
- identifying a requesting subject that is requesting access to a controlled resource;
  
  retrieving a reputation of the requesting subject stored as a virtual attribute in the reputation-based access control database, wherein the reputation of the requesting subject comprises a value for skill for operating with the requested controlled resource;
  
  determining whether the requesting subject is a known security risk;
  
  modifying a reputation of an associate of the requesting subject and the reputation of the requesting subject in the case that the requesting subject is a known security risk and the security risk of the requesting subject meets a threshold;
  
  modifying the reputation of the requesting subject based on peer feedback indicating that the requesting subject'"'"'s value for skill is diminished, in the case that the requesting subject is not a known security risk;
  
  retrieving a policy of the requested controlled resource;
  
  determining if the reputation of the requesting subject meets the policy of the requested controlled resource;
  
  if the reputation of the requesting subject meets the policy of the requested controlled resource, allowing the requesting subject access to the requested controlled resource; and
  
  if the reputation of the requesting subject does not meet the policy of the requested controlled resource, denying the requesting subject access to the requested controlled resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as defined in claim 1, the modifying the reputation of the requesting subject based on peer feedback indicating that the requesting subject'"'"'s value for skill is diminished further comprising, determining if expert opinion impacts the reputation of the requesting subject, and modifying the reputation of the requesting subject in the case that the reputation is impacted.
  - 3. The method as defined in claim 1, wherein the reputation of the requesting subject further comprises a value for trustworthiness, the method further comprising assessing the trustworthiness of the requesting subject.
  - 4. The method as defined in claim 3, further comprising, determining the value for trustworthiness of the requesting subject by data mining associations of the requesting subject and performing a background check of the requesting subject.
  - 5. The method as defined in claim 3, further comprising, determining the value for trustworthiness of the requesting subject by assessing actions previously taken by the requesting subject.
  - 6. The method as defined in claim 3, further comprising, determining the value for trustworthiness of the requesting subject by assessing actions previously taken by associates of the requesting subject.
  - 7. The method as defined in claim 1, the method further comprising, assessing the skill of the requesting subject.
  - 8. The method as defined in claim 7, further comprising, determining the value for skill of the requesting subject by assessing actions previously taken by the requesting subject.

9. A computer-readable hardware storage device storing computer instructions, which, when executed, causes a computer system operating with a reputation based access control unit to provide reputation based access control, the computer-readable storage device storing computer instructions comprising:
- identifying a requesting subject that is requesting access to a controlled resource;
  
  retrieving a reputation of the requesting subject stored as a virtual attribute in the reputation-based access control database, wherein the reputation of the requesting subject comprises a value for skill for operating with the requested controlled resource;
  
  determining whether the requesting subject is a known security risk;
  
  modifying a reputation of an associate of the requesting subject and the reputation of the requesting subject in the case that the requesting subject is a known security risk and the security risk of the requesting subject meets a threshold;
  
  modifying the reputation of the requesting subject based on peer feedback indicating that the requesting subject'"'"'s value for skill is diminished, in the case that the requesting subject is not a known security risk;
  
  retrieving a policy of the requested controlled resource;
  
  determining if the reputation of the requesting subject meets the policy of the requested controlled resource;
  
  if the reputation of the requesting subject meets the policy of the requested controlled resource, allowing the requesting subject access to the requested controlled resource; and
  
  if the reputation of the requesting subject does not meet the policy of the requested controlled resource, denying the requesting subject access to the requested controlled resource.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computer-readable hardware storage device of claim 9, the modifying the reputation of the requesting subject based on peer feedback indicating that the requesting subject'"'"'s value for skill is diminished further comprising, determining if expert opinion impacts the reputation of the requesting subject, and modifying the reputation of the requesting subject in the case that the reputation is impacted.
  - 11. The computer-readable hardware storage device of claim 9, wherein the reputation of the requesting subject further comprises a value for trustworthiness, the computer instructions further comprising assessing the trustworthiness of the requesting subject.
  - 12. The computer-readable hardware storage device of claim 11, the computer instructions further comprising determining the value for trustworthiness of the requesting subject by data mining associations of the requesting subject and performing a background check of the requesting subject.
  - 13. The computer-readable hardware storage device of claim 11, the computer instructions further comprising determining the value for trustworthiness of the requesting subject by assessing actions previously taken by one or more of the following:
    - the requesting subject, and associates of the requesting subject.
  - 14. The computer-readable hardware storage device of claim 9, the computer instructions further comprising determining a value for skill of the requesting subject by assessing actions previously taken by the requesting subject.

15. A computer system for providing reputation based access control, the system comprising:
- a memory medium comprising instructions;
  
  a bus coupled to the memory medium; and
  
  a processor coupled to the bus that when executing the instructions causes the computer system to;
  
  identify a requesting subject that is requesting access to a controlled resource;
  
  retrieve a reputation of the requesting subject stored as a virtual attribute in the reputation-based access control database, wherein the reputation of the requesting subject comprises a value for skill for operating with the requested controlled resource;
  
  determine whether the requesting subject is a known security risk;
  
  modify a reputation of an associate of the requesting subject and the reputation of the requesting subject in the case that the requesting subject is a known security risk and the security risk of the requesting subject meets a threshold;
  
  modify the reputation of the requesting subject based on peer feedback indicating that the requesting subject'"'"'s value for skill is diminished, in the case that the requesting subject is not a known security risk;
  
  retrieve a policy of the requested controlled resource;
  
  determine if the reputation of the requesting subject meets the policy of the requested controlled resource;
  
  if the reputation of the requesting subject meets the policy of the requested controlled resource, allow the requesting subject access to the requested controlled resource; and
  
  if the reputation of the requesting subject does not meet the policy of the requested controlled resource, deny the requesting subject access to the requested controlled resource.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system of claim 15, the instructions further causing the computer to determine if expert opinion impacts the reputation of the requesting subject, and modify the reputation of the requesting subject in the case that the reputation is impacted.
  - 17. The computer system of claim 15, wherein the reputation of the requesting subject further comprises a value for trustworthiness, the instructions further causing the computer to assess the trustworthiness of the requesting subject.
  - 18. The computer system of claim 17, the instructions further causing the computer to determine the value for trustworthiness of the requesting subject by data mining associations of the requesting subject and performing a background check of the requesting subject.
  - 19. The computer system of claim 17, the instructions further causing the computer to determine the value for trustworthiness of the requesting subject by assessing actions previously taken by one or more of the following:
    - the requesting subject, and associates of the requesting subject.
  - 20. The computer system of claim 15, the instructions further causing the computer to determine a value for skill of the requesting subject by assessing actions previously taken by the requesting subject.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hom, Richard V., Roxin, David C.
Primary Examiner(s)
Waldron, Scott A

Application Number

US14/641,501
Publication Number

US 20150188926A1
Time in Patent Office

288 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/24   Querying

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Reputation based access control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Reputation based access control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others