US 11,888,857 B2
Risk-aware access control system and related methods
Andrew James Malton, Waterloo (CA); Andrew Eric Walenstein, Issaquah, WA (US); Jinxin Liu, Ottawa (CA); Burak Kantarci, Ottawa (CA); Melike Erol Kantarci, Ottawa (CA); and Murat Simsek, Ottawa (CA)
Assigned to BlackBerry Limited, Waterloo (CA)
Filed by BlackBerry Limited, Waterloo (CA)
Filed on Dec. 21, 2020, as Appl. No. 17/129,334.
Prior Publication US 2022/0201004 A1, Jun. 23, 2022
Int. Cl. H04L 9/40 (2022.01); G06F 21/31 (2013.01)
CPC H04L 63/105 (2013.01) [G06F 21/31 (2013.01); H04L 63/205 (2013.01); G06F 2221/2103 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method of risk-aware access control, comprising:
detecting a request to perform an action, the requested action being associated with respect to two factors, each of the two factors being of a different factor type, each factor type being one of people, device, document, and location;
determining a coupling associated with the two factors associated with the requested action, wherein the coupling defines a relationship between the two factors associated with the requested action;
determining a risk level associated with the coupling;
denying the requested action in response to a determination that the risk level does not match a security policy associated with the requested action; and
allowing the requested action in response to a determination that the risk level matches the security policy associated with the requested action.