Patents by Inventor Matthew A. GHIOLD

Matthew A. GHIOLD has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240187417
    Abstract: Disclosed herein are system, method, and computer program product embodiments for displaying roles of an identity and access management (IAM) together with their corresponding compliance status of the assigned security policies with respect to a set of security rules. The method includes selecting a first role and a second role administered by an entity of the IAM system. Afterwards, the method includes determining, based on a set of security rules, a first compliance status of the first role associated with a first set of security policies; and a second compliance status of the second role associated with a second set of security policies. In addition, the method includes displaying on a GUI, the first role and the second role together with a first compliance status and a second compliance status.
    Type: Application
    Filed: February 12, 2024
    Publication date: June 6, 2024
    Applicant: Capital One Services, LLC
    Inventors: Matthew A. GHIOLD, Muhammad Saad TAHIR, Gavin MCGREW
  • Patent number: 11983283
    Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.
    Type: Grant
    Filed: January 24, 2023
    Date of Patent: May 14, 2024
    Assignee: Capital One Services, LLC
    Inventors: Matthew A. Ghiold, Gavin McGrew, Devon Powley, Dale Greene, Jr.
  • Patent number: 11902282
    Abstract: Disclosed herein are system, method, and computer program product embodiments for displaying roles of an identity and access management (IAM) together with their corresponding compliance status of the assigned security policies with respect to a set of security rules. The method includes selecting a first role and a second role administered by an entity of the IAM system. Afterwards, the method includes determining, based on a set of security rules, a first compliance status of the first role associated with a first set of security policies; and a second compliance status of the second role associated with a second set of security policies. In addition, the method includes displaying on a GUI, the first role and the second role together with a first compliance status and a second compliance status.
    Type: Grant
    Filed: May 28, 2021
    Date of Patent: February 13, 2024
    Assignee: Capital One Services, LLC
    Inventors: Matthew A. Ghiold, Muhammad Saad Tahir, Gavin McGrew
  • Publication number: 20230237173
    Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.
    Type: Application
    Filed: January 24, 2023
    Publication date: July 27, 2023
    Applicant: Capital One Services, LLC
    Inventors: Matthew A. GHIOLD, Gavin MCGREW, Devon POWLEY, Dale GREENE, JR.
  • Patent number: 11562082
    Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.
    Type: Grant
    Filed: May 28, 2021
    Date of Patent: January 24, 2023
    Assignee: Capital One Services, LLC
    Inventors: Matthew A. Ghiold, Gavin McGrew, Devon Powley, Dale Greene, Jr.
  • Publication number: 20220385667
    Abstract: Disclosed herein are system, method, and computer program product embodiments for displaying roles of an identity and access management (IAM) together with their corresponding compliance status of the assigned security policies with respect to a set of security rules. The method includes selecting a first role and a second role administered by an entity of the IAM system. Afterwards, the method includes determining, based on a set of security rules, a first compliance status of the first role associated with a first set of security policies; and a second compliance status of the second role associated with a second set of security policies. In addition, the method includes displaying on a GUI, the first role and the second role together with a first compliance status and a second compliance status.
    Type: Application
    Filed: May 28, 2021
    Publication date: December 1, 2022
    Applicant: Capital One Services, LLC
    Inventors: Matthew A. GHIOLD, Muhammad Saad TAHIR, Gavin MCGREW
  • Publication number: 20220382888
    Abstract: Disclosed herein are system, method, and computer program product embodiments for evaluating whether or not a role has an over-privileged access permission contained in a set of effective access permissions to a system resource defined in a first security policy and a second security policy. The method includes comparing a scope of a name for the system resource defined in the first security policy with a permissible scope of the name for the system resource defined by a security rule to obtain a first comparison result; and comparing a scope of a name for the role defined in the second security policy with a permissible scope of the name for the role defined by the security rule to obtain a second comparison result. The method further includes determining, based on the first comparison result and the second comparison result, whether or not the role has the over-privileged access permission.
    Type: Application
    Filed: May 28, 2021
    Publication date: December 1, 2022
    Applicant: Capital One Services, LLC
    Inventors: Matthew A. GHIOLD, Gavin MCGREW, Devon POWLEY, Christopher SCHULTZ
  • Publication number: 20220382889
    Abstract: Disclosed herein are system, method, and computer program product embodiments for preemptively evaluating whether roles are over-privileged within an (IAM) identity and access management system. Roles may be over-privileged when they are granted permissions to perform certain actions outside the scope granted to those roles. The evaluation occurs without submitting the certain actions to the IAM system and allows roles to be evaluated on a preemptive basis so that corrective actions may be taken to prevent unauthorized access to resources. Roles may be associated with policies which may each define different permissions for accessing resources. The evaluation may involve generating an effective policy from the policies associated with a role to provide a comprehensive view of all permissions associated with the role.
    Type: Application
    Filed: May 28, 2021
    Publication date: December 1, 2022
    Applicant: Capital One Services, LLC
    Inventors: Matthew A. GHIOLD, Gavin McGrew, Devon Powley, Dale Greene, JR.