US 11,943,241 B2
Compact cloud access network based on role-to-resource detection with resource state change tracking and provenance
Ravishankar Ganesh Ithal, Los Altos, CA (US); Yang Zhang, Los Altos, CA (US); and Mummoorthy Murugesan, Fremont, CA (US)
Assigned to Normalyze, Inc., Los Altos, CA (US)
Filed by Normalyze, Inc., Los Altos, CA (US)
Filed on Mar. 1, 2023, as Appl. No. 18/116,161.
Application 18/116,161 is a continuation of application No. 18/090,195, filed on Dec. 28, 2022.
Application 18/090,195 is a continuation of application No. 17/858,903, filed on Jul. 6, 2022, granted, now 11,575,696, issued on Feb. 7, 2023.
Claims priority of provisional application 63/246,310, filed on Sep. 21, 2021.
Claims priority of provisional application 63/246,313, filed on Sep. 21, 2021.
Claims priority of provisional application 63/246,315, filed on Sep. 21, 2021.
Claims priority of provisional application 63/246,303, filed on Sep. 20, 2021.
Prior Publication US 2023/0208861 A1, Jun. 29, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 9/451 (2018.01); G06F 16/21 (2019.01); G06F 16/245 (2019.01); G06F 16/35 (2019.01); G06F 16/95 (2019.01); G06F 21/57 (2013.01); G06F 21/62 (2013.01)
CPC H04L 63/1416 (2013.01) [G06F 9/451 (2018.02); G06F 16/211 (2019.01); G06F 16/24569 (2019.01); G06F 16/355 (2019.01); G06F 16/95 (2019.01); G06F 21/577 (2013.01); G06F 21/6227 (2013.01); H04L 63/083 (2013.01); H04L 63/102 (2013.01); H04L 63/104 (2013.01); H04L 63/1433 (2013.01); H04L 63/18 (2013.01); H04L 63/205 (2013.01); G06F 2221/034 (2013.01); G06F 2221/2141 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A system for streamlined analysis of access sub-networks in a cloud environment, comprising: memory storing access sub-networks in a cloud environment between a plurality of resources and a plurality of users, wherein a subject access sub-network makes a subject resource accessible to one or more users; memory storing user-to-role mappings for roles assigned to the plurality of users, wherein the roles are defined at a resolution of the cloud environment; and accumulation logic, having access to the access sub-networks and to the user-to-role mappings, and configured to traverse the access sub-networks to build a number U user-to-resource mappings between the plurality of users and the plurality of resources, and to evaluate the number U user-to-resource mappings against the user-to-role mappings to accumulate a number R role-to-resource mappings between the roles and the plurality of resources, wherein R<<U.