Recherche dans les collections de brevets nationales et internationales
Une partie du contenu de cette demande n'est pas disponible pour le moment.
Si cette situation persiste, contactez-nous auObservations et contact
1. (WO2015179692) PROCÉDÉ ET SYSTÈME DE GESTION DE CONTRÔLE D’ACCÈS À L’AIDE DE SCORES DE RÉPUTATION
Note: Texte fondé sur des processus automatiques de reconnaissance optique de caractères. Seule la version PDF a une valeur juridique

CLAIMS

What is claimed is:

1. A system for access control management using reputation scores comprising:

at least one processor; and

at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for access control management using reputation scores, the process for access control management using reputation scores including:

defining one or more security reputation factors;

obtaining and monitoring security reputation data associated with a party, the security reputation data associated with the party representing the party's activities with respect to the one or more security reputation factors;

processing the security reputation data associated with the party to calculate a security reputation score to be associated with the party; and

using the security reputation score associated with the party to determine what access to one or more resources provided by an organization associated with the party will be provided to the party.

2. The system for access control management using reputation scores of Claim 1 wherein at least one of the one or more security reputation factors includes a security reputation factor selected from the group of security reputation factors consisting of:

the party's historical use of access to one or more resources provided to the party;

the security integrity of code generated by the party;

the security integrity of code previously generated under the supervision of the party; the party's historical use and management of secrets data and adherence to security procedures promulgated by the organization;

the historical use and management of secrets data and adherence to security procedures promulgated by the organization by entities under the supervision of the party;

the security history associated with various hardware and software systems used by the party;

the party's current level of access;

the record of security events involving the party;

the record of security events involving entities supervised by the party;

the record of security events involving systems used by, accessible, or associated with, the party;

the party's record of reporting security events associated with the party;

the party's use of static analysis tools to check code and systems created by the party; the party's use of static analysis tools to check code and systems created under the supervision of the party;

the types of vulnerabilities in code and systems created by the party discovered by static analysis tools;

the party's historic response to vulnerabilities in code and systems created by the party discovered by static analysis tools;

the strength of passwords used by the party;

if the passwords used by the party conform to a password policy of the organization; how often the party changes/rotates their passwords;

whether the passwords used by the party are changed/rotated in accordance with a password policy of the organization;

the responsiveness of the party to requests for data and/or action by the party with respect to security;

internal security reputation factors obtained by monitoring the party' s activities and interaction with resources within, and/or with, the organization;

external security reputation factors obtained by monitoring the party' s activities and interaction with resources outside the organization, and/or associated with third party entities; human resources security reputation factors indicating the party's employment and advancement record within the organization;

security certifications that the party has;

security education of the party; and

any combination thereof.

3. The system for access control management using reputation scores of Claim 2 wherein at least one of the internal security reputation factors includes an internal security reputation factor selected from the group of internal security reputation factors consisting of:

the party's history of attempted access to resources for which the party did not have the required permissions;

the party's history of Internet access from the organization's equipment;

the party's history of Internet access during the party's working hours;

the party's history of cloud-based resources access using the organization's equipment; the party's history of cloud-based resources access during the party's working hours; the party's history of cloud-based resources access during the party's non- working hours; the party's compliance with one or more employment policies; and

any combination thereof.

4. The system for access control management using reputation scores of Claim 2 wherein at least one of the external security reputation factors includes an external security reputation factor selected from the group of external security reputation factors consisting of:

data obtained from one or more external websites associated with the party;

data obtained from one or more accounts with one or more social media websites associated with the party;

data obtained from a web browser used by the party;

historical geographic locations data associated with the party;

data obtained from one or more phones associated with the party;

data obtained from one or more computing systems associated with the party; and any combination thereof.

5. The system for access control management using reputation scores of Claim 2 wherein at least one of the external security reputation factors includes data associated with the party obtained from one or more social media websites.

6. The system for access control management using reputation scores of Claim 2 wherein at least part of the human resources security reputation factors includes human resources security reputation factors selected from the group of human resources security reputation factors consisting of:

the length of employment of the party by the organization;

the advancement of the party within the organization as compared with similarly situated parties within the organization;

employee review/evaluation data associated with the party;

the employment history of the party; and

any combination thereof.

7. The system for access control management using reputation scores of Claim 1 wherein the security reputation score associated with the party is used to determine whether an individual access request made by the party will be granted.

8. The system for access control management using reputation scores of Claim 1 wherein the security reputation score associated with the party is used to determine a set of allowed access permissions to be provided to party.

9. The system for access control management using reputation scores of Claim 1 wherein the security reputation score associated with the party is used to determine what teams or projects the party can work with.

10. The system for access control management using reputation scores of Claim 1 wherein the security reputation score associated with the party is calculated at periodic intervals.

11. The system for access control management using reputation scores of Claim 1 wherein the security reputation score associated with the party is used to determine the set of allowed access permissions to be provided to party whenever there is a defined threshold change in the security reputation data associated with the party.

12. The system for access control management using reputation scores of Claim 1 wherein the access to one or more resources provided by an organization associated with the party determined by the security reputation score associated with the party includes instantiation, and/or boot-up, access associated with one or more virtual assets.

13. The system for access control management using reputation scores of Claim 1 wherein the access to one or more resources provided by an organization associated with the party determined by the security reputation score associated with the party includes the use of one or more accounts assigned to the organization associated with one or more resources.

14. The system for access control management using reputation scores of Claim 1 wherein the one or more resources are selected from the group of resources consisting of:

a virtual machine;

a virtual server;

a database or data store;

an instance in a cloud environment;

a cloud environment access system;

part of a mobile device;

part of a remote sensor;

part of a laptop computing system;

part of a desktop computing system;

part of a point-of-sale computing system; and

part of an ATM.

15. The system for access control management using reputation scores of Claim 1 wherein the access to one or more resources provided by an organization associated with the party determined by the security reputation score associated with the party includes providing the party secrets data required to access one or more resources.

16. A system for access control management using reputation scores comprising:

one or more resources assigned to an organization;

a permissions database, the permissions database including one or more sets of permissions data, each of the one or more sets of permissions data providing access to associated ones of the one or more resources assigned to an organization;

a security reputation database, the security reputation database including security reputation data associated with a party, the security reputation data associated with the party representing the party's activities with respect to the one or more defined security reputation factors;

a security reputation access control engine;

at least one processor; and

at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more

processors, perform a process for access control management using reputation scores, the process for access control management using reputation scores including:

providing the security reputation data associated with the party to the security reputation access control engine;

the security reputation access control engine processing the security reputation data associated with the party to calculate a security reputation score to be associated with the party; and

the security reputation access control engine using the security reputation score associated with the party to determine which of the one or more sets of permissions data should be provided to the party.

17. The system for access control management using reputation scores of Claim 16 wherein at least one of the one or more security reputation factors includes a security reputation factor selected from the group of security reputation factors consisting of:

the party's historical use of access to one or more resources provided to the party;

the security integrity of code generated by the party;

the security integrity of code previously generated under the supervision of the party; the party's historical use and management of secrets data and adherence to security procedures promulgated by the organization;

the historical use and management of secrets data and adherence to security procedures promulgated by the organization by entities under the supervision of the party;

the security history associated with various hardware and software systems used by the party;

the party's current level of access;

the record of security events involving the party;

the record of security events involving entities supervised by the party;

the record of security events involving systems used by, accessible, or associated with, the party;

the party's record of reporting security events associated with the party;

the party's use of static analysis tools to check code and systems created by the party; the party's use of static analysis tools to check code and systems created under the supervision of the party;

the types of vulnerabilities in code and systems created by the party discovered by static analysis tools;

the party's historic response to vulnerabilities in code and systems created by the party discovered by static analysis tools;

the strength of passwords used by the party;

if the passwords used by the party conform to a password policy of the organization; how often the party changes/rotates their passwords;

whether the passwords used by the party are changed/rotated in accordance with a password policy of the organization;

the responsiveness of the party to requests for data and/or action by the party with respect to security;

internal security reputation factors obtained by monitoring the party' s activities and interaction with resources within, and/or with, the organization;

external security reputation factors obtained by monitoring the party' s activities and interaction with resources outside the organization, and/or associated with third party entities; human resources security reputation factors indicating the party's employment and advancement record within the organization;

security certifications that the party has;

security education of the party; and

any combination thereof.

18. The system for access control management using reputation scores of Claim 17 wherein at least one of the internal security reputation factors includes an internal security reputation factor selected from the group of internal security reputation factors consisting of: the party's history of attempted access to resources for which the party did not have the required permissions;

the party's history of Internet access from the organization's equipment;

the party's history of Internet access during the party's working hours;

the party's history of cloud-based resources access using the organization's equipment; the party's history of cloud-based resources access during the party's working hours; the party's history of cloud-based resources access during the party's non- working hours; the party's compliance with one or more employment policies; and

any combination thereof.

19. The system for access control management using reputation scores of Claim 17 wherein at least one of the external security reputation factors includes an external security reputation factor selected from the group of external security reputation factors consisting of: data obtained from one or more external websites associated with the party;

data obtained from one or more accounts with one or more social media websites associated with the party;

data obtained from a web browser used by the party;

historical geographic locations data associated with the party;

data obtained from one or more phones associated with the party;

data obtained from one or more computing systems associated with the party; and any combination thereof.

20. The system for access control management using reputation scores of Claim 17 wherein at least part of the human resources security reputation factors includes human resources security reputation factors selected from the group of human resources security reputation factors consisting of:

the length of employment of the party by the organization;

the advancement of the party within the organization as compared with similarly situated parties within the organization;

employee review/evaluation data associated with the party;

the employment history of the party; and

any combination thereof.

21. The system for access control management using reputation scores of Claim 17 wherein the security reputation score associated with the party is used to determine what teams or projects the party can work with.

22. The system for access control management using reputation scores of Claim 16 wherein the security reputation score associated with the party is calculated by the security reputation access control engine at periodic intervals.

23. The system for access control management using reputation scores of Claim 16 wherein the security reputation score associated with the party is used to determine the set of allowed access permissions to be provided to party whenever there is a defined threshold change in the security reputation data associated with the party.

24. The system for access control management using reputation scores of Claim 16 wherein at least one of the one or more sets of permissions data provides instantiation, and/or boot-up, permission associated with one or more virtual assets.

25. The system for access control management using reputation scores of Claim 16 wherein at least one of the one or more sets of permissions data allows use of one or more accounts assigned to the organization associated with one or more resources.

26. The system for access control management using reputation scores of Claim 16 wherein the one or more resources are selected from the group of resources consisting of:

a virtual machine;

a virtual server;

a database or data store;

an instance in a cloud environment;

a cloud environment access system;

part of a mobile device;

part of a remote sensor;

part of a laptop computing system;

part of a desktop computing system;

part of a point-of-sale computing system; and

part of an ATM.

27. The system for access control management using reputation scores of Claim 16 wherein at least one of the one or more sets of permissions data includes secrets data required to access one or more resources.

28. A method for access control management comprising:

defining one or more security reputation factors;

obtaining and monitoring security reputation data associated with a party, the security reputation data associated with the party representing the party's activities with respect to the one or more security reputation factors;

processing the security reputation data associated with the party to calculate a security reputation score to be associated with the party; and

using the security reputation score associated with the party to determine what access to one or more resources provided by an organization associated with the party will be provided to the party.

29. The method for access control management using reputation scores of Claim 28 wherein at least one of the one or more security reputation factors includes a security reputation factor selected from the group of security reputation factors consisting of:

the party's historical use of access to one or more resources provided to the party; the security integrity of code generated by the party;

the security integrity of code previously generated under the supervision of the party; the party's historical use and management of secrets data and adherence to security procedures promulgated by the organization;

the historical use and management of secrets data and adherence to security procedures promulgated by the organization by entities under the supervision of the party;

the security history associated with various hardware and software systems used by the party;

the party's current level of access;

the record of security events involving the party;

the record of security events involving entities supervised by the party;

the record of security events involving systems used by, accessible, or associated with, the party;

the party's record of reporting security events associated with the party;

the party's use of static analysis tools to check code and systems created by the party; the party's use of static analysis tools to check code and systems created under the supervision of the party;

the types of vulnerabilities in code and systems created by the party discovered by static analysis tools;

the party's historic response to vulnerabilities in code and systems created by the party discovered by static analysis tools;

the strength of passwords used by the party;

if the passwords used by the party conform to a password policy of the organization; how often the party changes/rotates their passwords;

whether the passwords used by the party are changed/rotated in accordance with a password policy of the organization;

the responsiveness of the party to requests for data and/or action by the party with respect to security;

security certifications that the party has;

security education of the party;

internal security reputation factors obtained by monitoring the party' s activities and interaction with resources within, and/or with, the organization;

external security reputation factors obtained by monitoring the party' s activities and interaction with resources outside the organization, and/or associated with third party entities; human resources security reputation factors indicating the party's employment and advancement record within the organization; and

any combination thereof.

30. The method for access control management using reputation scores of Claim 29 wherein at least one of the internal security reputation factors includes an internal security reputation factor selected from the group of internal security reputation factors consisting of: the party's history of attempted access to resources for which the party did not have the required permissions;

the party's history of Internet access from the organization's equipment;

the party's history of Internet access during the party's working hours;

the party's history of cloud-based resources access using the organization's equipment; the party's history of cloud-based resources access during the party's working hours; the party's history of cloud-based resources access during the party's non- working hours; the party's compliance with one or more employment policies; and

any combination thereof.

31. The method for access control management using reputation scores of Claim 29 wherein at least one of the external security reputation factors includes an external security reputation factor selected from the group of external security reputation factors consisting of: data obtained from one or more external websites associated with the party;

data obtained from one or more accounts with one or more social media websites associated with the party;

data obtained from a web browser used by the party;

historical geographic locations data associated with the party;

data obtained from one or more phones associated with the party;

data obtained from one or more computing systems associated with the party; and any combination thereof.

32. The method for access control management using reputation scores of Claim 29 wherein at least one of the external security reputation factors includes data associated with the party obtained from one or more social media websites.

33. The method for access control management using reputation scores of Claim 29 wherein at least part of the human resources security reputation factors includes human resources security reputation factors selected from the group of human resources security reputation factors consisting of:

the length of employment of the party by the organization;

the advancement of the party within the organization as compared with similarly situated parties within the organization;

employee review/evaluation data associated with the party;

the employment history of the party; and

any combination thereof.

34. The method for access control management using reputation scores of Claim 28 wherein the security reputation score associated with the party is used to determine whether an individual access request made by the party will be granted.

35. The method for access control management using reputation scores of Claim 28 wherein the security reputation score associated with the party is used to determine a set of allowed access permissions to be provided to party.

36. The method for access control management using reputation scores of Claim 28 wherein the security reputation score associated with the party is used to determine what teams or projects the party can work with.

37. The method for access control management using reputation scores of Claim 28 wherein the security reputation score associated with the party is calculated at periodic intervals.

38. The method for access control management using reputation scores of Claim 28 wherein the security reputation score associated with the party is used to determine the set of allowed access permissions to be provided to party whenever there is a defined threshold change in the security reputation data associated with the party.

39. The method for access control management using reputation scores of Claim 28 wherein the access to one or more resources provided by an organization associated with the party determined by the security reputation score associated with the party includes instantiation, and/or boot-up, access associated with one or more virtual assets.

40. The method for access control management using reputation scores of Claim 28 wherein the access to one or more resources provided by an organization associated with the party determined by the security reputation score associated with the party includes the use of one or more accounts assigned to the organization associated with one or more resources.

41. The method for access control management using reputation scores of Claim 28 wherein the one or more resources are selected from the group of resources consisting of:

a virtual machine;

a virtual server;

a database or data store;

an instance in a cloud environment;

a cloud environment access system;

part of a mobile device;

part of a remote sensor;

part of a laptop computing system;

part of a desktop computing system;

part of a point-of-sale computing system; and

part of an ATM.

42. The method for access control management using reputation scores of Claim 28 wherein the access to one or more resources provided by an organization associated with the party determined by the security reputation score associated with the party includes providing the party secrets data required to access one or more resources.