APPARATUS AND METHOD FOR ACCESS VALIDATION

US 20110258683A1
Filed: 05/13/2011
Published: 10/20/2011
Est. Priority Date: 10/24/2006
Status: Active Grant

First Claim

Patent Images

1. An apparatus configured for performing access validation, comprising:

one or more processors;

an access validation application configured for;

receiving a request for performing access validation of a particular resource, wherein performing access validation comprises determining whether a previously granted access to said resource is valid;

determining whether the previously granted access to said resource is valid comprises invoking a workflow process that is dynamically generated at least in part from a structure of a hierarchy of resources and a location of the particular resource within the hierarchy, wherein the invoked workflow process comprises requesting access validation from a chain of one or more owners corresponding to sub-resources as defined by the structure of the hierarchy;

in response to determining whether the preciously granted access to said resource is valid, responding to the request for performing access validation of a particular resource with any of the following five options;

an affirmation of validity;

a negative indication that said previously granted access to said resource is not valid;

a stronger condition;

an answer indicating that it cannot be determined whether the previously granted access to said resource is valid; and

an exception, wherein it was determined that the previously granted access to the resource is not valid, however that temporary access to the resource is required;

wherein configuring said access validation application does not require business rules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One or more techniques for access validation are provided. Access validation may be performed automatically or in real-time. Access validation may be at the resource level or at a sub-resource level. Techniques provided herein may be applied in a large variety of situations and industries, e.g. compliance management or inventory. Access validation reports may be generated in real-time or may link to indications of access validation in real-time. Five outcomes or options are provided, including affirmative, negative, stronger negative with larger implication, undetermined, and negative, however with temporarily granted access. A field for allowing entry of justification for access to a particular resource is provided. Reminders to validate privileges are provided. A continuous access validation process is provided. A technique for extending the hierarchy and corresponding workflow that is generated thereof is provided.

Citations

20 Claims

1. An apparatus configured for performing access validation, comprising:
- one or more processors;
  
  an access validation application configured for;
  
  receiving a request for performing access validation of a particular resource, wherein performing access validation comprises determining whether a previously granted access to said resource is valid;
  
  determining whether the previously granted access to said resource is valid comprises invoking a workflow process that is dynamically generated at least in part from a structure of a hierarchy of resources and a location of the particular resource within the hierarchy, wherein the invoked workflow process comprises requesting access validation from a chain of one or more owners corresponding to sub-resources as defined by the structure of the hierarchy;
  
  in response to determining whether the preciously granted access to said resource is valid, responding to the request for performing access validation of a particular resource with any of the following five options;
  
  an affirmation of validity;
  
  a negative indication that said previously granted access to said resource is not valid;
  
  a stronger condition;
  
  an answer indicating that it cannot be determined whether the previously granted access to said resource is valid; and
  
  an exception, wherein it was determined that the previously granted access to the resource is not valid, however that temporary access to the resource is required;
  
  wherein configuring said access validation application does not require business rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The apparatus of claim 1, wherein an owner from the chain of one or more owners is a group and wherein the workflow process is configured to request access validation from any member of the group or from all members in the group.
  - 3. The apparatus of claim 1, wherein an answer indicating that it cannot be determined whether the previously granted access to said resource is valid, further comprises escalating the request for performing access validation of the particular resource.
  - 4. The apparatus of claim 1, wherein the stronger condition is that access should not be granted to a higher node, the higher node containing the resource.
  - 5. The apparatus of claim 1, wherein the owner of the particular resource is responsible for validating entities which are in the realm of responsibility of the owner and wherein entities which are in the realm of responsibility of the owner comprise one or more sub-resources, each said sub-resource having a corresponding owner, and wherein each corresponding owner is required to perform access validation for its sub-resource and is responsible for validation entities which are in its realm of responsibility.
  - 6. The apparatus of claim 1, wherein access validation is performed in real-time or automatically.
  - 7. The apparatus of claim 1, wherein access validation is performed at a later point in time from when one or more privileges were granted.
  - 8. The apparatus of claim 1, wherein access validation occurs on a scheduled basis.
  - 9. The apparatus of claim 1, wherein determining whether the previously granted access to said resource is valid is based in part on one or more business-related attributes.
  - 10. The apparatus of claim 1, wherein a particular request is a type of resource and wherein said access validation application is further configured for:
    - performing validation of said particular request, wherein performing validation of the particular request comprises determining whether the particular request is granted;
      
      wherein determining whether the particular request is granted comprises invoking the workflow process that is dynamically generated at least in part from a structure of a hierarchy of resources and a location of the particular request within the hierarchy, wherein the invoked workflow process comprises requesting access validation from a chain of one or more owners corresponding to sub-resources as defined by the structure of the hierarchy.

11. A computer-implemented method for performing access validation, comprising:
- receiving a request for performing access validation of a particular resource, wherein performing access validation comprises determining whether a previously granted access to said resource is valid;
  
  determining whether the previously granted access to said resource is valid comprises invoking a workflow process that is dynamically generated at least in part from a structure of a hierarchy of resources and a location of the particular resource within the hierarchy, wherein the invoked workflow process comprises requesting access validation from a chain of one or more owners corresponding to sub-resources as defined by the structure of the hierarchy;
  
  in response to determining whether the preciously granted access to said resource is valid, responding to the request for performing access validation of a particular resource with any of the following five options;
  
  an affirmation of validity;
  
  a negative indication that said previously granted access to said resource is not valid;
  
  a stronger condition;
  
  an answer indicating that it cannot be determined whether the previously granted access to said resource is valid; and
  
  an exception, wherein it was determined that the previously granted access to the resource is not valid, however that temporary access to the resource is required;
  
  wherein business rules are not required; and
  
  wherein said method is performed by a computer system configured to perform said method.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein an owner from the chain of one or more owners is a group and wherein the workflow process is configured to request access validation from any member of the group or from all members in the group.
  - 13. The method of claim 11, wherein an answer indicating that it cannot be determined whether the previously granted access to said resource is valid, further comprises escalating the request for performing access validation of the particular resource.
  - 14. The method of claim 11, wherein the stronger condition is that access should not be granted to a higher node, the higher node containing the resource.
  - 15. The method of claim 11, wherein the owner of the particular resource is responsible for validating entities which are in the realm of responsibility of the owner and wherein entities which are in the realm of responsibility of the owner comprise one or more sub-resources, each said sub-resource having a corresponding owner, and wherein each corresponding owner is required to perform access validation for its sub-resource and is responsible for validation entities which are in its realm of responsibility.
  - 16. The method of claim 11, wherein access validation is performed in real-time or automatically.
  - 17. The method of claim 11, wherein access validation is performed at a later point in time from when one or more privileges were granted.
  - 18. The method of claim 11, wherein access validation occurs on a scheduled basis.
  - 19. The method of claim 11, wherein determining whether the previously granted access to said resource is valid is based in part on one or more business-related attributes.
  - 20. The method of claim 11, further comprising:
    - performing validation of said particular request, wherein performing validation of the particular request comprises determining whether the particular request is granted;
      
      wherein determining whether the particular request is granted comprises invoking the workflow process that is dynamically generated at least in part from a structure of a hierarchy of resources and a location of the particular request within the hierarchy, wherein the invoked workflow process comprises requesting access validation from a chain of one or more owners corresponding to sub-resources as defined by the structure of the hierarchy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avatier Corporation
Original Assignee
Avatier Corporation
Inventors
CICCHITTO, Nelson A.

Granted Patent

US 8,931,057 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

H04L 63/102   Entity profiles

APPARATUS AND METHOD FOR ACCESS VALIDATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS AND METHOD FOR ACCESS VALIDATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links