Dynamic behavior-based access control system and method
First Claim
Patent Images
1. A method for controlling an entity'"'"'s access to a resource based on observed behavior of the entity comprising the steps of:
- assigning the entity a default authorization meta-tag comprising a key-value rating describing behavior of the entity;
evaluating the entity'"'"'s behavior against a plurality of policies; and
updating the key-value rating based upon the evaluation of the entity'"'"'s behavior.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method for controlling an entity'"'"'s access to a resource based on observed behavior of the entity. The method assigns the entity a default authorization meta-tag. The method monitors the entity'"'"'s behavior and updates the entity'"'"'s meta-tag based upon the observed behavior. Accordingly, dynamic behavior-based access control is achieved.
99 Citations
21 Claims
-
1. A method for controlling an entity'"'"'s access to a resource based on observed behavior of the entity comprising the steps of:
-
assigning the entity a default authorization meta-tag comprising a key-value rating describing behavior of the entity;
evaluating the entity'"'"'s behavior against a plurality of policies; and
updating the key-value rating based upon the evaluation of the entity'"'"'s behavior. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer useable medium having computer readable program code embodied therein for automatically updating a meta-tag based on observed behavior, the computer readable program code in the computer program product comprising:
-
computer readable program code for causing a computer to retrieve a policy associated with the meta-tag from a policy database, wherein the meta-tag provides at least one key-value rating describing behavior of an entity;
computer readable program code for causing the computer to compare the policy to an observed behavior of the entity, wherein the observed behavior of the entity satisfies the policy; and
computer readable program code for causing the computer to modify the key-value rating according to the policy, the policy specifying a modification based on the observed behavior of the entity. - View Dependent Claims (11, 12, 13, 14, 15, 16, 21)
-
-
17. A program storage device readable by machine, tangible embodying a program of instructions executable by the machine to perform method steps for automatically updating a meta-tag based on observed behavior, the method steeps comprising:
-
retrieving a policy associated with the meta-tag from a policy database, wherein the meta-tag provides at least one key-value rating describing behavior of an entity;
comparing the policy to an observed behavior of the entity, wherein the observed behavior of the entity satisfies the policy; and
modifying the key-value rating according to the policy, the policy specifying a modification based on the observed behavior of the entity. - View Dependent Claims (18, 19, 20)
assigning a new user a default meta-tag; and
storing the meta-tag in the meta-tag database.
-
-
19. The method for automatically updating the meta-tag as in claim 17, further comprising the step of modifying the meta-tag according to the policy, the policy specifying the modification based on observed behavior.
-
20. The method for automatically updating the meta-tag as in claim 17, wherein determining the update further comprises the step of:
-
comparing the retrieved policy to the observed behavior;
if the observed behavior is equal to a behavior defined in the policy increment the meta-tag;
if the observed behavior is not equal to a behavior defined in the policy the key-value rating is not updated.
-
Specification