Systems and methods of secure self-service access to content

US 9,842,220 B1
Filed: 04/10/2015
Issued: 12/12/2017
Est. Priority Date: 04/10/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising, by a computer system:

receiving a request from a user to access particular content;

in response to the request;

determining a trust measure of the user, wherein the trust measure is based, at least in part, on an analysis of logged user-initiated communication events of the user on a plurality of communications platforms, wherein the trust measure is variable over time in relation to the logged user-initiated communication events;

wherein the determining the trust measure comprises;

enumerating historical data loss prevention (DLP) policy violations by the user on the plurality of communications platforms;

determining a communication profile of the user based, at least in part, on the logged user-initiated communication events;

determining directory-services information for the user from a directory service; and

quantitatively evaluating a combination of the DLP policy violations, the communication profile, and the directory-services information via one or more rules, wherein the trust measure comprises a numerical result of the quantitatively evaluating;

accessing a self-service access policy applicable to the particular content;

ascertaining, from the self-service access policy, a trust threshold applicable to the particular content; and

responsive to a determination that the trust measure fails to satisfy the trust threshold, automatically denying access by the user to the particular content.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method is performed by a computer system. The method includes receiving a request from a user to access particular content. The method further includes determining a trust measure of the user, wherein the trust measure is based, at least in part, on an analysis of logged user-initiated communication events of the user on a plurality of communications platforms. In addition, the method includes accessing a self-service access policy applicable to the particular content. Further, the method includes ascertaining, from the self-service access policy, a trust threshold applicable to the particular content. Moreover, the method includes, responsive to a determination that the trust measure fails to satisfy the trust threshold, automatically denying access by the user to the particular content.

Citations

18 Claims

1. A method comprising, by a computer system:
- receiving a request from a user to access particular content;
  
  in response to the request;
  
  determining a trust measure of the user, wherein the trust measure is based, at least in part, on an analysis of logged user-initiated communication events of the user on a plurality of communications platforms, wherein the trust measure is variable over time in relation to the logged user-initiated communication events;
  
  wherein the determining the trust measure comprises;
  
  enumerating historical data loss prevention (DLP) policy violations by the user on the plurality of communications platforms;
  
  determining a communication profile of the user based, at least in part, on the logged user-initiated communication events;
  
  determining directory-services information for the user from a directory service; and
  
  quantitatively evaluating a combination of the DLP policy violations, the communication profile, and the directory-services information via one or more rules, wherein the trust measure comprises a numerical result of the quantitatively evaluating;
  
  accessing a self-service access policy applicable to the particular content;
  
  ascertaining, from the self-service access policy, a trust threshold applicable to the particular content; and
  
  responsive to a determination that the trust measure fails to satisfy the trust threshold, automatically denying access by the user to the particular content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the enumerating comprises enumerating quasi-violations by the user on the plurality of communications platforms.
  - 3. The method of claim 1, wherein the determining the communication profile of the user comprises:
    - accessing event-assessment data for the logged user-initiated communication events, wherein each user-initiated communication event relates to at least one communication of a plurality of communications, wherein the event-assessment data comprises information related to a content-based classification of each of the plurality of communications;
      
      determining event-context information for each of the logged user-initiated communication events, the event-context information comprising user-identification information, user-location information, event-timing information, and user-device identification information;
      
      correlating the event-assessment data to a plurality of user contexts, each user context defined by a distinct subset of the event-context information;
      
      associating at least one user-communication pattern with each user context based, at least in part, on the correlated event-assessment data; and
      
      generating the communication profile using a result of the associating.
  - 4. The method of claim 1, wherein the determining the communication profile comprises accessing a pre-processed communication profile of the user.
  - 5. The method of claim 1, wherein the quantitatively evaluating comprises:
    - determining trust values for the historical DLP violations, the communication profile, and the directory-services information; and
      
      wherein the trust measure is based on a combination of the trust values.
  - 6. The method of claim 1, wherein the determining the trust measure comprises accessing a pre-processed trust measure in memory.
  - 7. The method of claim 1, comprising, responsive to a determination that the trust measure satisfies the trust threshold, automatically granting access by the user to the particular content.
  - 8. The method of claim 7, wherein the automatically granting comprises causing the user to be added to an access control list for the particular content.
  - 9. The method of claim 1, wherein the trust measure comprises an allocation of virtual currency.
  - 10. The method of claim 9, comprising:
    - responsive to a determination that the trust measure satisfies the trust threshold, automatically granting access by the user to the particular content; and
      
      decrementing the trust measure by a configurable amount.
  - 11. The method of claim 1, comprising:
    - determining information related to a current user context of the user; and
      
      responsive to a determination that the current user context comprises an outlier condition, denying access by the user to the particular content regardless of the trust measure.

12. An information handling system comprising at least one processor coupled to a memory, wherein the at least one processor is operable to implement a method comprising:
- receiving a request from a user to access particular content;
  
  in response to the request;
  
  determining a trust measure of the user, wherein the trust measure is based, at least in part, on an analysis of logged user-initiated communication events of the user on a plurality of communications platforms, wherein the trust measure is variable over time in relation to the logged user-initiated communication events;
  
  wherein the determining the trust measure comprises;
  
  enumerating historical data loss prevention (DLP) policy violations by the user on the plurality of communications platforms;
  
  determining a communication profile of the user based, at least in part, on the logged user-initiated communication events;
  
  determining directory-services information for the user from a directory service; and
  
  quantitatively evaluating a combination of the DLP policy violations, the communication profile, and the directory-services information via one or more rules, wherein the trust measure comprises a numerical result of the quantitatively evaluating;
  
  accessing a self-service access policy applicable to the particular content;
  
  ascertaining, from the self-service access policy, a trust threshold applicable to the particular content; and
  
  responsive to a determination that the trust measure fails to satisfy the trust threshold, automatically denying access by the user to the particular content.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The information handling system of claim 12, wherein the enumerating comprises enumerating quasi-violations by the user on the plurality of communications platforms.
  - 14. The information handling system of claim 12, wherein the determining the communication profile of the user comprises:
    - accessing event-assessment data for the logged user-initiated communication events, wherein each user-initiated communication event relates to at least one communication of a plurality of communications, wherein the event-assessment data comprises information related to a content-based classification of each of the plurality of communications;
      
      determining event-context information for each of the logged user-initiated communication events, the event-context information comprising user-identification information, user-location information, event-timing information, and user-device identification information;
      
      correlating the event-assessment data to a plurality of user contexts, each user context defined by a distinct subset of the event-context information;
      
      associating at least one user-communication pattern with each user context based, at least in part, on the correlated event-assessment data; and
      
      generating the communication profile using a result of the associating.
  - 15. The information handling system of claim 12, wherein the determining the communication profile comprises accessing a pre-processed communication profile of the user.
  - 16. The information handling system of claim 12, wherein the quantitatively evaluating comprises:
    - determining trust values for the historical DLP violations, the communication profile, and the directory-services information; and
      
      wherein the trust measure is based on a combination of the trust values.
  - 17. The information handling system of claim 12, wherein the determining the trust measure comprises accessing a pre-processed trust measure in memory.

18. A computer-program product comprising a non-transitory computer-usable medium having computer-readable program code embodied therein, the computer-readable program code adapted to be executed to implement a method comprising:
- receiving a request from a user to access particular content;
  
  in response to the request;
  
  determining a trust measure of the user, wherein the trust measure is based, at least in part, on an analysis of logged user-initiated communication events of the user on a plurality of communications platforms, wherein the trust measure is variable over time in relation to the logged user-initiated communication events;
  
  wherein the determining the trust measure comprises;
  
  enumerating historical data loss prevention (DLP) policy violations by the user on the plurality of communications platforms;
  
  determining a communication profile of the user based, at least in part, on the logged user-initiated communication events;
  
  determining directory-services information for the user from a directory service; and
  
  quantitatively evaluating a combination of the DLP policy violations, the communication profile, and the directory-services information via one or more rules, wherein the trust measure comprises a numerical result of the quantitatively evaluating;
  
  accessing a self-service access policy applicable to the particular content;
  
  ascertaining, from the self-service access policy, a trust threshold applicable to the particular content; and
  
  responsive to a determination that the trust measure fails to satisfy the trust threshold, automatically denying access by the user to the particular content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Dell Software, Inc. (Dell Technologies Inc.)
Inventors
Brisebois, Michel Albert, Johnstone, Curtis T., Le Rudulier, Olivier
Primary Examiner(s)
Vaughan, Michael R

Application Number

US14/683,441
Time in Patent Office

977 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/6218   to a system of files or obj...

H04L 63/102   Entity profiles

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

Systems and methods of secure self-service access to content

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods of secure self-service access to content

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links