US 12,236,356 B2
Zero trust access controller
Dennis Paul Ackerman, Chesapeake, VA (US); and Stephen Francis Taylor, Virginia Beach, VA (US)
Filed by Go Logic Decision Time, LLC, Chesapeake, VA (US)
Filed on Apr. 12, 2024, as Appl. No. 18/633,931.
Application 18/633,931 is a continuation of application No. 18/215,384, filed on Jun. 28, 2023, granted, now 11,961,011.
Application 18/215,384 is a continuation of application No. 18/110,189, filed on Feb. 15, 2023, granted, now 11,710,052, issued on Jul. 25, 2023.
Application 18/110,189 is a continuation of application No. 18/094,002, filed on Jan. 6, 2023, granted, now 11,710,051, issued on Jul. 25, 2023.
Application 18/094,002 is a continuation of application No. 17/989,514, filed on Nov. 17, 2022, granted, now 11,710,050, issued on Jul. 25, 2023.
Application 17/989,514 is a continuation of application No. 17/939,766, filed on Sep. 7, 2022, granted, now 11,790,248, issued on Oct. 17, 2023.
Application 17/939,766 is a continuation of application No. 17/743,132, filed on May 12, 2022, granted, now 11,481,643, issued on Oct. 25, 2022.
Application 17/743,132 is a continuation of application No. 17/524,202, filed on Nov. 11, 2021, granted, now 11,361,228, issued on Jun. 14, 2022.
Application 17/524,202 is a continuation of application No. 17/157,496, filed on Jan. 25, 2021, granted, now 11,200,499, issued on Dec. 14, 2021.
Application 17/157,496 is a continuation of application No. 16/841,990, filed on Apr. 7, 2020, granted, now 10,936,957, issued on Mar. 2, 2021.
Application 16/841,990 is a continuation of application No. 16/238,122, filed on Jan. 2, 2019, granted, now 10,650,313, issued on May 12, 2020.
Application 16/238,122 is a continuation in part of application No. PCT/US2017/040252, filed on Jun. 30, 2017.
Prior Publication US 2024/0403665 A1, Dec. 5, 2024
Int. Cl. G06F 16/00 (2019.01); G06F 16/21 (2019.01); G06F 16/28 (2019.01); G06F 30/20 (2020.01); G06N 5/02 (2023.01); G06N 5/022 (2023.01); G06Q 10/00 (2023.01); G06Q 10/067 (2023.01); G06F 9/54 (2006.01)
CPC G06N 5/022 (2013.01) [G06F 16/212 (2019.01); G06F 16/288 (2019.01); G06F 30/20 (2020.01); G06N 5/027 (2013.01); G06Q 10/00 (2013.01); G06Q 10/067 (2013.01); G06F 9/541 (2013.01)] 24 Claims
OG exemplary drawing
 
1. A method of securing data in a computer network, the method comprising:
receiving a request for a file-directed action, the request including an identifier of a user associated with the request, an identifier of a file for the file-directed action, and at least one indication of a mode of access of the file;
determining a process-type entity for computer executable action code representing the file-directed action based on the at least one indication of the mode of access of the file;
determining a data-type entity representing the file based on the identifier of the file;
generating a mediated covenant of association among a user-type entity representing the user based on the identifier of the user and the process-type entity representing the file-directed action, the covenant produced by node-by-node informatic convolution of a hierarchy of informational nodes present in profiles and in ancillary data of each of the user-type entity and the process-type entity, wherein the covenant expresses settings for executing the action code on behalf of the user;
producing a computer security event-specific computing object for constraining the file-directed action, the constraining based at least in part on the settings expressed by the covenant and a set of file access constraints from a profile of the data-type entity, wherein the profile of the data-type entity is decrypted and the set of file access constraints are identified in the decrypted profile based on the at least one indication of the mode of access of the file; and
facilitating an instance of access by the user to the file via the action code for a set of privileges that are consistent among the settings expressed by the covenant and the set of file access constraints, wherein constraints on execution of the action code are enforceable based on the computer security event-specific computing object.