Abstract: There is provided a method (100) for managing a Robotics Process Automation (RPA) robot. The method comprises: acquiring (S110) data associated with an operation metric of the RPA robot during execution of an automation workflow and determining (S120) an optimising action based on a policy and the acquired data associated with the operation metric of the RPA robot.

Abstract: An access control request manager based on learning profile based access pathways in a physical access control system (PACS). The access control request manager including an access pathways learning module configured to determine an reachability graph associated with each resource in the PACS, and a permissions request module, the permissions request module including an access request user interface configured to permit a user or an administrator, to provide a request for a permission to permit the user access to, or revoke the user's access to, a resource in the PACS. The permissions request module determines if the requested permission is already granted to the user, computes a pathway to reach the requested resource based on the reachability graph, suggests a permission, if needed, required to satisfy the request based on the computed pathway, and if approved, adds the suggested permission to any permissions granted to the user.

Abstract: A physical access control system (PACS) for protecting a resource. The PACS includes a credential including information regarding a user stored thereon, the credential presented to request access to a resource protected by an access point. A reader is in operative communication with the credential and configured to read the user information from the credential. The user information includes at least one attribute. A controller executes a set of access control rules, the rules based on policies extracted from a database of static permissions for the user, the policies defining requirements for permitting access of the user to the resource based on the at least one attribute, the controller configured to permit access to the resource.

Abstract: A spatio-temporal topology learning system for detection of suspicious access control behavior in a physical access control system (PACS). The spatio-temporal topology learning system including an access pathways learning module configured to determine a set of spatio-temporal properties associated with a resource in the PACS, an inconsistency detection module in operable communication with the access pathways learning module, the inconsistencies detection module configured to analyze a plurality of historical access control events and identify an inconsistency with regard to the set of spatio-temporal properties, and if an inconsistency is detected, at least one of the events is flagged as potentially suspicious access control behavior.

Abstract: A system and method for generating at least one policy includes a policy document database containing at least one policy document containing at least one unstructured policy entry, and a natural language processor to analyze the at least one unstructured policy entry to generate least one formal policy, wherein a formal outcome of execution of the at least one formal policy corresponds to the at least one unstructured policy entry, and a rule processor to transform the at least one formal policy entry to generate at least one enforceable policy, wherein an enforcement outcome of execution of the at least one enforceable policy corresponds to the at least one formal policy entry.

Abstract: An access control request manager based on learning profile based access pathways in a physical access control system (PACS). The access control request manager including an access pathways learning module configured to determine an reachability graph associated with each resource in the PACS, and a permissions request module, the permissions request module including an access request user interface configured to permit a user or an administrator, to provide a request for a permission to permit the user access to, or revoke the user's access to, a resource in the PACS. The permissions request module determines if the requested permission is already granted to the user, computes a pathway to reach the requested resource based on the reachability graph, suggests a permission, if needed, required to satisfy the request based on the computed pathway, and if approved, adds the suggested permission to any permissions granted to the user.

Abstract: A framework for access provisioning in a physical access control system (PACS). The framework includes a permissions request interface, the permissions request interface configured to permit a user or an administrator to request for a permission to access/revoke access to a resource, a permissions recommendation module communicating with the permissions request interface to receive the request and recommending a permission to be assigned to, or removed from, the user. The framework also includes a permissions validation module operable to ensure that the permission to be assigned to or to be removed does not violate an existing access control policy, that the permission to be assigned permits access to all permitted resources, or that the permission to be removed from the user denies access to all revoked resources and an approval workflow identification module identifying an approval required to assign or remove the permission.

Abstract: A spatio-temporal topology learning system for detection of suspicious access control behavior in a physical access control system (PACS). The spatio-temporal topology learning system including an access pathways learning module configured to determine a set of spatio-temporal properties associated with a resource in the PACS, an inconsistency detection module in operable communication with the access pathways learning module, the inconsistencies detection module configured to analyze a plurality of historical access control events and identify an inconsistency with regard to the set of spatio-temporal properties, and if an inconsistency is detected, at least one of the events is flagged as potentially suspicious access control behavior.

Abstract: A method of managing access control permissions groups. The method includes acquiring a permissions database having user access control permissions groups and links between a user and at least one permission of a plurality of permissions and the groups. The method may also include revising the access control permissions groups based on at least one of an importance of a permission and an administrator input.

Abstract: A system for generating at least one policy includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to at least one resource, a policy database, and a processor to analyze the plurality of static permission records to generate the at least one policy, wherein an outcome of execution of the at least one policy corresponds to the plurality of static permission records.

Abstract: A method for controlling authorization decisions for resource access is provided. The method includes generating a request signal that includes resource identification information, transmitting the request signal for resource access to an authorization system, receiving the request signal at the authorization system, and generating an authorization request signal based on the request signal. The authorization request signal requires a single Boolean data type response in the form of either a grant access reply and a deny access reply.

Abstract: A system and method for generating at least one policy includes a policy document database containing at least one policy document containing at least one unstructured policy entry, and a natural language processor to analyze the at least one unstructured policy entry to generate least one formal policy, wherein a formal outcome of execution of the at least one formal policy corresponds to the at least one unstructured policy entry, and a rule processor to transform the at least one formal policy entry to generate at least one enforceable policy, wherein an enforcement outcome of execution of the at least one enforceable policy corresponds to the at least one formal policy entry.

Abstract: A system for generating at least one policy includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to at least one resource, a policy database, and a processor to analyze the plurality of static permission records to generate the at least one policy, wherein an outcome of execution of the at least one policy corresponds to the plurality of static permission records.

Abstract: A system for auditing physical access to at least one resource includes a static permission database containing a plurality of static permission records identifying access permissions for at least one credential holder to the at least one resource, a policy database containing a plurality of policies, a processor to execute at least one policy of the plurality of policies to generate an outcome of execution of at least one policy to compare the outcome of execution of at least one policy with at least one appropriate static permission records of the plurality of static permission records, and a scheduler to trigger the processor to execute and compare the outcome of execution of at least one policy with the at least one appropriate static permission records in response to at least one of an occasional event, a schedule, or an action by administrator.