Low trust privileged access management
US-2021352077-A1 · Nov 11, 2021 · US
Electronic system for dynamically permitting and restricting access to and modification of computer resources
US11675917B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11675917-B2 |
| Application number | US-202117237213-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 22, 2021 |
| Priority date | Apr 22, 2021 |
| Publication date | Jun 13, 2023 |
| Grant date | Jun 13, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, computer program products, and methods are described herein for dynamically permitting and restricting access to and modification of computer resources. The present invention may be configured to receive a change request identifying computer resources to be modified, determine whether privileged access is required to modify the computer resources, and receive credentials from a user device. The present invention may be further configured to generate an encrypted configuration file, determine whether the change request is valid, and further encrypt the encrypted configuration file based on determining that the change request is valid. The present invention may be further configured to determine whether the credentials authorize access to the computer resources, further encrypt the encrypted configuration file based on determining that the credentials authorize access to the computer resources, and permit and restrict access of the user device to computer resources based on the encrypted configuration file.
First claim
Opening claim text (preview).
What is claimed is: 1. A system for dynamically permitting and restricting access to and modification of computer resources, the system comprising: at least one non-transitory storage device; and at least one processing device coupled to the at least one non-transitory storage device, wherein the at least one processing device is configured to: receive a change request identifying computer resources to be modified; determine, using a machine learning model and based on the change request, whether privileged access is required to modify the computer resources; receive, based on determining that privileged access is required to modify the computer resources, credentials from a user device; generate, based on the change request, a first encrypted configuration file; determine, based on the change request and based on a service management database, whether the change request is valid; generate, based on determining that the change request is valid, a second encrypted configuration file by encrypting the first encrypted configuration file; determine, based on the credentials and a credential management database, whether the credentials authorize access to the computer resources identified by the change request; generate, based on determining that the credentials authorize access to the computer resources identified by the change request, a third encrypted configuration file by encrypting the second encrypted configuration file; permit, based on the third encrypted configuration file, the user device to modify the computer resources identified by the change request; and prevent, based on the third encrypted configuration file, the user device from modifying other computer resources that are not the computer resources identified by the change request. 2. The system of claim 1 , wherein the change request comprises information identifying an event associated with modifying the computer resources, an incident associated with modifying the computer resources, and a modification to be performed on the computer resources. 3. The system of claim 1 , wherein the change request comprises information provided by the user device to a service management tool. 4. The system of claim 1 , wherein the change request identifies modifications to be made to the computer resources, wherein the first encrypted configuration file comprises data identifying the modifications to be made to the computer resources, and wherein the at least one processing device is further configured to: permit, based on the third encrypted configuration file, the user device to perform the modifications on the computer resources; and prevent, based on the third encrypted configuration file, the user device from performing modifications other than the modifications identified in the change request. 5. The system of claim 1 , wherein the at least one processing device is further configured to, when receiving the change request, receive the change request from a service management system. 6. The system of claim 1 , wherein the at least one processing device is further configured to, when determining whether privileged access is required to modify the computer resources: transform data associated with the change request to obtained transformed data; normalize the data associated with the change request to obtain normalized data; clean the data associated with the change request to obtain clean data; process the transformed data, the normalized data, and the cleaned data to obtain processed data; and provide, to the machine learning model, the processed data, wherein the machine learning model is configured to determine, based on the processed data, whether privileged access is required to modify the computer resources, and wherein the machine learning model is trained based on historical data associated with change requests and historical determinations of whether privileged access is required. 7. The system of claim 6 , wherein the at least one processing device is further configured to, when determining whether privileged access is required to modify the computer resources, parse, using a natural language parser, the processed data to determine whether privileged access is required to modify the computer resources. 8. The system of claim 1 , wherein the machine learning model comprises a random forest classifier. 9. The system of claim 1 , wherein the at least one processing device is further configured to, when determining whether privileged access is required to modify the computer resources, process the change request using a privilege access detection engine comprising the machine learning model and a natural language parser. 10. The system of claim 1 , wherein the at least one processing device is further configured to permit, based on determining that privileged access is not required to modify the computer resources, the user device to modify the computer resources identified by the change request. 11. The system of claim 1 , wherein the at least one processing device is further configured to, when generating the first encrypted configuration file, generate the first encrypted configuration file based on data provided by the user device to a configuration management database. 12. The system of claim 1 , wherein the at least one processing device is further configured to, based on determining that the change request is not valid: prevent the user device from modifying the computer resources identified by the change request; and provide a notification to the user device indicating that the change request is not valid. 13. The system of claim 1 , wherein the change request comprises information identifying an event associated with modifying the computer resources, an incident associated with modifying the computer resources, and a modification to be performed on the computer resources, and wherein the at least one processing device is further configured to, when determining whether the change request is valid: determine, based on the service management database, whether the event is a valid event; determine, based on the service management database, whether the incident is a valid incident; determine, based on the service management database, whether the modification to be performed on the computer resources conflicts with another service; and determine, based on the service management database, whether the modification to be performed on the computer resources overlaps with another service. 14. The system of claim 1 , wherein the at least one processing device is further configured to: when generating the first encrypted configuration file, encrypt, using a first public key and a first private key, a configuration file comprising data provided by the user device to a configuration management database to generate the first encrypted configuration file; when generating the second encrypted configuration file, encrypt, using a second public key and a second private key, the first encrypted configuration file to generate the second encrypted configuration file; and when generating the third encrypted configuration file, encrypt, using a third public key and a third private key, the second encrypted configuration file to generate the third encrypted configuration file. 15. The system of claim 14 , wherein the at least one processing device is further configured to: when determining whether the change request is valid, decrypt, using the first public key, the first encrypted configuration file to access the data of the configuration file; and when determining whether the credentials authorize access to the computer resources identif
Assignees
Inventors
Classifications
to service a request · CPC title
- G06F21/62Primary
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Structures or tools for the administration of authentication · CPC title
Access rights, e.g. capability lists, access control lists, access tables, access matrices · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11675917B2 cover?
- Systems, computer program products, and methods are described herein for dynamically permitting and restricting access to and modification of computer resources. The present invention may be configured to receive a change request identifying computer resources to be modified, determine whether privileged access is required to modify the computer resources, and receive credentials from a user de…
- Who is the assignee on this patent?
- Bank Of America
- What technology area does this patent fall under?
- Primary CPC classification G06F21/62. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 13 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).