US 12,250,224 B2
Systems and methods for dynamic granular access permissions
Brian Childress, Richmond, VA (US); and Sean Stokely, Richmond, VA (US)
Assigned to CAPITAL ONE SERVICES, LLC, Mclean, VA (US)
Filed by Capital One Services, LLC, McLean, VA (US)
Filed on Dec. 6, 2023, as Appl. No. 18/530,505.
Application 18/530,505 is a continuation of application No. 17/069,376, filed on Oct. 13, 2020, granted, now 11,888,853.
Application 17/069,376 is a continuation of application No. 16/539,082, filed on Aug. 13, 2019, granted, now 10,848,498, issued on Nov. 24, 2020.
Claims priority of provisional application 62/718,229, filed on Aug. 13, 2018.
Prior Publication US 2024/0179152 A1, May 30, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 9/451 (2018.01)
CPC H04L 63/102 (2013.01) [G06F 9/451 (2018.02); H04L 63/08 (2013.01); H04L 63/108 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A method performed by a system, wherein the system comprises a server for providing an application to a user, an access permission database accessible by the server for storing permanent access permissions for the user, and a memory accessible by the server and storing temporary access permissions for the user while the application is executing, the method comprising:
retrieving the permanent access permissions for the user from the access permission database;
determining the temporary access permissions for the user based on the permanent access permissions and an authentication of the user, wherein the temporary access permissions is an attribute-based authorization based on one or more policies created to determine a non-role-based authorization the user has within the application and the one or more policies fit into a pattern for the application;
storing the temporary access permissions in the memory;
providing a user interface including only actions that are permitted for the user corresponding to the temporary access permissions;
receiving an event, the event comprising one selected from a group consisting of a change in the user's permanent access permissions, a change to a scope limitation of the user, a change to a time duration limitation of the user;
dynamically modifying at least one of the temporary access permissions for the user based on the event, wherein an event handler applies to the user at least one selected from a group of a scope limited access control permission and a temporally limited access control permission;
providing an authorization process that determines whether a request from the user interface is authorized before processing the request from an administrator, using the temporary access permissions, wherein the determination is based on the pattern, and the attribute-based authorization provides a level of authority that is tied to the one or more policies associated with the application and is independent of the user roles within the organization's hierarchy or application; and
modifying the actions displayed on the user interface based on processing the request wherein the application comprises an administration application configured to expand, create, or limit role-based access permissions without having to add new roles or updates to a front end application, which allows configurable permutations of roles per user and per component as the application evolves over time.