Anomaly detection based on profile history and peer history
US-9166993-B1 · Oct 20, 2015 · US
Event analytics for determining role-based access
US9692765B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9692765-B2 |
| Application number | US-201414464796-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 21, 2014 |
| Priority date | Aug 21, 2014 |
| Publication date | Jun 27, 2017 |
| Grant date | Jun 27, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments of the present invention disclose a method, computer program product, and system for determining role-based access. In one embodiment, the method includes receiving an audit event for a restricted resource and a first user id associated with the audit event. The method further includes determining based at least in part on the audit event, a historical reference, the historical reference including at least one audit event associated with at least one user id. The method further includes determining access activity associated with the first user id. The method further includes determining based at least in part on the historical reference and the access activity, at least one recommended role for the first user id.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for determining role-based access, the method comprising: receiving, by one or more computer processors, an audit event for a restricted resource and a first user id associated with the audit event, wherein the audit event is one or more activities that access data that are recorded and monitored; determining, by one or more computer processors, the audit event is a failed audit event wherein the first user id associated with the audit event is not able to access the restricted resource; determining, by one or more computer processors, based at least in part on the audit event, a historical reference from a collection of historical references wherein the determined historical reference includes at least one audit event associated with at least a second user id that includes access to the restricted resource identified by the received audit event, wherein the determined historical reference is a collection of user data associated with at least the second user id that includes one or more attributes describing properties associated with at least the second user id that include at least one or more roles, a department, a manager, and a job code; determining, by one or more computer processors, access activity associated with the first user id, wherein the access activity is a defined activity for a role associated with the first user id; determining, by one or more computer processors, based at least in part on the determined historical reference and the access activity associated with the first user id, at least one recommended role for the first user id, wherein the at least one recommended role for the first user id is selected from the one or more roles from the determined historical reference; creating, by one or more computer processors, an access request for the first user id wherein the access request includes at least a provisioning recommendation and the determined at least one recommended role; submitting, by one or more computer processors, the access request for the first user id; and in response to submitting the access request for the first user id, providing a submission message. 2. The method of claim 1 , further comprises: determining, by one or more computer processors, one or more attributes for the first user id, wherein the one or more attributes describe properties associated with the first user id that include at least a department, a manager, and a job code; and updating, by one or more computer processors, the collection of historical references with the audit event including the first user id, the determined at least one recommended role, and the one or more attributes. 3. The method of claim 1 further comprising: determining, by one or more computer processors, whether the determined historical reference includes a minimum threshold of audit events; and responsive to determining the determined historical reference includes the minimum threshold of audit events, determining, by one or more computer processors, one or more roles and one or more attributes associated with at least the second user id of the audit events. 4. The method of claim 1 , wherein determining the at least one recommended role further comprises: determining, by one or more computer processors, one or more attributes for the first user id, wherein the one or more attributes describe properties associated with the first user id that include at least a department, a manager, and a job code; comparing, by one or more computer processors, the determined one or more attributes of the first user id of the failed audit event with one or more attributes of at least the second user id of at least one audit event within the determined historical reference; identifying, by one or more computer processors, one or more shared attributes between the one or more attributes of the first used id of the failed audit event and the one or more attributes of at least the second user id of at least the one audit event within the determined historical reference based on the comparison; creating, by one or more computer processors, an ordered ranking of a plurality of roles from the determined historical reference based on the identified one or more shared attributes, wherein the ordered ranking is organized from most shared attributes to least shared attributes wherein the plurality of roles identify different access rights to the restricted resource; and selecting, by one or more computer processors, the at least one recommended role for the first user id of the failed audit event from the created ordered ranking. 5. The method of claim 1 , further comprising: receiving, by one or more computer processors, a second audit event; determining, by one or more computer processors, the second audit event is a successful audit event; retrieving, by one or more computer processors, audit event information associated with the first user id from the collection of historical references, wherein the audit event information includes: a last access attempt, an audit event type, a duration of access, and a frequency of access; evaluating, by one or more computer processors, the second audit event with respect to the retrieved audit information associated with the first user id from the collection of historical references for compliance with policy rules that define the ways in which the restricted resource is utilized; determining, by one or more computer processors, whether the evaluated second audit event with respect to the retrieved audit information associated with the first user are compliant with the policy rules; responsive to determining the evaluated second audit event with respect to the retrieved audit information associated with the first user are compliant with the policy rules, comparing, by one or more computer processors, the retrieved audit event information and one or more attributes of the first user id with one or more audit events information and one or more attributes of at least the second user id within the determined historical reference; determining, by one or more computer processors, whether the access activity for the first user id is below a set threshold based on a most similar comparison of the retrieved audit event information and one or more attributes of the first user id with one or more audit event information and one or more attributes of at least the second user id within the determined historical reference, wherein the most similar comparison includes the most shared attributes; and in response to determining the access activity for the first user id is below the set threshold, recommending, by one or more computer processors, at least suspending access for the first user id to the restricted resource. 6. The method of claim 1 , wherein the collection of user data of at least the second user id includes a user id, a role, a department, a manager, a job code, and a usage of at least the second user id for the restricted resource. 7. A computer program product for determining role-based access, the computer program product comprising: one or more computer readable storage media and program instructions stored on the one or more computer readable storage media, the program instructions comprising: program instructions to receive an audit event for a restricted resource and a first user id associated with the audit event, wherein the audit event is one or more activities that access data that are recorded and monitored; program instructions to determine the audit event is a failed audit event wherein the first user id associated with the audit event is not able to access the restricted resource; program instructions to determine, based at least in part on the audit event, a historical reference from a collection of historic
Assignees
Inventors
Classifications
Multiple levels of security · CPC title
- H04L63/102Primary
Entity profiles · CPC title
Grouping of entities · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9692765B2 cover?
- Embodiments of the present invention disclose a method, computer program product, and system for determining role-based access. In one embodiment, the method includes receiving an audit event for a restricted resource and a first user id associated with the audit event. The method further includes determining based at least in part on the audit event, a historical reference, the historical refe…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/102. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 27 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).