Apparatus and method for access validation
First Claim
1. An apparatus configured for performing access validation, comprising:
- one or more processors;
an access validation application executable by said one or more processors, said access validation application configured for;
receiving, at a server from a requesting entity over a network, a request to perform access validation of a particular resource at an organization site or at a site external to the organization site, to which access had previously been granted;
wherein the particular resource has a corresponding owner and is at a particular location within a hierarchy of resources, wherein the owner causes a chain of validation of entities which are in its realm of responsibility, each entity comprising one or more sub-resources, each said sub-resource having a corresponding owner, and wherein each corresponding owner of each said sub-resource causing a chain of validation of entities which are in its realm of responsibility until there are no more sub-resources;
responsive to receiving the request, determining, at said server, whether the previously granted access to said particular resource is valid, said determining comprising;
identifying, by the server and from configuration data stored at configuration database, the owner of the particular resource and a list of at least one sub-resources and its owner;
responsive to identifying the owner of the particular resource and the list of at least one sub-resource and its owner, sending, by said owner of the particular resource over the network, a request for access validation intended for said at least one owner of said at least one sub-resource of the particular resource, said request for access validation causing said at least one owner to send a request for access validation intended for at least one owner of its sub-resource, when present, iteratively, until no more sub-resources are present;
sending by said owner of the particular resource over the network, a request for access validation intended for said remaining owners of said remaining sub-resources of the particular resource, until there are no more sub-resources, causing each owner of each remaining sub-resource to send a request for access validation intended for each of its corresponding sub-resource, iteratively, until there are no more sub-resources; and
in response to determining whether the previously granted access to said resource is valid, sending, over the network by said server for delivery to said requesting entity, a response having any of the following five options;
an affirmation of validity;
a negative indication that said previously granted access to said resource is not valid;
a stronger condition;
an answer indicating that it cannot be determined whether the previously granted access to said resource is valid; and
an exception, wherein it was determined that the previously granted access to the resource is not valid, however that temporary access to the resource is required;
wherein configuring said access validation application does not require business rules.
1 Assignment
0 Petitions
Accused Products
Abstract
One or more techniques for access validation are provided. Access validation may be performed automatically or in real-time. Access validation may be at the resource level or at a sub-resource level. Techniques provided herein may be applied in a large variety of situations and industries, e.g. compliance management or inventory. Access validation reports may be generated in real-time or may link to indications of access validation in real-time. Five outcomes or options are provided, including affirmative, negative, stronger negative with larger implication, undetermined, and negative, however with temporarily granted access. A field for allowing entry of justification for access to a particular resource is provided. Reminders to validate privileges are provided. A continuous access validation process is provided. A technique for extending the hierarchy and corresponding workflow that is generated thereof is provided.
38 Citations
18 Claims
-
1. An apparatus configured for performing access validation, comprising:
-
one or more processors; an access validation application executable by said one or more processors, said access validation application configured for; receiving, at a server from a requesting entity over a network, a request to perform access validation of a particular resource at an organization site or at a site external to the organization site, to which access had previously been granted; wherein the particular resource has a corresponding owner and is at a particular location within a hierarchy of resources, wherein the owner causes a chain of validation of entities which are in its realm of responsibility, each entity comprising one or more sub-resources, each said sub-resource having a corresponding owner, and wherein each corresponding owner of each said sub-resource causing a chain of validation of entities which are in its realm of responsibility until there are no more sub-resources; responsive to receiving the request, determining, at said server, whether the previously granted access to said particular resource is valid, said determining comprising; identifying, by the server and from configuration data stored at configuration database, the owner of the particular resource and a list of at least one sub-resources and its owner; responsive to identifying the owner of the particular resource and the list of at least one sub-resource and its owner, sending, by said owner of the particular resource over the network, a request for access validation intended for said at least one owner of said at least one sub-resource of the particular resource, said request for access validation causing said at least one owner to send a request for access validation intended for at least one owner of its sub-resource, when present, iteratively, until no more sub-resources are present; sending by said owner of the particular resource over the network, a request for access validation intended for said remaining owners of said remaining sub-resources of the particular resource, until there are no more sub-resources, causing each owner of each remaining sub-resource to send a request for access validation intended for each of its corresponding sub-resource, iteratively, until there are no more sub-resources; and in response to determining whether the previously granted access to said resource is valid, sending, over the network by said server for delivery to said requesting entity, a response having any of the following five options; an affirmation of validity; a negative indication that said previously granted access to said resource is not valid; a stronger condition; an answer indicating that it cannot be determined whether the previously granted access to said resource is valid; and an exception, wherein it was determined that the previously granted access to the resource is not valid, however that temporary access to the resource is required; wherein configuring said access validation application does not require business rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method for performing access validation, comprising:
-
receiving, at a server from a requesting entity over a network, a request to perform access validation of a particular resource at an organization site or at a site external to the organization site, to which access had previously been granted; wherein the particular resource has a corresponding owner and is at a particular location within a hierarchy of resources, wherein the owner causes a chain of validation of entities which are in its realm of responsibility, each entity comprising one or more sub-resources, each said sub-resource having a corresponding owner, and wherein each corresponding owner of each said sub-resource causing a chain of validation of entities which are in its realm of responsibility until there are no more sub-resources; responsive to receiving the request, determining, at said server, whether the previously granted access to said particular resource is valid, said determining comprising; identifying, by the server and from configuration data stored at configuration database, the owner of the particular resource and a list of at least one sub-resources and its owner; responsive to identifying the owner of the particular resource and the list of at least one sub-resource and its owner, sending, by said owner of the particular resource over the network, a request for access validation intended for said at least one owner of said at least one sub-resource of the particular resource, said request for access validation causing said at least one owner to send a request for access validation intended for at least one owner of its sub-resource, when present, iteratively, until no more sub-resources are present; sending by said owner of the particular resource over the network, a request for access validation intended for said remaining owners of said remaining sub-resources of the particular resource, until there are no more sub-resources, causing each owner of each remaining sub-resource to send a request for access validation intended for each of its corresponding sub-resource, iteratively, until there are no more sub-resources; and in response to determining whether the previously granted access to said resource is valid, sending, over the network by said server for delivery to said requesting entity, a response having any of the following five options; an affirmation of validity; a negative indication that said previously granted access to said resource is not valid; a stronger condition; an answer indicating that it cannot be determined whether the previously granted access to said resource is valid; and an exception, wherein it was determined that the previously granted access to the resource is not valid, however that temporary access to the resource is required; wherein business rules are not required; and wherein said method is performed by a computer system configured to perform said method. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification