Patents by Inventor Matthew A. GHIOLD
Matthew A. GHIOLD has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240187417Abstract: Disclosed herein are system, method, and computer program product embodiments for displaying roles of an identity and access management (IAM) together with their corresponding compliance status of the assigned security policies with respect to a set of security rules. The method includes selecting a first role and a second role administered by an entity of the IAM system. Afterwards, the method includes determining, based on a set of security rules, a first compliance status of the first role associated with a first set of security policies; and a second compliance status of the second role associated with a second set of security policies. In addition, the method includes displaying on a GUI, the first role and the second role together with a first compliance status and a second compliance status.Type: ApplicationFiled: February 12, 2024Publication date: June 6, 2024Applicant: Capital One Services, LLCInventors: Matthew A. GHIOLD, Muhammad Saad TAHIR, Gavin MCGREW
-
Patent number: 11983283Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.Type: GrantFiled: January 24, 2023Date of Patent: May 14, 2024Assignee: Capital One Services, LLCInventors: Matthew A. Ghiold, Gavin McGrew, Devon Powley, Dale Greene, Jr.
-
Patent number: 11902282Abstract: Disclosed herein are system, method, and computer program product embodiments for displaying roles of an identity and access management (IAM) together with their corresponding compliance status of the assigned security policies with respect to a set of security rules. The method includes selecting a first role and a second role administered by an entity of the IAM system. Afterwards, the method includes determining, based on a set of security rules, a first compliance status of the first role associated with a first set of security policies; and a second compliance status of the second role associated with a second set of security policies. In addition, the method includes displaying on a GUI, the first role and the second role together with a first compliance status and a second compliance status.Type: GrantFiled: May 28, 2021Date of Patent: February 13, 2024Assignee: Capital One Services, LLCInventors: Matthew A. Ghiold, Muhammad Saad Tahir, Gavin McGrew
-
Publication number: 20230237173Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.Type: ApplicationFiled: January 24, 2023Publication date: July 27, 2023Applicant: Capital One Services, LLCInventors: Matthew A. GHIOLD, Gavin MCGREW, Devon POWLEY, Dale GREENE, JR.
-
Patent number: 11562082Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.Type: GrantFiled: May 28, 2021Date of Patent: January 24, 2023Assignee: Capital One Services, LLCInventors: Matthew A. Ghiold, Gavin McGrew, Devon Powley, Dale Greene, Jr.
-
Publication number: 20220385667Abstract: Disclosed herein are system, method, and computer program product embodiments for displaying roles of an identity and access management (IAM) together with their corresponding compliance status of the assigned security policies with respect to a set of security rules. The method includes selecting a first role and a second role administered by an entity of the IAM system. Afterwards, the method includes determining, based on a set of security rules, a first compliance status of the first role associated with a first set of security policies; and a second compliance status of the second role associated with a second set of security policies. In addition, the method includes displaying on a GUI, the first role and the second role together with a first compliance status and a second compliance status.Type: ApplicationFiled: May 28, 2021Publication date: December 1, 2022Applicant: Capital One Services, LLCInventors: Matthew A. GHIOLD, Muhammad Saad TAHIR, Gavin MCGREW
-
Publication number: 20220382888Abstract: Disclosed herein are system, method, and computer program product embodiments for evaluating whether or not a role has an over-privileged access permission contained in a set of effective access permissions to a system resource defined in a first security policy and a second security policy. The method includes comparing a scope of a name for the system resource defined in the first security policy with a permissible scope of the name for the system resource defined by a security rule to obtain a first comparison result; and comparing a scope of a name for the role defined in the second security policy with a permissible scope of the name for the role defined by the security rule to obtain a second comparison result. The method further includes determining, based on the first comparison result and the second comparison result, whether or not the role has the over-privileged access permission.Type: ApplicationFiled: May 28, 2021Publication date: December 1, 2022Applicant: Capital One Services, LLCInventors: Matthew A. GHIOLD, Gavin MCGREW, Devon POWLEY, Christopher SCHULTZ
-
Publication number: 20220382889Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.Type: ApplicationFiled: May 28, 2021Publication date: December 1, 2022Applicant: Capital One Services, LLCInventors: Matthew A. GHIOLD, Gavin McGrew, Devon Powley, Dale Greene, JR.