Apparatus and method for access validation

US 9,313,207 B2
Filed: 01/05/2015
Issued: 04/12/2016
Est. Priority Date: 10/24/2006
Status: Active Grant

First Claim

Patent Images

1. An apparatus configured for performing access validation, comprising:

one or more processors;

an access validation application executable by said one or more processors, said access validation application configured for;

receiving, at a server from a requesting entity over a network, a request to perform access validation of a particular resource at an organization site or at a site external to the organization site, to which access had previously been granted;

wherein the particular resource has a corresponding owner and is at a particular location within a hierarchy of resources, wherein the owner causes a chain of validation of entities which are in its realm of responsibility, each entity comprising one or more sub-resources, each said sub-resource having a corresponding owner, and wherein each corresponding owner of each said sub-resource causing a chain of validation of entities which are in its realm of responsibility until there are no more sub-resources;

responsive to receiving the request, determining, at said server, whether the previously granted access to said particular resource is valid, said determining comprising;

identifying, by the server and from configuration data stored at configuration database, the owner of the particular resource and a list of at least one sub-resources and its owner;

responsive to identifying the owner of the particular resource and the list of at least one sub-resource and its owner, sending, by said owner of the particular resource over the network, a request for access validation intended for said at least one owner of said at least one sub-resource of the particular resource, said request for access validation causing said at least one owner to send a request for access validation intended for at least one owner of its sub-resource, when present, iteratively, until no more sub-resources are present;

sending by said owner of the particular resource over the network, a request for access validation intended for said remaining owners of said remaining sub-resources of the particular resource, until there are no more sub-resources, causing each owner of each remaining sub-resource to send a request for access validation intended for each of its corresponding sub-resource, iteratively, until there are no more sub-resources; and

in response to determining whether the previously granted access to said resource is valid, sending, over the network by said server for delivery to said requesting entity, a response having any of the following five options;

an affirmation of validity;

a negative indication that said previously granted access to said resource is not valid;

a stronger condition;

an answer indicating that it cannot be determined whether the previously granted access to said resource is valid; and

an exception, wherein it was determined that the previously granted access to the resource is not valid, however that temporary access to the resource is required;

wherein configuring said access validation application does not require business rules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One or more techniques for access validation are provided. Access validation may be performed automatically or in real-time. Access validation may be at the resource level or at a sub-resource level. Techniques provided herein may be applied in a large variety of situations and industries, e.g. compliance management or inventory. Access validation reports may be generated in real-time or may link to indications of access validation in real-time. Five outcomes or options are provided, including affirmative, negative, stronger negative with larger implication, undetermined, and negative, however with temporarily granted access. A field for allowing entry of justification for access to a particular resource is provided. Reminders to validate privileges are provided. A continuous access validation process is provided. A technique for extending the hierarchy and corresponding workflow that is generated thereof is provided.

38 Citations

View as Search Results

18 Claims

1. An apparatus configured for performing access validation, comprising:
- one or more processors;
  
  an access validation application executable by said one or more processors, said access validation application configured for;
  
  receiving, at a server from a requesting entity over a network, a request to perform access validation of a particular resource at an organization site or at a site external to the organization site, to which access had previously been granted;
  
  wherein the particular resource has a corresponding owner and is at a particular location within a hierarchy of resources, wherein the owner causes a chain of validation of entities which are in its realm of responsibility, each entity comprising one or more sub-resources, each said sub-resource having a corresponding owner, and wherein each corresponding owner of each said sub-resource causing a chain of validation of entities which are in its realm of responsibility until there are no more sub-resources;
  
  responsive to receiving the request, determining, at said server, whether the previously granted access to said particular resource is valid, said determining comprising;
  
  identifying, by the server and from configuration data stored at configuration database, the owner of the particular resource and a list of at least one sub-resources and its owner;
  
  responsive to identifying the owner of the particular resource and the list of at least one sub-resource and its owner, sending, by said owner of the particular resource over the network, a request for access validation intended for said at least one owner of said at least one sub-resource of the particular resource, said request for access validation causing said at least one owner to send a request for access validation intended for at least one owner of its sub-resource, when present, iteratively, until no more sub-resources are present;
  
  sending by said owner of the particular resource over the network, a request for access validation intended for said remaining owners of said remaining sub-resources of the particular resource, until there are no more sub-resources, causing each owner of each remaining sub-resource to send a request for access validation intended for each of its corresponding sub-resource, iteratively, until there are no more sub-resources; and
  
  in response to determining whether the previously granted access to said resource is valid, sending, over the network by said server for delivery to said requesting entity, a response having any of the following five options;
  
  an affirmation of validity;
  
  a negative indication that said previously granted access to said resource is not valid;
  
  a stronger condition;
  
  an answer indicating that it cannot be determined whether the previously granted access to said resource is valid; and
  
  an exception, wherein it was determined that the previously granted access to the resource is not valid, however that temporary access to the resource is required;
  
  wherein configuring said access validation application does not require business rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1, wherein a designated approver representing an owner from the at least one owner is a group rather than an individual and wherein the request to access validation is sent to any member of the group or to all members in the group.
  - 3. The apparatus of claim 1, wherein an answer indicating that it cannot be determined whether the previously granted access to said resource is valid, further comprises escalating the request for performing access validation of the particular resource to a compliance manager or to a higher node on the hierarchy to determine whether the access is validated.
  - 4. The apparatus of claim 1, wherein the stronger condition is that access should not be granted to a higher node on the hierarchy, the higher node containing the resource.
  - 5. The apparatus of claim 1, wherein access validation is performed in real-time or automatically.
  - 6. The apparatus of claim 1, wherein access validation is performed at a later point in time from when one or more privileges were granted.
  - 7. The apparatus of claim 1, wherein access validation occurs on a scheduled basis.
  - 8. The apparatus of claim 1, wherein determining whether the previously granted access to said resource is valid is based in part on one or more business-related attributes.
  - 9. The apparatus of claim 1, wherein a particular request is a type of resource and wherein said access validation application is further configured for:
    - performing validation of said particular request, wherein performing validation of the particular request comprises determining whether the particular request is granted;
      
      wherein determining whether the particular request is granted comprises using a structure of a hierarchy of resources and a location of the particular request within the hierarchy and by requesting access validation from at least one owners corresponding to at least one sub-resource as defined by the structure of the hierarchy.

10. A computer-implemented method for performing access validation, comprising:
- receiving, at a server from a requesting entity over a network, a request to perform access validation of a particular resource at an organization site or at a site external to the organization site, to which access had previously been granted;
  
  wherein the particular resource has a corresponding owner and is at a particular location within a hierarchy of resources, wherein the owner causes a chain of validation of entities which are in its realm of responsibility, each entity comprising one or more sub-resources, each said sub-resource having a corresponding owner, and wherein each corresponding owner of each said sub-resource causing a chain of validation of entities which are in its realm of responsibility until there are no more sub-resources;
  
  responsive to receiving the request, determining, at said server, whether the previously granted access to said particular resource is valid, said determining comprising;
  
  identifying, by the server and from configuration data stored at configuration database, the owner of the particular resource and a list of at least one sub-resources and its owner;
  
  responsive to identifying the owner of the particular resource and the list of at least one sub-resource and its owner, sending, by said owner of the particular resource over the network, a request for access validation intended for said at least one owner of said at least one sub-resource of the particular resource, said request for access validation causing said at least one owner to send a request for access validation intended for at least one owner of its sub-resource, when present, iteratively, until no more sub-resources are present;
  
  sending by said owner of the particular resource over the network, a request for access validation intended for said remaining owners of said remaining sub-resources of the particular resource, until there are no more sub-resources, causing each owner of each remaining sub-resource to send a request for access validation intended for each of its corresponding sub-resource, iteratively, until there are no more sub-resources; and
  
  in response to determining whether the previously granted access to said resource is valid, sending, over the network by said server for delivery to said requesting entity, a response having any of the following five options;
  
  an affirmation of validity;
  
  a negative indication that said previously granted access to said resource is not valid;
  
  a stronger condition;
  
  an answer indicating that it cannot be determined whether the previously granted access to said resource is valid; and
  
  an exception, wherein it was determined that the previously granted access to the resource is not valid, however that temporary access to the resource is required;
  
  wherein business rules are not required; and
  
  wherein said method is performed by a computer system configured to perform said method.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein a designated approver representing an owner from the at least one owner is a group rather than an individual and wherein the request to access validation is sent to any member of the group or to all members in the group.
  - 12. The method of claim 10, wherein an answer indicating that it cannot be determined whether the previously granted access to said resource is valid, further comprises escalating the request for performing access validation of the particular resource to a compliance manager or to a higher node on the hierarchy to determine whether the access is validated.
  - 13. The method of claim 10, wherein the stronger condition is that access should not be granted to a higher node on the hierarchy, the higher node containing the resource.
  - 14. The method of claim 10, wherein access validation is performed in real-time or automatically.
  - 15. The method of claim 10, wherein access validation is performed at a later point in time from when one or more privileges were granted.
  - 16. The method of claim 10, wherein access validation occurs on a scheduled basis.
  - 17. The method of claim 10, wherein determining whether the previously granted access to said resource is valid is based in part on one or more business-related attributes.
  - 18. The method of claim 10, further comprising:
    - performing validation of said particular request, wherein performing validation of the particular request comprises determining whether the particular request is granted;
      
      wherein determining whether the particular request is granted comprises using a structure of a hierarchy of resources and a location of the particular request within the hierarchy and by requesting access validation from at least one owners corresponding to at least one sub-resource as defined by the structure of the hierarchy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avatier Corporation
Original Assignee
Avatier Corporation
Inventors
Cicchitto, Nelson A.
Primary Examiner(s)
Gee, Jason K

Application Number

US14/589,819
Publication Number

US 20150128225A1
Time in Patent Office

463 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

H04L 63/102   Entity profiles

Apparatus and method for access validation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for access validation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links