Continuous monitoring of access of computing resources

US 9,298,899 B1
Filed: 09/11/2014
Issued: 03/29/2016
Est. Priority Date: 09/11/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of monitoring access of computing resources comprising:

creating one or more usage rules each defining a usage constraint;

receiving a set of login credentials from a first user;

authorizing the first user to access a computing resource based on the set of login credentials received from the first user;

monitoring one or more actions the first user has requested to be performed at the computing resource by applying at least one of the one or more usage rules, wherein the one or more usage rules comprise a first usage rule defining a first usage constraint that is based on a total number of authorizations performed responsive to a usage constraint violation;

determining that one of the actions violates a usage constraint;

halting performance of the action until a second user authorizes the action; and

notifying a third user responsive to determining that a total number of authorizations performed by the second user for the first user exceeds a predetermined threshold.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.

25 Citations

View as Search Results

15 Claims

1. A computer-implemented method of monitoring access of computing resources comprising:
- creating one or more usage rules each defining a usage constraint;
  
  receiving a set of login credentials from a first user;
  
  authorizing the first user to access a computing resource based on the set of login credentials received from the first user;
  
  monitoring one or more actions the first user has requested to be performed at the computing resource by applying at least one of the one or more usage rules, wherein the one or more usage rules comprise a first usage rule defining a first usage constraint that is based on a total number of authorizations performed responsive to a usage constraint violation;
  
  determining that one of the actions violates a usage constraint;
  
  halting performance of the action until a second user authorizes the action; and
  
  notifying a third user responsive to determining that a total number of authorizations performed by the second user for the first user exceeds a predetermined threshold.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1 wherein:
    - the one or more usage rules compriseat least one usage rule that define a usage constraint that is based on a frequency with which a predetermined type of action is performed,at least one usage rule that defines a usage constraint that is based on a time of day an action is requested to be performed, andat least one usage rule that defines a usage constraint that is based on a total number of computer files requested to be retrieved.
  - 3. The computer-implemented method of claim 1 further comprising:
    - receiving a set of login credentials from the second user;
      
      verifying the set of login credentials received from the second user; and
      
      resuming performance of the action responsive to successful verification of the set of login credentials received from the second user.
  - 4. The computer-implemented method of claim 1 further comprising:
    - notifying the second user responsive to determining that one of the actions violates the usage constraint.
  - 5. The computer-implemented method of claim 1 wherein:
    - monitoring the one or more actions includes comparing at least one of the actions to one or more previous actions performed for the first user at the computing resource.
  - 6. The computer-implemented method of claim 1 wherein:
    - the second user authorizes the action at a computing device that is located remotely relative to a computing device operated by the first user.

7. A system for monitoring access of computing resources comprising:
- memory that stores one or more usage rules each defining a usage constraint and comprising a first usage rule defining a first usage constraint that is based on a total number of authorizations performed responsive to a usage constraint violation;
  
  an authenticator configured to authenticate a first user and authorize the first user to access a computing resource based on a set of login credentials received from the first user; and
  
  a usage monitor configured toapply at least one of the one or more usage rules to each action the first user has requested to be performed at the computing resource,determine that an action the first user has requested to be performed violates the usage constraint of one of the usage rules,halt performance of the action until a second user authorizes the action, andnotify a third user responsive to determining that a total number of authorizations performed by the second user for the first user exceeds a predetermined threshold.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7 wherein:
    - the usage monitor is further configured to resume performance of the action responsive to successful verification of a set of login credentials received from the second user.
  - 9. The system of claim 8 wherein:
    - the authenticator is further configured to receive the set of login credentials from the second user via a computing device operated by the second user that is located remotely relative to a computing device operated by the first user.
  - 10. The system of claim 7 wherein:
    - the one or more usage rules compriseat least one usage rule that define a usage constraint that is based on a frequency with which a predetermined type of action is performed,at least one usage rule that defines a usage constraint that is based on a time of day an action is requested to be performed, andat least one usage rule that defines a usage constraint that is based on a total number of computer files requested to be retrieved.
  - 11. The system of claim 7 wherein:
    - the usage monitor is further configured to compare at least one of the actions the first user has requested to be performed to one or more previous actions performed for the first user at the computing resource.
  - 12. The system of claim 7 wherein:
    - the usage monitor is further configured to notify the second user responsive to determining that one of the actions requested to be performed by the user violates the usage constraint of one of the usage rules.
  - 13. The system of claim 12 wherein:
    - a notification provided to the second user identifies the first user, the action requested to be performed by the first user, the usage constraint violated by the action, and the usage rule that defines the usage constraint violated.

14. A computer-implemented method of monitoring access of computing resources comprising:
- storing, at a memory, one or more usage rules each defining a usage constraint based on one or more actions available to be performed at one or more computing resources and comprising a first usage rule defining a first usage constraint that is based on a total number of authorizations performed responsive to a usage constraint violation;
  
  receiving, at an authenticator, a first set of login credentials from a first user;
  
  verifying, at the authenticator, the first set of login credentials;
  
  authorizing, using the authenticator, the first user to access a computing resource based on the first set of login credentials;
  
  receiving, from the first user, a request to perform an action at the computing resource;
  
  applying, using a usage monitor, at least one of the one or more usage rules to the action requested to be performed;
  
  determining, using the usage monitor, that the action requested to be performed violates the usage constraint of one of the usage rules;
  
  halting, using the usage monitor, performance of the action requested to be performed;
  
  notifying, using the usage monitor, a second user that the action violates the usage constraint wherein a notification provided to the second user identifies the first user, the action requested to be performed, the usage constraint violated by the action, and the usage rule that defines the usage constraint violated;
  
  receiving, at the authenticator, a second set of login credentials from the second user;
  
  verifying, at the authenticator, the second set of login credentials;
  
  resuming, using the usage monitor, performance of the action responsive to successful verification of the second set of login credentials; and
  
  notifying, using the usage monitor, a third user responsive to determining that a total number of authorizations performed by the second user for the first user exceeds a predetermined threshold.
- View Dependent Claims (15)
- - 15. The computer-implemented method of claim 14 wherein:
    - the one or more usage rules compriseat least one usage rule that define a usage constraint that is based on a frequency with which a predetermined type of action is performed,at least one usage rule that defines a usage constraint that is based on a time of day an action is requested to be performed,at least one usage rule that defines a usage constraint that is based on a day of the week an action is requested to be performed,at least one usage rule that defines a usage constraint that is based on a geographic location of the first user,at least one usage rule that defines a usage constraint that is based on a computing device operated by the first user,at least one usage rule that defines a usage constraint that is based on a location of a computing device operated by the first user,at least one usage rule that defines a usage constraint that is based on a total number of database queries requested to be performed,at least one usage rule that defines a usage constraint that is based on a total number of computer files requested to be retrieved; and
      
      at least one usage rule that defines a usage constraint that is based on a total number of authorizations performed responsive to a usage constraint violation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Moloian, Armen, Kling, John H.
Primary Examiner(s)
Leung, Robert

Application Number

US14/483,589
Publication Number

US 20160078203A1
Time in Patent Office

565 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

H04L 63/083   using passwords cryptograph...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 63/1425   Traffic logging, e.g. anoma...

Continuous monitoring of access of computing resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Continuous monitoring of access of computing resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links