Search

US-20260128899-A1 - METHOD AND SYSTEM FOR SECURING PRIVILEGED ACCESS DATA VIA A PRIVILEGED ACCESS SECURITY SERVICE PLATFORM

US20260128899A1US 20260128899 A1US20260128899 A1US 20260128899A1US-20260128899-A1

Abstract

A method and system for securing privileged access data via a privileged access security service (PASS) platform may be provided. The method may include obtaining authentication data, providing a web-based UI portal to access a PASS platform upon ascertaining that user credentials are valid, and inputting digital case data into the web-based UI portal. The PASS platform may include an incident management and tracking system and an entitlement control management system. The method may include performing dual operations on the digital case data and generating an ADFS digital security token and a digital functional identifier (FID), and calling an API based on the ADFS digital security token and the digital FID. The method may also include testing the API internally via an API gateway endpoint and cloud APIs without exposing the ADFS digital security token to the user, generating a response based on the testing, and displaying the response.

Inventors

  • Mohankumar RAJAGOPALAN
  • Amit Kumar MESHRAM

Assignees

  • JPMORGAN CHASE BANK, N.A.

Dates

Publication Date
20260507
Application Date
20251009

Claims (20)

  1. 1 . A method for securing privileged access data via a privileged access security service platform, the method being implemented by at least one processor, the method comprising: obtaining user credentials from a user; providing a web-based user interface (UI) portal to access a privileged access security service (PASS) platform upon ascertaining that the user credentials are valid, wherein the PASS platform comprises an integration of an incident management and tracking system and an entitlement control management system; inputting digital case data into the web-based UI portal; performing dual operations on the inputted digital case data, the dual operations comprising a first set of operations via the incident management and tracking system and a second set of operations via the entitlement control management system; generating an active directory federation services (ADFS) digital security token and a digital functional identifier (FID) based on an affirmative result of the dual operations; performing a software call function to call an application program interface (API) based on the ADFS digital security token and the digital FID; testing the API internally via an API gateway endpoint and cloud APIs without exposing the ADFS digital security token to the user; generating a response from the API based on the testing; and displaying the response via the web-based UI portal to the user.
  2. 2 . The method of claim 1 , wherein the ascertaining that the user credentials are valid comprises performing an authentication of the user credentials based on single sign-on (SSO) authentication.
  3. 3 . The method of claim 1 , wherein the inputting of the digital case data comprises inputting incident log data, user identifier data, application data, the user’s credentials, a uniform resource identifier (URI) endpoint data, and a case reason into the web-based UI portal.
  4. 4 . The method of claim 1 , wherein the first set of operations via the incident management and tracking system comprises: determining whether an incident report from the inputted digital case data is in a correct status state; generating the ADFS digital security token and the digital FID based on the affirmative result of the determining of whether the incident report is in the correct status state; generating an error message based on a negative result of the determining of whether the incident report is in the correct status state; and storing the error message in a database.
  5. 5 . The method of claim 4 , wherein the determining of whether the incident report is in the correct status state comprises determining whether the incident report is not more than a predetermined number of days old.
  6. 6 . The method of claim 1 , wherein the second set of operations via the entitlement control management system comprises: determining whether user identifier data from the inputted digital case data denotes that the user is in a group with correct entitlement access to access the PASS platform; generating the ADFS digital security token and the digital FID based on the affirmative result of the determining of whether the user identifier data denotes that the user is in the group with the correct entitlement access; generating an error message based on a negative result of the determining of whether the user identifier data denotes that the user is in the group with the correct entitlement access; and storing the error message in a database.
  7. 7 . The method of claim 1 , further comprising: storing actions of the user in a database that establishes an audit trail of the actions of the user; and providing the stored actions of the user to the web-based UI portal for utilization in accessing the PASS platform.
  8. 8 . The method of claim 1 , wherein the digital FID is generated when an application is accessed, and wherein the digital FID is valid for a predetermined amount of time.
  9. 9 . The method of claim 1 , wherein the ADFS digital security token is generated based on a computer network authentication protocol that utilizes symmetric key cryptography and a key distribution center concept.
  10. 10 . A computing apparatus for securing privileged access data via a privileged access security service platform, the computing apparatus comprising: a processor; a memory; and a communication interface coupled to each of the processor and the memory, wherein the processor is configured to: obtain user credentials from a user; provide a web-based user interface (UI) portal to access a privileged access security service (PASS) platform upon ascertaining that the user credentials are valid, wherein the PASS platform comprises an integration of an incident management and tracking system and an entitlement control management system; input digital case data into the web-based UI portal; perform dual operations on the inputted digital case data, the dual operations comprising a first set of operations via the incident management and tracking system and a second set of operations via the entitlement control management system; generate an active directory federation services (ADFS) digital security token and a digital functional identifier (FID) based on an affirmative result of the dual operations; perform a software call function to call an application program interface (API) based on the ADFS digital security token and the digital FID; test the API internally via an API gateway endpoint and cloud APIs without exposing the ADFS digital security token to the user; generate a response from the API based on the testing; and display the response via the web-based UI portal to the user.
  11. 11 . The computing apparatus of claim 10 , wherein the processor is further configured to ascertain that the user credentials are valid by performing an authentication of the user credentials based on single sign-on (SSO) authentication.
  12. 12 . The computing apparatus of claim 10 , wherein the processor is further configured to performing the inputting of the digital case data by inputting incident log data, user identifier data, application data, the user’s credentials, a uniform resource identifier (URI) endpoint data, and a case reason into the web-based UI portal.
  13. 13 . The computing apparatus of claim 10 , wherein the first set of operations via the incident management and tracking system comprises: determining whether an incident report from the inputted digital case data is in a correct status state; generating the ADFS digital security token and the digital FID based on the affirmative result of the determining of whether the incident report is in the correct status state; generating an error message based on a negative result of the determining of whether the incident report is in the correct status state; and storing the error message in a database.
  14. 14 . The computing apparatus of claim 13 , wherein the determining of whether the incident report is in the correct status state comprises determining whether the incident report is not more than a predetermined number of days old.
  15. 15 . The computing apparatus of claim 10 , wherein the second set of operations via the entitlement control management system comprises: determining whether user identifier data from the inputted digital case data denotes that the user is in a group with correct entitlement access to access the PASS platform; generating the ADFS digital security token and the digital FID based on the affirmative result of the determining of whether the user identifier data denotes that the user is in the group with the correct entitlement access; generating an error message based on a negative result of the determining of whether the user identifier data denotes that the user is in the group with the correct entitlement access; and storing the error message in a database.
  16. 16 . The computing apparatus of claim 10 , wherein the processor is further configured to: store actions of the user in a database that establishes an audit trail of the actions of the user; and provide the stored actions of the user to the web-based UI portal for utilization in accessing the PASS platform.
  17. 17 . The computing apparatus of claim 10 , wherein the digital FID is generated when an application is accessed, and wherein the digital FID is valid for a predetermined amount of time.
  18. 18 . The computing apparatus of claim 10 , wherein the ADFS digital security token is generated based on a computer network authentication protocol that utilizes symmetric key cryptography and a key distribution center concept.
  19. 19 . A non-transitory computer readable storage medium storing instructions for securing privileged access data via a privileged access security service platform, the storage medium comprising executable code which, when executed by a processor, causes the processor to: obtain user credentials from a user; provide a web-based user interface (UI) portal to access a privileged access security service (PASS) platform upon ascertaining that the user credentials are valid, wherein the PASS platform comprises an integration of an incident management and tracking system and an entitlement control management system; input digital case data into the web-based UI portal; perform dual operations on the inputted digital case data, the dual operations comprising a first set of operations via the incident management and tracking system and a second set of operations via the entitlement control management system; generate an active directory federation services (ADFS) digital security token and a digital functional identifier (FID) based on an affirmative result of the dual operations; perform a software call function to call an application program interface (API) based on the ADFS digital security token and the digital FID; test the API internally via an API gateway endpoint and cloud APIs without exposing the ADFS digital security token to the user; generate a response from the API based on the test; and display the response via the web-based UI portal to the user.
  20. 20 . The storage medium of claim 19 , wherein when executed, the executable code further causes the processor to ascertain that the user credentials are valid by performing an authentication of the user credentials based on single sign-on (SSO) authentication.

Description

CROSS-REFERENCE TO RELATED APPLICATION This application claims the benefit of U.S. Provisional Patent Application No. 63/715,980, filed November 4, 2024, which is hereby incorporated by reference in its entirety. FIELD OF DISCLOSURE This technology generally relates to methods and systems for securing privileged access data via a privileged access security service platform. BACKGROUND INFORMATION Engineering teams often need to generate active directory federation services (ADFS) tokens as part of a post-production deployment validation or production issues troubleshooting associated with secured data systems. While digital functional identifiers (FIDs) and password may be used, FIDs and passwords can result in privileged credential disclosure. For instance, knowledge of the FIDs and password by other parties besides the user and authorized parties, which can lead to unauthorized access to secured data systems with sensitive and confidential data or cause disruption of services. Presently, while secured access services exist, a generic solution is not available that would enable the production validation of application program interfaces (APIs) for accessing the secured data systems without the need to expose the password, FIDs, or ADFS token which are required for API authentication. That is, to perform API authentication to access the secured data systems, users would need to expose either their password, digital FIDs, or ADFS token as part of the authentication process. This exposure can lead to stolen credentials, unauthorized access into the secured data systems by nefarious parties, etc. Accordingly, there is a need for techniques to generate a secured service enabling secured access to a secured data system without the need to expose users’ authentication details. SUMMARY The present disclosure, through one or more of its various aspects, embodiments, and/or specific features or sub-components, provides, inter alia, various systems, servers, devices, methods, media, programs, and platforms for securing privileged access data via a privileged access security service platform. According to an aspect of the present disclosure, a method for securing privileged access data via a privileged access security service platform may be provided. The method may be implemented by at least one processor. The method may include: obtaining user credentials from a user; providing a web-based user interface (UI) portal to access a privileged access security service (PASS) platform upon ascertaining that the user credentials are valid, wherein the PASS platform comprises an integration of an incident management and tracking system and an entitlement control management system; inputting digital case data into the web-based UI portal; performing dual operations on the inputted digital case data, the dual operations comprising a first set of operations via the incident management and tracking system and a second set of operations via the entitlement control management system; generating an active directory federation services (ADFS) digital security token and a digital functional identifier (FID) based on an affirmative result of the dual operations; performing a software call function to call an application program interface (API) based on the ADFS digital security token and the digital FID; testing the API internally via an API gateway endpoint and cloud APIs without exposing the ADFS digital security token to the user; generating a response from the API based on the testing; and displaying the response via the web-based UI portal to the user. The ascertaining that the user credentials are valid may include performing an authentication of the user credentials based on single sign-on (SSO) authentication. The inputting of the digital case data may include inputting incident log data, user identifier data, application data, the user’s credentials, a uniform resource identifier (URI) endpoint data, and a case reason into the web-based UI portal. The first set of operations via the incident management and tracking system may include: determining whether an incident report from the inputted digital case data is in a correct status state; generating the ADFS digital security token and the digital FID based on the affirmative result of the determining of whether the incident report is in the correct status state; generating an error message based on a negative result of the determining of whether the incident report is in the correct status state; and storing the error message in a database. The determining of whether the incident report is in the correct status state may include determining whether the incident report is not more than a predetermined number of days old. The second set of operations via the entitlement control management system may include: determining whether user identifier data from the inputted digital case data denotes that the user is in a group with correct entitlement access to access the PASS platform;