Reconciliation of access rights in a computing system

US 9,916,450 B2
Filed: 04/11/2016
Issued: 03/13/2018
Est. Priority Date: 12/20/2012
Status: Active Grant

First Claim

Patent Images

1. A system for reconciling access rights of a computing system comprising:

at least one processor;

a data store storing access right information that indicates access rights of a computing system that have been respectively provisioned for users of the computing system and that indicates at least one approved request to grant one of the access rights to one of the users; and

memory storing instructions that, when executed by the at least one processor, cause the system to generate a reconciliation report that indicates at least one of the access rights should either be provisioned or revoked wherein the reconciliation report is generated by performing one or more reconciliation tasks using the access right information; and

wherein the one or more reconciliation tasks include a first reconciliation task associated with instructions stored at the memory that, when executed by the at least one processor, cause the system to;

determine, from the access right information, one or more provisioned access rights that have actually been provisioned for one of the users,determine, from the access right information, one or more approved access grant requests wherein each of the one or more approved access grant requests indicates an approval of a grant of one of the access rights to the user,determine, for each provisioned access right of the one or more provisioned access rights, whether the provisioned access right corresponds to one of the one or more approved access grant requests, andconfigure the reconciliation report to indicate, for each provisioned access right of the one or more provisioned access rights, that the provisioned access right is either an approved access right responsive to determining that the provisioned access right does correspond to one of the one or more approved access grant requests or an unapproved access right responsive to determining that the provisioned access right does not correspond to any of the one or more approved access grant requests.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provide for reconciling access rights of a computing system are described. Access right information that respectively corresponds to access rights of a computing system may be obtained and evaluated. Reconciliation tasks may be performed using the access right information, and a reconciliation report may be generated during performance of at least one of the reconciliation tasks. The reconciliation report may indicate that one or more of the access rights should either be provisioned or revoked at the computing system.

141 Citations

17 Claims

1. A system for reconciling access rights of a computing system comprising:
- at least one processor;
  
  a data store storing access right information that indicates access rights of a computing system that have been respectively provisioned for users of the computing system and that indicates at least one approved request to grant one of the access rights to one of the users; and
  
  memory storing instructions that, when executed by the at least one processor, cause the system to generate a reconciliation report that indicates at least one of the access rights should either be provisioned or revoked wherein the reconciliation report is generated by performing one or more reconciliation tasks using the access right information; and
  
  wherein the one or more reconciliation tasks include a first reconciliation task associated with instructions stored at the memory that, when executed by the at least one processor, cause the system to;
  
  determine, from the access right information, one or more provisioned access rights that have actually been provisioned for one of the users,determine, from the access right information, one or more approved access grant requests wherein each of the one or more approved access grant requests indicates an approval of a grant of one of the access rights to the user,determine, for each provisioned access right of the one or more provisioned access rights, whether the provisioned access right corresponds to one of the one or more approved access grant requests, andconfigure the reconciliation report to indicate, for each provisioned access right of the one or more provisioned access rights, that the provisioned access right is either an approved access right responsive to determining that the provisioned access right does correspond to one of the one or more approved access grant requests or an unapproved access right responsive to determining that the provisioned access right does not correspond to any of the one or more approved access grant requests.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein:
    - the reconciliation report includes a plurality of report sections; and
      
      individual report sections of the reconciliation report respectively correspond to one of the one or more reconciliation tasks performed.
  - 3. The system of claim 1, wherein:
    - the instructions, when executed by the at least one processor, further cause the system to provide the reconciliation report to an administrator of the computing system.
  - 4. The system of claim 1, wherein:
    - the reconciliation report is generated for a single user of the computing system; and
      
      each access right identified in the reconciliation report is associated with the single user of the computing system.
  - 5. The system of claim 4, wherein:
    - the instructions, when executed by the at least one processor, further cause the system to;
      
      present an interface comprising a list of the users of the computing system, each user included in the list having been flagged for a review of access rights provisioned for the user,receive user input at the list selecting one of the users included in the list, andinitiate performance of the one or more reconciliation tasks for the user selected.
  - 6. The system of claim 1, wherein:
    - the reconciliation report is generated for a plurality of users of the computing system; and
      
      the reconciliation report includes a plurality of report sections, each report section corresponding to one of the plurality of users of the computing system.

7. A computer-implemented method for reconciling access rights of a computing system comprising:
- generating, by a computing device, a reconciliation report that indicates at least one access right of a computing system should either be provisioned or revoked wherein the reconciliation report is generated by performing one or more reconciliation tasks using access right information that indicates access rights of the computing system that have been respectively provisioned for users of the computing system and that indicates at least one approved request to grant one of the access rights to one of the users; and
  
  wherein the one or more reconciliation tasks include a first reconciliation task comprising;
  
  determining, by the computing device from the access right information, one or more provisioned access rights that have actually been provisioned for one of the users,determining, by the computing device and from the access right information, one or more approved access grant requests wherein each of the one or more approved access grant requests indicates an approval of a grant of one of the access rights to the user,determining, by the computing device and for each provisioned access right of the one or more provisioned access rights, whether the provisioned access right corresponds to one of the one or more approved access grant requests, andconfiguring, by the computing device, the reconciliation report to indicate, for each provisioned access right of the one or more provisioned access rights, that the provisioned access right is either an approved access right responsive to determining that the provisioned access right does correspond to one of the one or more approved access grant requests or an unapproved access right responsive to determining that the provisioned access right does not correspond to any of the one or more approved access grant requests.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-implemented method of claim 7, wherein:
    - the reconciliation report includes a plurality of report sections; and
      
      individual report sections of the reconciliation report respectively correspond to one of the one or more reconciliation tasks performed.
  - 9. The computer-implemented method of claim 7, further comprising:
    - providing, by the computing device, the reconciliation report to an administrator of the computing system.
  - 10. The computer-implemented method of claim 7, wherein:
    - the reconciliation report is generated for a single user of the computing system; and
      
      each access right identified in the reconciliation report is associated with the single user of the computing system.
  - 11. The computer-implemented method of claim 10, further comprising:
    - presenting an interface comprising a list of the users of the computing system, each user included in the list having been flagged for a review of access rights provisioned for the user;
      
      receiving user input at the list selecting one of the users included in the list; and
      
      initiating performance of the one or more reconciliation tasks for the user selected.
  - 12. The computer-implemented method of claim 7, wherein:
    - the reconciliation report is generated for a plurality of users of the computing system; and
      
      the reconciliation report includes a plurality of report sections, each report section corresponding to one of the plurality of users of the computing system.

13. Non-transitory computer-readable media comprising instructions that, when executed by a processor of a computing device, cause the computing device to perform steps for reconciling access rights of a computing system, the steps comprising:
- generating, by a computing device, a reconciliation report that indicates at least one access right of a computing system should either be provisioned or revoked wherein the reconciliation report is generated by performing one or more reconciliation tasks using access right information that indicates access rights of the computing system that have been respectively provisioned for users of the computing system and that indicates at least one approved request to grant one of the access rights to one of the users; and
  
  wherein the one or more reconciliation tasks include a first reconciliation task comprising;
  
  determining, from the access right information, one or more provisioned access rights that have actually been provisioned for one of the users,determining, from the access right information, one or more approved access grant requests wherein each of the one or more approved access grant requests indicates an approval of a grant of one of the access rights to the user,determining, by the computing device and for each provisioned access right of the one or more provisioned access rights, whether the provisioned access right corresponds to one of the one or more approved access grant requests, andconfiguring the reconciliation report to indicate, for each provisioned access right of the one or more provisioned access rights, that the provisioned access right is either an approved access right responsive to determining that the provisioned access right does correspond to one of the one or more approved access grant requests or an unapproved access right responsive to determining that the provisioned access right does not correspond to any of the one or more approved access grant requests.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer-readable media of claim 13, wherein:
    - the reconciliation report includes a plurality of report sections; and
      
      individual report sections of the reconciliation report respectively correspond to one of the one or more reconciliation tasks performed.
  - 15. The non-transitory computer-readable media of claim 13, wherein the instructions, when executed by the processor of the computing device, cause the computing device to perform steps further comprising:
    - providing the reconciliation report to an administrator of the computing system.
  - 16. The non-transitory computer-readable media of claim 13, wherein:
    - the reconciliation report is generated for a plurality of users of the computing system; and
      
      the reconciliation report includes a plurality of report sections, each report section corresponding to one of the plurality of users of the computing system.
  - 17. The non-transitory computer-readable media of claim 13, wherein the instructions, when executed by the processor of the computing device, cause the computing device to perform steps further comprising:
    - presenting an interface comprising a list of the users of the computing system, each user included in the list having been flagged for a review of access rights provisioned for the user,receiving user input at the list selecting one of the users included in the list, andinitiating performance of the one or more reconciliation tasks for the user selected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Moloian, Armen, Ritchey, Ronald W.
Primary Examiner(s)
Cao, Phuong Thao

Application Number

US15/095,596
Publication Number

US 20160226880A1
Time in Patent Office

701 Days
Field of Search

707600
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/57   Certifying or maintaining t...

G06F 2221/2141   Access rights, e.g. capabil...

G06Q 10/08   Logistics, e.g. warehousing...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

Reconciliation of access rights in a computing system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

141 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Reconciliation of access rights in a computing system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

141 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links