US 12,470,537 B2
Performing a security action with regard to an access token based on clustering of access requests
Coral Cohen, Hadera (IL); Andrey Karpovsky, Kiryat Motzkin (IL); and Ariel Brukman, Kiriat Ata (IL)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on May 31, 2023, as Appl. No. 18/326,955.
Prior Publication US 2024/0406160 A1, Dec. 5, 2024
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/0815 (2013.01) [H04L 63/083 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system comprising:
memory; and
a processing system coupled to the memory, the processing system configured to:
cluster subsets of access requests into respective clusters, which correspond to respective requestor types, based at least on the access requests in the subsets having respective attributes that indicate the respective requestor types, the access requests requesting access to cloud resources;
identify access behaviors that are associated with the access requests in the respective clusters and that correspond to a common access token;
determine that a difference between a scope of permissions that are defined by the common access token and a scope of a first access behavior, which is associated with a first cluster that corresponds to a first requestor type and which corresponds to the common access token, is greater than or equal to a threshold difference; and
based at least on the difference between the scope of the permissions that are defined by the common access token and the scope of the first access behavior being greater than or equal to the threshold difference, perform a security action with regard to the common access token.