US 12,267,368 B1
Real-time cloud based multi-dimensional user entitlement system
Boris Goberman, Fair Lawn, NJ (US); Prashant Suri, Brossard (CA); Nandhakumar Chellamuthu, Montreal (CA); James McGuire, New York, NY (US); and Robert Gordonoff, Edgewater, NJ (US)
Assigned to Morgan Stanley Services Group Inc., New York, NY (US)
Filed by Morgan Stanley Services Group Inc., New York, NY (US)
Filed on Sep. 21, 2023, as Appl. No. 18/471,415.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/20 (2013.01) [H04L 63/104 (2013.01); H04L 63/105 (2013.01)] 16 Claims
OG exemplary drawing
 
1. A streamlined user entitlement creation, revocation and implementation system, the system comprising:
a local network comprising:
an entitlement creation application server for creating user entitlements for users in an enterprise based on user entitlement creation requests received by the entitlement creation application server, wherein the user entitlements comprise a plurality of multi-dimensional user entitlements, wherein each multi-dimensional user entitlement comprises, for a user, a resource interaction permission control based on at least both an enterprise role for the user in the enterprise and a dimensional coverage for the user;
a local network entitlement database system for storing the user entitlements created by the entitlement creation application server;
a local network Run-Time Access Control (RTAC) server for resolving local network entitlement queries from local network applications on the local network, wherein the local network RTAC server is for resolving the local network entitlement queries based on the user entitlements stored in the local network entitlement database system; and
a local network run time store (RTS) data store for storing user entitlement updates, wherein the user entitlement updates comprise updates to existing user entitlements and new user entitlements;
a cloud network in data communication with the local network, the cloud network comprising:
a cloud network database for storing the user entitlements based on the user entitlement updates received from the local network RTS data store; and
a cloud network RTAC server, coupled to the cloud network database, the cloud network RTAC server configured to:
receive a cloud network entitlement query from a cloud application in data communication with the cloud network, wherein the cloud network entitlement query comprises a query from the cloud application as to whether a user has permission to perform a function with respect to the cloud application;
based on the cloud network entitlement query, query the cloud network database for user entitlement for the user; and
resolve, based on the query to the cloud network database, an entitlement outcome for the user for the cloud application, wherein the entitlement outcome comprises a response to the cloud network entitlement query enforceable by the cloud application.