Browse Prior Art Database

Assigning System Access Roles by Trusted Consensus Voting

IP.com Disclosure Number: IPCOM000245169D
Publication Date: 2016-Feb-16
Document File: 2 page(s) / 59K

Publishing Venue

The IP.com Prior Art Database

Abstract

A mechanism for providing temporary authorization to enterprise resources based on peer-concensus voting rather than relying solely on administrator privileges.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 50% of the total text.

Page 01 of 2

Assigning System Access Roles by Trusted Consensus Voting

Many computing systems control access to function via assigning roles to users

within the system, with different roles allowing different levels of access. Normally an 'administrator' role is required to update user accesses, and normally this role is assigned only to a small number of highly trusted individuals.

    User roles often need updating quite frequently (especially so in an agile environment) and these actions are often delayed by the need to find an administrator to perform the change. This is especially true in a worldwide system,

where administrators may not be available in a user's own time zone. This can lead to much frustration and inefficiency. Typical reasons for changes might include: New users joining the system who need some level of access to perform useful

work

Users leaving the system who should have accesses revoked sooner rather than later
Users taking on temporary new function that requires different privileges

    This invention outlines a different approach to assigning role permissions that does not necessarily rely on high-privilege 'administrators' for the majority of actions, yet maintains secure access to the system.

In the proposed system permissions for new users or changed permissions for existing users can be quickly generated without waiting for a system administrator.

    In addition to requesting permission from the system administrator, a short-term temporary request can be granted by asking an existing set of 'peer' users to vote on the new request and analysing the outcome of that vote. The analysis (and hence decision to grant or deny the temporary request) is based on the votes of the users weighted by both the individual users own level of privilege and their perceived trustworthiness.

    The original request must still subsequently be actioned by an administrator in order to make the changes permanent and that administrator response is compared to the responses from the 'peer' votes and used to feedback and update the known trustworthiness of those peers.
. The advantages of this approach are that permission changes within a system can be made quickly when needed without having to wait for a administrator response. However the administrator response is still ultimately required and is used to feedback and generate 'trustworthiness' ratings that build to ensure the system remains functional and secure.

In the proposed system, when the user needs a new access role two actions

are performed:

A request is raised with an administrator in the usual way.


1.

Requests are also sent to a number of 'peer' users within the system. These


2.

would be non-administrative users, but should be users who already have at least the level of privilege being requested,

    Assuming the administrator is not available, the peer users who receive the requests provide a vote on the outcome. The vote can be 'yes' (to approve the new user role), 'no' (to deny the request) o...