Automated device assistance
US-2017004509-A1 · Jan 5, 2017 · US
Authorization server access system
US10129257B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10129257-B2 |
| Application number | US-201615234779-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 11, 2016 |
| Priority date | Mar 14, 2013 |
| Publication date | Nov 13, 2018 |
| Grant date | Nov 13, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and techniques are provided for authorizing restricted action (e.g., data access) requests using a tiered arrangement. A rule set is generated based on a policy received by an authorization server and is transmitted to a broker associated with an enterprise server. A restricted action request is received by an agent associated with the enterprise server and is provided to the broker associated with the enterprise server. The broker analyzes the request in view of the rule set and determines if the restricted action request should be granted or denied. The policy and/or rule set are updated based on activities and/or events within the system and a new rule set is generated based on the updated policy.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method comprising: determining, by an authorization server, a policy that defines a restricted action for a first endpoint device, wherein the policy is based on monitoring of a location of a second endpoint device by a first enterprise server, wherein the monitoring of the location of the second endpoint device is based on monitoring a different action, including changing a wireless network connection status of the second device, than the restricted action, wherein the first and second endpoint devices are different but are associated with a same user; generating, by the authorization server, a rule set for a second enterprise server based on the policy that is based on the monitoring by the first enterprise server, wherein the restricted action includes accessing one or more assets associated with a particular location, wherein the second enterprise server provides access to the one or more assets; and distributing, by the authorization server, the rule set to the second enterprise server, wherein the rule set is usable by the second enterprise server to grant or deny requests to perform the restricted action based on whether the location of the second endpoint device indicated by the monitoring of the first enterprise server is within a threshold distance from the particular location at which the first endpoint device is being used to attempt access to the one or more assets. 2. The method of claim 1 , wherein the first enterprise server provides information regarding the monitoring directly to the second enterprise server. 3. The method of claim 1 , wherein the rule set specifies a plurality of logic statements, evaluation of which indicates whether to grant or deny the restricted action. 4. The method of claim 1 , further comprising: receiving, by the second enterprise server, a request from an endpoint device to perform the restricted action; and determining, by the second enterprise server, whether to allow the restricted action based on the rule set. 5. The method of claim 1 , further comprising: the authorization server recieving a notification from the first enterprize server of an event relating to the monitoring; and the authorization server notifying the second enterprise server of the event. 6. The method of claim 1 , further comprising the authorization server updating the rule set and sending an updated rule set to the second enterprise server. 7. The method of claim 1 , wherein the rule set includes one or more logic statements associated with past activity corresponding to the restricted action. 8. A non-transitory computer-readable medium having instructions stored thereon that are executable by an authorization server to perform operations comprising: determining a policy that defines a restricted action for a first endpoint device, wherein the policy is based on monitoring of a location of a second endpoint device by a first enterprise server, wherein the monitoring of the location of the second endpoint device is based on monitoring a different action, including changing a wireless network connection status of the second device, than the restricted action and wherein the first and second endpoint devices are different but are associated with the same user; generating a rule set for a second enterprise server based on the policy that is based on the monitoring by the first enterprise server, wherein the restricted action includes accessing one or more assets associated with a particular location, wherein the second enterprise server provides access to the one or more assets; and distributing the rule set to the second enterprise server, wherein the rule set is usable by the second enterprise server to grant or deny requests to perform the restricted action based on whether the location of the second endpoint device indicated by the monitoring of the first enterprise server is within a threshold distance from the particular location at which the first endpoint device is being used to attempt access to the one or more assets. 9. The non-transitory computer-readable medium of claim 8 , wherein the first enterprise server is configured to provide information regarding the monitoring directly to the second enterprise server. 10. The non-transitory computer-readable medium of claim 8 , wherein the rule set specifies a plurality of logic statements, evaluation of which indicates whether to grant or deny the restricted action. 11. The non-transitory computer-readable medium of claim 8 , wherein the operations further comprise: recieving a notification from the first enterprise server of an event relating to the monitoring; and notifying the second enterprise server of the event. 12. A non-transitory computer-readable medium having instructions stored thereon that are executable by a enterprise server to perform operations comprising: receiving, from an authorization server, a rule set that is determined based on a policy that defines a restricted action for a first endpoint device, wherein the rule set is based at least on monitoring of a location of a second endpoint device by another enterprise server, wherein the first and second endpoint devices are different but are associated with the same user, wherein the monitoring of the location of the second endpoint device is based on monitoring a different action, including changing a wireless network connection status of the second device, than the restricted action, and wherein the restricted action includes accessing one or more assets associated with a particular location and wherein the enterprise server controls access to the one or more assets; and determining whether to grant requests by one or more endpoint devices to perform the restricted action based on whether the location of the second endpoint device indicated by the monitoring of the other enterprise server is within a threshold distance from the particular location at the particular time at which the first endpoint device is being used to attempt access to the one or more assets. 13. The non-transitory computer-readable medium of claim 12 , wherein the one or more assets allow or prevent physical access to a secured location. 14. The non-transitory computer-readable medium of claim 12 , wherein the operations further comprise receiving information regarding the monitoring directly from the other enterprise server. 15. The non-transitory computer-readable medium of claim 12 , wherein the operations further comprise receiving information regarding the monitoring by the other enterprise server via the authorization server. 16. The non-transitory computer-readable medium of claim 12 , wherein the operations further comprise receiving an updated rule set from the authorization server. 17. The non-transitory computer-readable medium of claim 12 , wherein the rule set includes one or more logic statements associated with past activity corresponding to the restricted action.
Assignees
Inventors
Classifications
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10129257B2 cover?
- Systems and techniques are provided for authorizing restricted action (e.g., data access) requests using a tiered arrangement. A rule set is generated based on a policy received by an authorization server and is transmitted to a broker associated with an enterprise server. A restricted action request is received by an agent associated with the enterprise server and is provided to the broker ass…
- Who is the assignee on this patent?
- Ca Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/10. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 13 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).