Intelligent system for enabling automated secondary authorization for service requests in an agile information technology environment

US 9,450,940 B2
Filed: 02/03/2015
Issued: 09/20/2016
Est. Priority Date: 08/07/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by an access control system, a service request for at least one managed computer system from an entity, the entity having an access right for requesting the received service request of the managed computer system;

subsequent to the service request receiving a primary authorization, determining dynamically, according to a context of the managed computer system and an authorization profile for the received service request, by the access control system that the service request requires secondary authorization, the authorization profile for the received service request being retrieved from at least one knowledge system associated with the managed computer system;

sending, by the access control system and based upon the determination, the service request and a secondary authorization request to a secondary authorization management system;

resolving, by the secondary authorization management system, the secondary authorization request;

returning, by the secondary authorization management system, a resolution of the secondary authorization request to the access control system;

logging the context for the managed computer system, the service request, a secondary authorization result, and a service request result;

identifying a pattern and adding the pattern to the at least one knowledge system with the secondary authorization result; and

determining whether to provide the secondary authorization result in response to a secondary authorization request for another received service request based upon a comparison with the identified pattern.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A service request for a managed computer system is received and once a primary authorization for same has been given, a secondary authorization management system (SAMS) determines whether or not the service request requires secondary authorization. This determination is made according to a context of the managed computer system and an authorization profile for the received service request. If needed, the SAMS resolves the secondary authorization request and returns the resolution decision.

Citations

12 Claims

1. A method comprising:
- receiving, by an access control system, a service request for at least one managed computer system from an entity, the entity having an access right for requesting the received service request of the managed computer system;
  
  subsequent to the service request receiving a primary authorization, determining dynamically, according to a context of the managed computer system and an authorization profile for the received service request, by the access control system that the service request requires secondary authorization, the authorization profile for the received service request being retrieved from at least one knowledge system associated with the managed computer system;
  
  sending, by the access control system and based upon the determination, the service request and a secondary authorization request to a secondary authorization management system;
  
  resolving, by the secondary authorization management system, the secondary authorization request;
  
  returning, by the secondary authorization management system, a resolution of the secondary authorization request to the access control system;
  
  logging the context for the managed computer system, the service request, a secondary authorization result, and a service request result;
  
  identifying a pattern and adding the pattern to the at least one knowledge system with the secondary authorization result; and
  
  determining whether to provide the secondary authorization result in response to a secondary authorization request for another received service request based upon a comparison with the identified pattern.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said resolution of the secondary authorization request depends upon resolution of one or more contingencies.
  - 3. The method of claim 2, further comprising receiving from the at least one knowledge system information indicative of whether the one or more contingencies were met.
  - 4. The method of claim 1, wherein the at least one knowledge system comprises at least one of an internal knowledge system, an authorization profile knowledge system, an external authorization system, a capacity management system, a licensing server, and a change management system.
  - 5. The method of claim 1, wherein the at least one context comprises an external consideration for the managed computer system.
  - 6. The method of claim 1, wherein the entity comprises a computer resource within the managed computer system.

7. A system comprising a managed computer system, an access control system and a secondary authorization management system,wherein the access control system comprises at least one hardware processor that is configured to (i) receive a service request for at least one managed computer system from an entity, the entity having an access right for requesting the received service request of the managed computer system, (ii) subsequent to the service request receiving a primary authorization, dynamically determine, according to a context of the managed computer system and an authorization profile for the received service request, that the service request requires secondary authorization, the authorization profile for the received service request being retrieved from at least one knowledge system associated with the managed computer system, and (iii) send, based upon the determination, the service request and a secondary authorization request to a secondary authorization management system;
- andwherein the secondary authorization management system comprises at least one hardware processor that is configured to (i) resolve the secondary authorization request;
  
  (ii) return a resolution of the secondary authorization request to the access control system;
  
  (iii) log the context for the managed computer system, the service request, a secondary authorization result, and a service request result;
  
  (iv) identify a pattern and adding the pattern to the at least one knowledge system with the secondary authorization result; and
  
  (v) determine whether to provide the secondary authorization result in response to a secondary authorization request for another received service request based upon a comparison with the identified pattern.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein said resolution of the secondary authorization request depends upon resolution of one or more contingencies.
  - 9. The system of claim 8, wherein the secondary authorization management system is further configured to receive from the at least one knowledge system information indicative of whether the one or more contingencies were met.
  - 10. The system of claim 7, wherein the at least one knowledge system comprises at least one of an internal knowledge system, an authorization profile knowledge system, an external authorization system, a capacity management system, a licensing server, and a change management system.
  - 11. The system of claim 7, wherein the at least one context comprises an external consideration for the managed computer system.
  - 12. The system of claim 7, wherein the entity comprises a computer resource within the managed computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Corp.
Original Assignee
HyTrust, Inc. (Entrust Corp.)
Inventors
Belov, Boris, Prafullchandra, Hemma, Rangarajan, Govindarajan
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
LAKHIA, VIRAL S

Application Number

US14/612,983
Publication Number

US 20160044013A1
Time in Patent Office

595 Days
Field of Search

726/1, 726/4, 726/7, 726/23, 726/26, 713/153, 713/171, 709/203
US Class Current

1/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/00   Security arrangements for p...

G06F 9/455   Emulation; Interpretation; ...

G06F 9/45558   Hypervisor-specific managem...

G06N 5/022   Knowledge engineering; Know...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 67/10   in which an application is ...

Intelligent system for enabling automated secondary authorization for service requests in an agile information technology environment

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Intelligent system for enabling automated secondary authorization for service requests in an agile information technology environment

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links