Hierarchical temporal memory for expendable access control
US-2018285585-A1 · Oct 4, 2018 · US
Out-of-band challenge in a computer system
US11146589B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11146589-B2 |
| Application number | US-201816498880-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 26, 2018 |
| Priority date | Mar 30, 2017 |
| Publication date | Oct 12, 2021 |
| Grant date | Oct 12, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A computer implemented method for access control for a consumer accessing a restricted resource in a network connected computer system, the method including receiving a continuous sequence of data records relating to use, by the consumer, of the restricted resource, the resource being accessed by the consumer over an access network; continuously comparing the data records with an access control policy for the restricted resource; in response to a determination that the behavior is non-compliant with respect to the policy, generating and communicating a shared secret to the consumer, the shared secret being communicated via a communications channel other than the access network; receiving a response to a challenge from the user via the access network; and notifying the computer system that access to the resource by the consumer should be precluded based on a comparison of the response to the challenge and the shared-secret.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computer implemented method for access control for a consumer accessing a restricted resource in a computer system connected to an access network, the method comprising: receiving a continuous sequence of data records while the consumer is accessing and using the restricted resource over the access network; continuously comparing the received data records with an access control policy for the restricted resource, wherein the access control policy is accessed or received and applied by an out-of-band (OOB) access control system to identify any deviation from the access policy by the consumer using the restricted resource; in response to a determination that a behavior of the consumer is non-compliant with respect to the access control policy, generating and communicating a shared secret to the consumer, the shared secret being communicated via an OOB communications channel other than the access network; receiving and validating, by the OOB access control system, a response to a challenge corresponding to the shared secret from the consumer via the access network; and notifying the computer system that access to the restricted resource by the consumer should be precluded based on the validation of the response to the challenge and the shared secret. 2. A non-transitory computer-readable storage medium storing a computer program element comprising computer program code to, when loaded into a computer system and executed thereon, cause the computer system to perform the method as claimed in claim 1 . 3. The method of claim 1 , wherein the consumer authenticates with the computer system prior to accessing the restricted resource. 4. The method of claim 1 , wherein the continuous sequence of data records are received from at least one of the computer system or the restricted resource. 5. The method of claim 1 , wherein the data records include log information recording operations performed by at least one of the computer system or the restricted resource as part of the use of the restricted resource by the consumer. 6. The method of claim 1 , wherein the shared secret has an expiry time after which the shared secret ceases to be valid. 7. A computer system for access control for a consumer accessing a restricted resource comprising: a processor device and memory storing computer program code for access control for the consumer accessing the restricted resource in the computer system connected to an access network; receiving a continuous sequence of data records while the consumer is accessing and using the restricted resource over the access network; continuously comparing the received data records with an access control policy for the restricted resource, wherein the access control policy is accessed or received and applied by an out-of-band (OOB) access control system to identify any deviation from the access policy by the consumer using the restricted resource; in response to a determination that a behavior of the consumer is non-compliant with respect to the access control policy, generating and communicating a shared secret to the consumer, the shared secret being communicated via an OOB communications channel other than the access network; receiving and validating, by the OOB access control system, a response to a challenge corresponding to the shared secret from the consumer via the access network; and notifying the computer system that access to the restricted resource by the consumer should be precluded based on the validation of the response to the challenge and the shared secret.
Assignees
Inventors
Classifications
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
using a plurality of channels (network architectures or network communication protocols using different networks H04L63/18) · CPC title
Continuous authentication · CPC title
by using authentication-authorization-accounting [AAA] servers or protocols · CPC title
- H04L63/18Primary
using different networks or channels, e.g. using out of band channels (cryptographic mechanisms or cryptographic arrangements for key distribution involving distinctive intermediate devices or communication paths H04L9/0827; cryptographic mechanisms or cryptographic arrangements for authentication using a plurality of channels H04L9/3215) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11146589B2 cover?
- A computer implemented method for access control for a consumer accessing a restricted resource in a network connected computer system, the method including receiving a continuous sequence of data records relating to use, by the consumer, of the restricted resource, the resource being accessed by the consumer over an access network; continuously comparing the data records with an access control…
- Who is the assignee on this patent?
- British Telecomm
- What technology area does this patent fall under?
- Primary CPC classification H04L63/18. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 12 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).