	US 12,278,843 B2
	Enforcing security policies in a zero trust security framework using a behavioral score
Edwin Donald Sutherland, Milton Keynes (GB); and Sheril Nagoormeera, London (GB)
Assigned to CLOUDFLARE, INC., San Francisco, CA (US)
Filed by CLOUDFLARE, INC., San Francisco, CA (US)
Filed on Jan. 8, 2024, as Appl. No. 18/407,009.
Application 18/407,009 is a continuation of application No. 18/175,815, filed on Feb. 28, 2023, granted, now 11,870,818.
Prior Publication US 2024/0291867 A1, Aug. 29, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 41/0894 (2022.01)

CPC H04L 63/20 (2013.01) [H04L 41/0894 (2022.05)]

21 Claims

1. A computer-implemented method comprising:

retrieving access logs associated with a plurality of identities;

generating, using a trust model and based on the retrieved access logs, a plurality of behavioral scores for the plurality of identities respectively, wherein each behavioral score is dynamically determined based on access approvals and access denials associated with a corresponding identity during an assessment period;

receiving a first request to access a resource, the first request associated with a first identity of the plurality of identities;

determining that a zero trust access policy is applicable for the resource;

determining a first behavioral score for the first identity from the plurality of behavioral scores for the plurality of identities;

determining that the first behavioral score for the first identity satisfies a behavioral score threshold for the zero trust access policy; and

providing access to the resource in response to the first request responsive to determining that the first behavioral score for the first identity satisfies the behavioral score threshold for the zero trust access policy.