Monitoring of authorization-exceeding activity in distributed networks
US9130920B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Jan 7, 2013 |
| Grant date | Sep 8, 2015 |
| Priority date | — |
| Expiry date | Jan 7, 2033 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1425
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A network security layer with a role mapping component with a current role mapping between services and access permissions is provided between a user and the services. A multi-tenancy module with current membership mapping is also provided. The security layer has a network authentication protocol for user authentication at log-in. Snapshots of a baseline role mapping between services and permissions are taken at certain times. The role mapping component verifies snapshots at set intervals, and when the user performs certain actions, the current role mapping is compared with the baseline role mapping. Upon discrepancy, the role mapping component executes a set of rules, including forceful log-out to prevent system intrusion. Comparison of current membership mapping with a baseline membership mapping can also be applied. The security layer can thus monitor authorization-exceeding modifications to baseline policies attempted by logged-in and initially authorized users.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.