Patents by Inventor Devon Powley
Devon Powley has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240187457Abstract: Systems and methods for providing least privilege access to a resource within a secured server are disclosed. The systems and method can include receiving an access request from a client requesting access to the resource, the access request comprising a role or policy associated with the client and one or more actions associated with the resource. A rules engine can be initialized, the engine defining one or more rules usable by the system to determine whether the access request complies with a least privilege policy. The systems and method can analyze the role or policy and the access request with the rules engine to determine whether the access request complies with the least privilege policy. When the access request complies with the rules, access to the resource can be granted; when the access request does not comply with the rules, access to the resource can be denied.Type: ApplicationFiled: February 9, 2024Publication date: June 6, 2024Inventors: Jordan Hale, Devon Powley, Wesley Sham, Thomas Shaffer, Jared Baker, John Bollinger, Robert Stump, Gabriel Duke
-
Patent number: 11983283Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.Type: GrantFiled: January 24, 2023Date of Patent: May 14, 2024Assignee: Capital One Services, LLCInventors: Matthew A. Ghiold, Gavin McGrew, Devon Powley, Dale Greene, Jr.
-
Patent number: 11909772Abstract: Systems and methods for providing least privilege access to a resource within a secured server are disclosed. The systems and method can include receiving an access request from a client requesting access to the resource, the access request comprising a role or policy associated with the client and one or more actions associated with the resource. A rules engine can be initialized, the engine defining one or more rules usable by the system to determine whether the access request complies with a least privilege policy. The systems and method can analyze the role or policy and the access request with the rules engine to determine whether the access request complies with the least privilege policy. When the access request complies with the rules, access to the resource can be granted; when the access request does not comply with the rules, access to the resource can be denied.Type: GrantFiled: March 8, 2021Date of Patent: February 20, 2024Assignee: CAPITAL ONE SERVICES, LLCInventors: Jordan Hale, Devon Powley, Wesley Sham, Thomas Shaffer, Jared Baker, John Bollinger, Robert Stump, Gabriel Duke
-
Publication number: 20230237173Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.Type: ApplicationFiled: January 24, 2023Publication date: July 27, 2023Applicant: Capital One Services, LLCInventors: Matthew A. GHIOLD, Gavin MCGREW, Devon POWLEY, Dale GREENE, JR.
-
Patent number: 11562082Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.Type: GrantFiled: May 28, 2021Date of Patent: January 24, 2023Assignee: Capital One Services, LLCInventors: Matthew A. Ghiold, Gavin McGrew, Devon Powley, Dale Greene, Jr.
-
Publication number: 20220382889Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.Type: ApplicationFiled: May 28, 2021Publication date: December 1, 2022Applicant: Capital One Services, LLCInventors: Matthew A. GHIOLD, Gavin McGrew, Devon Powley, Dale Greene, JR.
-
Publication number: 20220382888Abstract: Disclosed herein are system, method, and computer program product embodiments for evaluating whether or not a role has an over-privileged access permission contained in a set of effective access permissions to a system resource defined in a first security policy and a second security policy. The method includes comparing a scope of a name for the system resource defined in the first security policy with a permissible scope of the name for the system resource defined by a security rule to obtain a first comparison result; and comparing a scope of a name for the role defined in the second security policy with a permissible scope of the name for the role defined by the security rule to obtain a second comparison result. The method further includes determining, based on the first comparison result and the second comparison result, whether or not the role has the over-privileged access permission.Type: ApplicationFiled: May 28, 2021Publication date: December 1, 2022Applicant: Capital One Services, LLCInventors: Matthew A. GHIOLD, Gavin MCGREW, Devon POWLEY, Christopher SCHULTZ
-
Publication number: 20220286484Abstract: Systems and methods for providing least privilege access to a resource within a secured server are disclosed. The systems and method can include receiving an access request from a client requesting access to the resource, the access request comprising a role or policy associated with the client and one or more actions associated with the resource. A rules engine can be initialized, the engine defining one or more rules usable by the system to determine whether the access request complies with a least privilege policy. The systems and method can analyze the role or policy and the access request with the rules engine to determine whether the access request complies with the least privilege policy. When the access request complies with the rules, access to the resource can be granted; when the access request does not comply with the rules, access to the resource can be denied.Type: ApplicationFiled: March 8, 2021Publication date: September 8, 2022Inventors: Jordan Hale, Devon Powley, Wesley Sham, Thomas Shaffer, Jared Baker, John Bollinger, Robert Stump, Gabriel Duke