CPC H04L 63/105 (2013.01) [G06F 21/31 (2013.01); H04L 63/205 (2013.01); G06F 2221/2103 (2013.01)] | 20 Claims |
1. A method of risk-aware access control, comprising:
detecting a request to perform an action, the requested action being associated with respect to two factors, each of the two factors being of a different factor type, each factor type being one of people, device, document, and location;
determining a coupling associated with the two factors associated with the requested action, wherein the coupling defines a relationship between the two factors associated with the requested action;
determining a risk level associated with the coupling;
denying the requested action in response to a determination that the risk level does not match a security policy associated with the requested action; and
allowing the requested action in response to a determination that the risk level matches the security policy associated with the requested action.
|