A SYSTEM FOR CONTROLLING ACCESS TO A PLURALITY OF TARGET SYSTEMS AND APPLICATIONS

A SYSTEM FOR CONTROLLING ACCESS TO A PLURALITY OF TARGET SYSTEMS AND APPLICATIONS

An access control system for controlling access to one or more of a plurality of target systems and/or applications, the system including an input/output (10) subsystem configured to receive profile data and communicate instructions to one or more target systems to facilitate access to the one or mo...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: TANDON, Gaurav, KAMIAB, Farbod, POOLE, Andrew, CONNOLLY, Colleen, MUDIYANSELAGE, Sidath, THEXTON, Rexall E, SHUKLA, Sanjeev, AIN, Qurrat Ui, MCCOY, Anthony, CRADDOCK, Hannah
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FORADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORYOR FORECASTING PURPOSES
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE,COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTINGPURPOSES, NOT OTHERWISE PROVIDED FOR
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:An access control system for controlling access to one or more of a plurality of target systems and/or applications, the system including an input/output (10) subsystem configured to receive profile data and communicate instructions to one or more target systems to facilitate access to the one or more target systems/applications by the target individual. The target individual may be a person, a storage device that includes a model that relates profile data defining features associated with a plurality of individuals with one or more entitlements or a processor in communication with the 10 subsystem and the storage device. Non-transitory computer readable media in communication with the processor stores instruction code which, when executed, causes the processor to control the 10 subsystem to receive the profile data associated with a target individual, generate, based on the profile data and the model, a listing that associates the one or more entitlements with the target individual, and confidence values of the association of the one or more entitlements, each confidence value indicative of whether the target individual should be granted a corresponding entitlement. Generation of the listing includes creation of a model decision tree graph based on the profile data, the model decision tree graph including nodes for each of one or more features of the plurality of individuals with determination from the model decision tree graph, one or more entitlements to grant to the target individual based upon features of the target individual, and determining, from the profile data, one or more entitlements to grant to the target individual. The profile data includes employment role data of the target individual and entitlement data of other employees. For each entitlement having a corresponding confidence value higher than a predetermined threshold, the 10 subsystem communicates an instruction to a target system associated with the entitlement to allow the target individual access to the target system and receive usage information from one or more of the target systems. When the usage information associated with an individual received indicates a usage below a predetermined threshold an instruction is issued to the target system to revoke entitlement associated with the target system, and the model is updated to reflect that the individual no longer has the corresponding entitlement.