What technology area does this patent fall under?

Primary CPC classification G06F21/6209. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Sep 25 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Quality assurance checks of access rights in a computing system

US10083312B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10083312-B2
Application number	US-201715399831-A
Country	US
Kind code	B2
Filing date	Jan 6, 2017
Priority date	Dec 20, 2012
Publication date	Sep 25, 2018
Grant date	Sep 25, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Systems and methods for ensuring the quality of identity and access management information at a computing system are described. Access right information that respectively corresponds to one or more access rights may be stored at a data store. The access right information may be stored in accordance with a data model that defines respective relationships between the access rights and both the users having access to the computing system and the computing resources of the computing system. At least a portion of the access right information may be retrieved, and quality assurance tasks may be performed using the portion of the access right information retrieved.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method of managing identity and access management information comprising: storing, at a data store of a computing device, access right information indicating a plurality of granted access rights associated with a computing resource of a computing system, wherein each of the plurality of granted access rights grants one of a plurality of users access to the computing resource, wherein the plurality of granted access rights comprises a plurality of entitlements, wherein each entitlement comprises an indication of a permission to access the computing resource, and wherein the permission is provisioned to one of the plurality of users; receiving, by the computing device, access right utilization information indicating a plurality of utilized access rights, wherein each of the plurality of utilized access rights has been used to access the computing resource; comparing, by the computing device, each granted access right of the plurality of granted access rights to the plurality of utilized access rights in order to determine whether that granted access right has been used to access the computing resource; generating, by the computing device, a report based on the comparing, wherein the report indicates which of the plurality of granted access rights have not been used to access the computing resource, wherein the report indicates, for each granted access right of the plurality of granted access rights, whether that granted access right has or has not been used to access the computing resource based on whether that granted access right corresponds to one of the plurality of utilized access rights, and wherein the report indicates which of the plurality of entitlements have not been used to access the computing resource; and based on determining that a granted access right of the plurality of granted access rights has not been used to access the computing resource, removing the granted access right. 2. The computer-implemented method of claim 1 , wherein: the plurality of granted access rights comprises a plurality of permissions, wherein each permission is provisioned to one of the plurality of users; and the report identifies which of the plurality of permissions have not been used to access the computing resource. 3. The computer-implemented method of claim 1 , wherein: the plurality of granted access rights comprises a plurality of roles, wherein each role is assigned to one of the plurality users; and the report identifies which of the plurality of roles have not been used to access the computing resource. 4. The computer-implemented method of claim 1 , wherein: the granted access right that has not been used to access the computing resource is removed in response to receipt of a request to remove the granted access right. 5. The computer-implemented method of claim 4 , wherein: removing the granted access right comprises at least one of: removing an entitlement associated with one of the plurality of users, removing a role assigned to one of the plurality of users, or removing a permission provisioned to one of the plurality of users. 6. The computer-implemented method of claim 1 , further comprising: presenting the report to an individual responsible for management of the computing resource. 7. The computer-implemented method of claim 1 , wherein: the access right utilization information is received from the computing resource itself. 8. The computer-implemented method of claim 1 , wherein: wherein the method is performed on-demand. 9. A computing device for managing identity and access management information comprising: at least one processor; a data store storing access right information indicating a plurality of granted access rights associated with a computing resource of a computing system, wherein each of the plurality of access rights grants one of a plurality of users access to the computing resource, wherein the plurality of granted access rights comprises a plurality of entitlements, wherein each entitlement comprises an indication of a permission to access the computing resource, and wherein the permission is provisioned to one of the plurality of users; and memory storing computer-executable instructions that, when executed by the at least one processor, cause the computing device to: receive access right utilization information indicating a plurality of utilized access rights, wherein each utilized access right has been used to access the computing resource; compare each granted access right of the plurality of granted access rights to the plurality of utilized access rights in order to determine whether that granted access right has been used to access the computing resource; generate a report based on the comparing, wherein the report indicates which of the plurality of granted access rights have not been used to access the computing resource, wherein the report indicates, for each granted access right of the plurality of granted access rights, whether that granted access right has or has not been used to access the computing resource based on whether that granted access right corresponds to one of the plurality of utilized access rights, and wherein the report indicates which of the plurality of entitlements have not been used to access the computing resource; and based on determining that a granted access right of the plurality of granted access rights has not been used to access the computing resource, remove the granted access right. 10. The computing device of claim 9 , wherein: the plurality of granted access rights further comprises at least one of: a plurality of permissions, wherein each permission is provisioned to one of the plurality of users; or a plurality of roles, wherein each role is assigned to one of the plurality users. 11. The computing device of claim 9 , wherein: the granted access right that has not been used to access the computing resource is removed in response to receipt of a request to remove the granted access right; and removing the granted access right comprises at least one of: removing an entitlement associated with one of the plurality of users, removing a role assigned to one of the plurality of users, or removing a permission provisioned to one of the plurality of users. 12. The computing device of claim 9 , wherein: the access right utilization information is received from the computing resource itself. 13. Non-transitory computer-readable media storing instructions for managing identity and access management information, wherein the instructions, when executed by at least one processor of a computing device, cause the computing device to: store, at a data store, access right information indicating a plurality of granted access rights associated with a computing resource of a computing system, wherein each of the plurality of granted access rights grants one of a plurality of users access to the computing resource, wherein the plurality of granted access rights comprises a plurality of entitlements, wherein each entitlement comprises an indication of a permission to access the computing resource, and wherein the permission is provisioned to one of the plurality of users; receive access right utilization information indicating a plurality of utilized access rights, wherein each utilized access right has been used to access the computing resource; compare each granted access right of the plurality of granted access rights to the plurality of utilized access rights in order to determine whether that granted access right has been used to access the computing resource; generate a report based on the comparing

Assignees

Bank Of America

Inventors

Classifications

G06F17/30371
Physics · mapped topic
G06F21/6209Primary
to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself · CPC title
G06F17/30303
Physics · mapped topic
G06F16/215Primary
Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors · CPC title
G06F16/2365
Ensuring data consistency and integrity · CPC title

Patent family

Related publications grouped by family.

View patent family 51569915

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10083312B2 cover?: Systems and methods for ensuring the quality of identity and access management information at a computing system are described. Access right information that respectively corresponds to one or more access rights may be stored at a data store. The access right information may be stored in accordance with a data model that defines respective relationships between the access rights and both the us…
Who is the assignee on this patent?: Bank Of America
What technology area does this patent fall under?: Primary CPC classification G06F21/6209. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Sep 25 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).