	US 11,936,653 B2
	Revision of access control process according to virtual roles of subjects based on attributes thereof
Leonardo Rosati, Rome (IT); Alberto Novello, Rome (IT); Fabrizio Petriconi, Rome (IT); and Anna Filomena Bufi, Rome (IT)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed on Feb. 16, 2021, as Appl. No. 17/248,974.
Claims priority of application No. 20162678 (EP), filed on Mar. 12, 2020.
Prior Publication US 2021/0288963 A1, Sep. 16, 2021
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/10 (2013.01) [H04L 63/20 (2013.01)]

20 Claims

1. A method for access control, the method comprising:

retrieving accesses granted to one or more subjects, wherein the accesses are granted according to one or more policies based on one or more attributes of the one or more subjects;

calculating a relevance indicator for each of the one or more attributes, wherein one or more relevance indicators are calculated based on a comparison of an access type granted to the one or more subjects and the one or more attributes of the one or more subjects;

creating one or more virtual groups by selecting at least one of the one or more attributes belonging to each of the one or more subjects with a same access type, wherein the at least one of the one or more attributes is selected based on the relevance indicator calculated for each of the one or more attributes;

assigning a label, using a linguistic engine, to each of the one or more virtual groups, wherein the linguistic engine searches a dictionary repository or interrogates one or more remote services based on each of the one or more attributes; and

displaying a review window to a reviewer, the review window being comprised of a list of a plurality of subjects, a corresponding assigned label, and a list of the access types granted to each of the plurality of subjects.