Trust/value/risk-based access control policy
US-2015106888-A1 · Apr 16, 2015 · US
Continuous Monitoring of Access of Computing Resources
US2016171195A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016171195-A1 |
| Application number | US-201615048238-A |
| Country | US |
| Kind code | A1 |
| Filing date | Feb 19, 2016 |
| Priority date | Sep 11, 2014 |
| Publication date | Jun 16, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource may be received, and a usage monitor may apply a usage rule to the requested action. If the requested action violates the usage constraint of the usage rule, the usage monitor may halt performance of the requested action and notify another user of the usage constraint violation. The authenticator may receive and verify another set of login credentials from that other user. In response to successful verification of the additional set of login credentials, the usage monitor may resume performance of the requested action.
First claim
Opening claim text (preview).
What is claimed is: 1 . (canceled) 2 . A computer-implemented method of monitoring access of computing resources comprising: receiving a set of login credentials from a first user; authorizing the first user to access a computing resource based on the set of login credentials received from the first user; monitoring one or more actions the first user has requested to be performed at the computing resource; determining that a first action of the one or more actions, if performed, would violate a usage constraint; halting performance of the first action until a second user authorizes the first action; and notifying the second user of violation of the usage constraint. 3 . The computer-implemented method of claim 2 , further comprising: authorizing the first action comprises successfully verifying a second set of login credentials received from the second user. 4 . The computer-implemented method of claim 3 , wherein: the first user requests performance of the first action from first computing device operated by the first user; and the second user provides the second set of login credentials at a second computing device located remotely relative to the first computing device. 5 . The computer-implemented method of claim 2 , wherein: notifying the second user comprises providing a notification comprising an identifier for the first user, an indication of the first action requested, and an indication of the usage constraint that would be violated by performing the first action requested. 6 . The computer-implemented method of claim 2 , further comprising: creating, for each action of a plurality of actions the first user requests performance of, a usage log entry in a usage log for the first user; wherein the usage log entry comprises an identifier for the action requested, a date and a time the first user requested performance of the action, and an identifier for a computing resource at which to perform the action requested. 7 . The computer-implemented method of claim 6 , wherein: determining that the usage constraint would be violated comprises comparing the first action to the usage log. 8 . The computer-implemented method of claim 6 , further comprising: storing user metadata for the first user, the user metadata characterizing use of one or more computing resources by the first user; wherein determining that the usage constraint would be violated comprises comparing at least a portion of the user metadata to the first action. 9 . The computer-implemented method of claim 8 , wherein: the user metadata comprises an indication of a usage pattern associated with the first user; and comparing the portion of the user metadata to the first action comprises comparing a characteristic of the first action to the usage pattern. 10 . The computer-implemented method of claim 9 , wherein: the usage pattern characterizes a previous timeframe within which the first user requested performance of one or more previous actions; the characteristic of the first action comprises a current timeframe within which the first user requested performance of the first action; and each of the previous timeframe and the current timeframe comprise at least one of a time-of-day or a day-of-the-week. 11 . The computer-implemented method of claim 2 , further comprising: identifying a usage pattern based on use of one or more computing resources by one or more users; and adjusting the usage constraint based on the usage pattern identified; wherein adjusting the usage constraint comprises either increasing or decreasing a threshold specified by the usage constraint. 12 . The computer-implemented method of claim 2 , wherein: the computing resource comprises at least one of a physical computing resource or a logical computing resource. 13 . The computer-implemented method of claim 2 , further comprising: providing a data store comprising one or more usage rules wherein each usage rule defines a usage constraint; and wherein monitoring the one or more actions comprises applying at least one of the one or more usage rules to one of the one or more actions. 14 . The computer-implemented method of claim 13 , wherein: the one or more usage rules comprise a usage rule defining a usage constraint that is based on a frequency with which a predetermined type of action is requested to be performed. 15 . The computer-implemented method of claim 13 , wherein: the one or more usage rules comprise a usage rule defining a usage constraint that is based on a time of day an action is requested to be performed. 16 . The computer-implemented method of claim 13 , wherein: the one or more usage rules comprise a usage rule defining a usage constraint that is based on a total number of computer files that would be returned in response to a query for a set of computer files. 17 . The computer-implemented method of claim 13 , wherein: the one or more usage rules comprise a usage rule defining a usage constraint that is based on a total number of a database queries requested to be performed. 18 . The computer-implemented method of claim 13 , wherein: the one or more usage rules comprise a usage rule defining a usage constraint that is based on a total number of authorizations performed responsive to a usage constraint violation. 19 . The computer-implemented method of claim 13 , wherein: the one or more usage rules comprise a usage rule defining a usage constraint that is violated when a current geographic location of the first user does not match any previous geographic location from which the first user requested a previous action be performed. 20 . The computer-implemented method of claim 13 , wherein: the one or more usage rules comprise a usage rule defining a usage constraint that is violated when a current computing device operated by the first user does not match any previous computing device with which the first user requested a previous action be performed. 21 . The computer-implemented method of claim 13 , wherein: the one or more usage rules comprise a usage rule defining a usage constraint that is violated when the first user requests performance of the action from a computing device that does not reside within a network the computing resource resides within.
Assignees
Inventors
Classifications
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
- G06F21/31Primary
User authentication · CPC title
Traffic logging, e.g. anomaly detection · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
by quorum, i.e. whereby two or more security principals are required · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016171195A1 cover?
- Systems and methods are provided for monitoring access of computing resources. Usage rules may be created and stored that define a usage constraint based on actions available to be performed at the computing resources. An authenticator may verify login credentials received from a user and authorize the user to access a computing resource. A request to perform an action at the computing resource…
- Who is the assignee on this patent?
- Bank Of America
- What technology area does this patent fall under?
- Primary CPC classification G06F21/31. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Jun 16 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).