DESC:
FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENTS RULES, 2003

COMPLETE SPECIFICATION
(See section 10 and rule 13)
1. TITLE OF THE INVENTION
METHOD AND SYSTEM FOR MANAGING DATA ACCESS FOR USERS IN A NETWORK
2. APPLICANT(S)
Name Nationality Address
JIO PLATFORMS LIMITED INDIAN Office - 101, Saffron, Nr. Centre Point, Panchwati 5 Rasta, Ambawadi, Ahmedabad - 380006, Gujarat, India
3. PREAMBLE TO THE DESCRIPTION

The following specification particularly describes the invention and the manner in which it is to be performed.

RESERVATION OF RIGHTS
[0001] A portion of the disclosure of this patent document contains material, which is subject to intellectual property rights such as, but are not limited to, copyright, design, trademark, Integrated Circuit (IC) layout design, and/or trade dress protection, belonging to JIO PLATFORMS LIMITED or its affiliates (hereinafter referred as owner). The owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all rights whatsoever. All rights to such intellectual property are fully reserved by the owner.

TECHNICAL FIELD
[0002] The present disclosure relates generally to the field of network security. More particularly, the present disclosure relates to systems and methods for managing data access for users.

DEFINITION
[0003] As used in the present disclosure, the following terms are generally intended to have the meaning as set forth below, except to the extent that the context in which they are used to indicate otherwise.
[0004] The expression ‘User Plane Function (UPF) node’ used hereinafter in the specification refers to a critical component in a Fifth Generation (5G) network architecture responsible for handling user data traffic. The UPF node manages the routing, forwarding, and processing of user data packets between the User Equipment (UE) and external networks.
[0005] The expression ‘role-based access control’ used hereinafter in the specification refers to a security model where permissions and access rights are assigned to a user based on a role of the user within an organization.
[0006] The expression ‘circle-based access control’ used hereinafter in the specification refers to a security model where access permissions are granted based on a user’s membership in specific circles. Each circle defines a set of access rights and permissions, allowing each user to have different access levels depending on their circle affiliations.

BACKGROUND
[0007] The following description of related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section be used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of prior art.
[0008] In the rapidly evolving digital security landscape, the surge in internet usage has significantly heightened the importance of robust authentication techniques to protect sensitive information. As businesses, individuals, and institutions increasingly rely on digital platforms for transactions, communications, and data storage, the complexity and volume of security challenges have escalated. The extensive adoption of the internet has transformed how we interact with technology, leading to a dramatic increase in the amount of sensitive information exchanged and stored online. This shift has been accompanied by a broadening attack surface as more data and systems become accessible via the internet. From online banking and e-commerce to remote work and cloud storage, virtually every aspect of modern life is interconnected through digital networks. This interconnectedness, while convenient, introduces several security challenges, such as increased cybercrime, data privacy concerns, phishing attacks, and the like.
[0009] Due to these above-listed challenges, various authentication techniques have been developed to overcome these challenges, such as password based authentication, biometric authentication, token-based authentication, Single Sign On (SSO) authentication, and the like. However, each of these existing authentication techniques comes with its own challenges, like difficulty remembering passwords, false positives in biometric authentication, etc. Although password-based authentications are commonly used to authenticate users, passwords are subject to various attacks, such as phishing attacks, social engineering attacks, dictionary attacks, etc. Typically, longer passwords with combinations of letters and numbers provide a higher level of security. However, these longer passwords are more difficult for the users to remember. Further, biometric authentication requires a user's biometric data (such as fingerprint data, retina patterns, and facial structure) that cannot be "stolen" easily and, even if stolen, cannot be used to bypass security as biometric authentication requires the user to submit fresh biometric data via a biometric sensor. However, implementing biometric authentication requires dedicated hardware (fingerprint scanners) and software for authenticating biometric data, which can sometimes be impractical.
[0010] Therefore, there is a need for a method and a system that overcomes the limitations of the prior art and provides a secure and practical solution.
SUMMARY
[0011] In an exemplary embodiment, a method for managing data access for users in a network is disclosed. The method includes receiving one or more user credentials associated with a user from a User Equipment (UE). The method includes fetching authorization information associated with the user from a database, based on the one or more user credentials. The method includes validating the one or more user credentials based on the authorization information fetched from the database. The validation is one of a successful validation and an unsuccessful validation. The method includes upon the successful validation of the one or more user credentials, determining a set of access parameters associated with the user. The set of access parameters includes at least one of a role of the user and a number of affiliated circles corresponding to the user. The method includes granting an access of the data to the user based on the set of access parameters associated with the user.
[0012] In an exemplary embodiment, the method further includes creating a user profile for the user based on the one or more user credentials associated with the user, wherein the one or more user credentials include a username, and a password associated with the user.
[0013] In an exemplary embodiment, the number of affiliated circles is assigned to the user based on a User Plane Function (UPF) node.
[0014] In an exemplary embodiment, the method further includes modifying an access permission of the data corresponding to the user based on an end-user requirement.
[0015] In an exemplary embodiment, the method further includes upon the unsuccessful validation of the one or more user credentials, restricting the user from accessing the data.
[0016] In another exemplary embodiment, a system for managing data access for users in a network is disclosed. The system includes a processor, and a memory coupled to the processor and configured to store instructions executable by the processor, causing the processor to receive one or more user credentials associated with a user from a User Equipment (UE). The processor is further configured to fetch authorization information associated with the user from a database, based on the one or more user credentials. The processor is further configured to validate the one or more user credentials based on the authorization information fetched from the database. The validation is one of a successful validation and an unsuccessful validation. The processor is further configured to determine a set of access parameters associated with the user, upon the successful validation of the one or more user credentials. The set of access parameters includes at least one of a role of the user and a number of affiliated circles corresponding to the user. The processor is further configured to grant an access of the data to the user based on the set of access parameters associated with the user.
[0017] In an exemplary embodiment, the processor is further configured to create a user profile for the user based on the one or more user credentials associated with the user, wherein the one or more user credentials- include a username, and a password associated with the user.
[0018] In an exemplary embodiment, the number of affiliated circles is assigned to the user based on a User Plane Function (UPF) node.
[0019] In an exemplary embodiment, the processor is further configured to modify an access permission of the data corresponding to the user based on an end-user requirement.
[0020] In an exemplary embodiment, the processor is further configured to restrict the user from accessing the data, upon the unsuccessful validation of the one or more user credentials.
[0021] The present disclosure discloses a User Equipment (UE) communicatively coupled with a network. The coupling includes a step of receiving, by the network, a connection request from the UE. The coupling includes a step of sending, by the network, an acknowledgment of the connection request to the UE. The coupling includes a step of transmitting a plurality of signals in response to the connection request. Based on the connection request, data access for a user in a network is managed.
OBJECTIVES
[0022] Some of the objectives of the present disclosure, which at least one embodiment herein satisfies, are as follows:
[0023] An objective of the present disclosure is to provide a method and a system for managing data access for users in a network to maintain data integrity and confidentiality.
[0024] An objective of the present disclosure is to provide a method and system that employs a two-factor security mechanism (also referred to as a two-step or dual-factor protection). Integrating the two-factor security mechanism provides a user with an additional layer of authentication.
[0025] An objective of the present disclosure is to provide a method and a system that supports role-based access control and a circle-based access control for the users to provide data access to the users based on a role and a number of affiliated circles associated with each user.
[0026] An objective of the present disclosure is to provide enhanced security and meticulous control over information dissemination among users by utilizing a robust multilayered protection mechanism (i.e., the two-factor security mechanism).
[0027] An objective of the present disclosure is to provide a universally applicable technique across a wide range of systems and industries and adaptable to various organizational needs, from corporate environments to educational institutions and beyond.
[0028] An objective of the present disclosure is to provide a method and a system that supports a user-centric design. The user-centric design ensures that security measures do not compromise the user experience, making it easier for users to comply with security protocols.
[0029] An objective of the present disclosure is to provide a method and a system that is cost-efficient as compared to existing high-security measures that require extensive hardware and infrastructure.
[0030] Other objectives and advantages of the present disclosure will be more apparent from the following description, which is not intended to limit the scope of the present disclosure.
BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWING
[0031] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components, electronic components or circuitry commonly used to implement such components.
[0032] FIG. 1 illustrates an exemplary network architecture for implementing a system for managing data access for users in a network, in accordance with an embodiment of the present disclosure.
[0033] FIG. 2 illustrates an exemplary block diagram of the system configured for managing the data access for the users in the network, in accordance with an embodiment of the present disclosure
[0034] FIG. 3 illustrates an exemplary process flow diagram depicting a method for managing the data access for the users in the network, in accordance with an embodiment of the present disclosure.
[0035] FIG. 4 illustrates an exemplary flow diagram of a method for managing the data access for the users in the network, in accordance with an embodiment of the present disclosure.
[0036] FIG. 5 illustrates an exemplary detailed flow diagram depicting a method for managing the data access for the users in the network, in accordance with an embodiment of the present disclosure.
[0037] FIG. 6 illustrates an exemplary computer system in which or with which the embodiments of the present disclosure may be implemented.
[0038] The foregoing shall be more apparent from the following more detailed description of the disclosure.

LIST OF REFERENCE NUMERALS
100 – Network architecture
102-1, 102-2…102-N – Plurality of Users
104-1, 104-2…104-N – Plurality of User Equipments
106 – Network
108 – System
200 – Block Diagram
202 – Processor(s)
204 - Memory
206 – Plurality of Interfaces
208 – Database
212 – Receiving Unit
214 – Validating Unit
300 – Exemplary Process Flow Diagram
400 – Flow Diagram
500 – Detailed Flow Diagram
600 – Computer System
610 – External Storage Device
620 – Bus
630 – Main Memory
640 – Read Only Memory
650 – Mass Storage Device
660 – Communication Port
670 – Processor

DETAILED DESCRIPTION
[0039] In the following description, for the purposes of explanation, various specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter can each be used independently of one another or with any combination of other features. An individual feature may not address any of the problems discussed above or might address only some of the problems discussed above. Some of the problems discussed above might not be fully addressed by any of the features described herein. Example embodiments of the present disclosure are described below, as illustrated in various drawings in which like reference numerals refer to the same parts throughout the different drawings.
[0040] The ensuing description provides exemplary embodiments only, and is not intended to limit the scope, applicability, or configuration of the disclosure. Rather, the ensuing description of the exemplary embodiments will provide those skilled in the art with an enabling description for implementing an exemplary embodiment. It should be understood that various changes may be made in the function and arrangement of elements without departing from the spirit and scope of the disclosure as set forth.
[0041] Specific details are given in the following description to provide a thorough understanding of the embodiments. However, it will be understood by one of ordinary skill in the art that the embodiments may be practiced without these specific details. For example, circuits, systems, networks, processes, and other components may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail. In other instances, well-known circuits, processes, algorithms, structures, and techniques may be shown without unnecessary detail in order to avoid obscuring the embodiments.
[0042] Also, it is noted that individual embodiments may be described as a process that is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged. A process is terminated when its operations are completed but could have additional steps not included in a figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination can correspond to a return of the function to the calling function or the main function.
[0043] The word “exemplary” and/or “demonstrative” is used herein to mean serving as an example, instance, or illustration. For the avoidance of doubt, the subject matter disclosed herein is not limited by such examples. In addition, any aspect or design described herein as “exemplary” and/or “demonstrative” is not necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques known to those of ordinary skill in the art. Furthermore, to the extent that the terms “includes,” “has,” “contains,” and other similar words are used in either the detailed description or the claims, such terms are intended to be inclusive like the term “comprising” as an open transition word without precluding any additional or other elements.
[0044] Reference throughout this specification to “one embodiment” or “an embodiment” or “an instance” or “one instance” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present disclosure. Thus, the appearances of the phrases “in one embodiment” or “in an embodiment” in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
[0045] The terminology used herein is to describe particular embodiments only and is not intended to be limiting the disclosure. As used herein, the singular forms “a”, “an”, and “the” are intended to include the plural forms as well, unless the context indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term “and/or” includes any combinations of one or more of the associated listed items. It should be noted that the terms “mobile device”, “user equipment”, “user device”, “communication device”, “device” and similar terms are used interchangeably for the purpose of describing the invention. These terms are not intended to limit the scope of the invention or imply any specific functionality or limitations on the described embodiments. The use of these terms is solely for convenience and clarity of description. The invention is not limited to any particular type of device or equipment, and it should be understood that other equivalent terms or variations thereof may be used interchangeably without departing from the scope of the invention as defined herein.
[0046] As used herein, an “electronic device”, or “portable electronic device”, or “user device” or “communication device” or “user equipment” or “device” refers to any electrical, electronic, electromechanical and computing device. The user device is capable of receiving and/or transmitting one or parameters, performing function/s, communicating with other user devices and transmitting data to the other user devices. The user equipment may have a processor, a display, a memory, a battery and an input-means such as a hard keypad and/or a soft keypad. The user equipment may be capable of operating on any radio access technology including but not limited to IP-enabled communication, Zig Bee, Bluetooth, Bluetooth Low Energy, Near Field Communication, Z-Wave, Wi-Fi, Wi-Fi direct, etc. For instance, the user equipment may include, but not limited to, a mobile phone, smartphone, virtual reality (VR) devices, augmented reality (AR) devices, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other device as may be obvious to a person skilled in the art for implementation of the features of the present disclosure.
[0047] Further, the user device may also comprise a “processor” or “processing unit” includes processing unit, wherein processor refers to any logic circuitry for processing instructions. The processor may be a general-purpose processor, a special purpose processor, a conventional processor, a digital signal processor, a plurality of microprocessors, one or more microprocessors in association with a Digital Signal Processor (DSP) core, a controller, a microcontroller, Application Specific Integrated Circuits, Field Programmable Gate Array circuits, any other type of integrated circuits, etc. The processor may perform signal coding data processing, input/output processing, and/or any other functionality that enables the working of the system according to the present disclosure. More specifically, the processor is a hardware processor.
[0048] As portable electronic devices and wireless technologies continue to improve and grow in popularity, the advancing wireless technologies for data transfer are also expected to evolve and replace the older generations of technologies. In the field of wireless data communications, the dynamic advancement of various generations of cellular technology are also seen. The development, in this respect, has been incremental in the order of second generation (2G), third generation (3G), fourth generation (4G), and now fifth generation (5G), and more such generations are expected to continue in the forthcoming time.
[0049] Radio Access Technology (RAT) refers to the technology used by mobile devices/ User Equipment (UE) to connect to a cellular network. It refers to the specific protocol and standards that govern the way devices communicate with base stations, which are responsible for providing the wireless connection. Further, each RAT has its own set of protocols and standards for communication, which define the frequency bands, modulation techniques, and other parameters used for transmitting and receiving data. Examples of RATs include Global System for Mobile Communications (GSM), a Code Division Multiple Access (CDMA), a Universal Mobile Telecommunications System (UMTS), a Long-Term Evolution (LTE), and Fifth Generation (5G) network. The choice of RAT depends on a variety of factors, including the network infrastructure, the available spectrum, and the mobile device's/device's capabilities. Mobile devices often support multiple RATs, allowing them to connect to different types of networks and provide optimal performance based on the available network resources.
[0050] Wireless communication technology has rapidly evolved over the past few decades. The first generation of wireless communication technology was analog, offering only voice services. Further, text messaging and data services became possible when a Second Generation (2G) technology was introduced. Third Generation (3G) technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. A Fourth Generation (4G) technology revolutionized the wireless communication with faster data speeds, improved network coverage, and security. Currently, a Fifth generation (5G) technology is being deployed, offering significantly faster data speeds, lower latency, and the ability to connect many devices simultaneously. These advancements represent a significant leap forward from previous generations, enabling enhanced mobile broadband, improved Internet of Things (IoT) connectivity, and more efficient use of network resources. A Sixth Generation (6G) technology promises to build upon these advancements, pushing the boundaries of wireless communication even further. While the 5G technology is still being rolled out globally, research and development into the 6G are rapidly progressing, with the aim of revolutionizing the way we connect and interact with technology.
[0051] While considerable emphasis has been placed herein on the components and component parts of the preferred embodiments, it will be appreciated that many embodiments can be made and that many changes can be made in the preferred embodiments without departing from the principles of the disclosure. These and other changes in the preferred embodiment as well as other embodiments of the disclosure will be apparent to those skilled in the art from the disclosure herein, whereby it is to be distinctly understood that the foregoing descriptive matter is to be interpreted merely as illustrative of the disclosure and not as a limitation.
[0052] Embodiments herein relate to a method for managing data access for the users in a network is disclosed. In particular, the method includes receiving one or more user credentials associated with a user from a User Equipment (UE). The one or more user credentials includes a username, and a password associated with user. The method includes fetching authorization information associated with the user from a database, based on the one or more user credentials. The method includes validating the one or more user credentials based on the authorization information fetched from the database. In an embodiment, the validation is one of a successful validation and an unsuccessful validation. Upon the successful validation of the one or more user credentials, the method includes determining a set of access parameters associated with the user, The set of access parameters includes at least one of a role of the user and a number of affiliated circles corresponding to the user. Once the set of access parameters are determined, the method further includes granting an access of the data to the user based on the set of access parameters associated with the user.
[0053] Hereinafter, exemplary embodiments of the present disclosure will be described with reference to the accompanying drawings.
[0054] The various embodiments throughout the disclosure will be explained in more detail with reference to FIG. 1- FIG. 6.
[0055] FIG. 1 illustrates an exemplary network architecture 100 for implementing a system 108 for managing data access for users in a network, in accordance with an embodiment of the present disclosure. As illustrated in FIG. 1, the network architecture 100 may include one or more computing devices or UEs 104-1, 104-2…104-N associated with one or more users 102-1, 102-2…102-N in an environment. A person of ordinary skill in the art will understand that one or more users 102-1, 102-2…102-N may be individually referred to as the user 102 and collectively referred to as the users 102. Similarly, a person of ordinary skill in the art will understand that one or more UEs 104-1, 104-2…104-N may be individually referred to as the UE 104 and collectively referred to as the UEs 104. A person of ordinary skill in the art will appreciate that the terms “computing device(s)” and “user equipment” may be used interchangeably throughout the disclosure. Although three UEs 104 are depicted in FIG. 1, however, any number of the UEs 104 may be included without departing from the scope of the ongoing description.
[0056] In an embodiment, the UE 104 may include smart devices operating in a smart environment, for example, an Internet of Things (IoT) system. In such an embodiment, the UE 104 may include, but is not limited to, smart phones, smart watches, smart sensors (e.g., a mechanical sensor, a thermal sensor, an electrical sensor, a magnetic sensor, etc.), networked appliances, networked peripheral devices, networked lighting system, communication devices, networked vehicle accessories, networked vehicular devices, smart accessories, tablets, smart televisions (TVs), computers, smart security systems, smart home systems, other devices for monitoring or interacting with or for the user 102 and/or entities, or any combination thereof. A person of ordinary skill in the art will appreciate that the UE 104 may include, but is not limited to, intelligent, multi-sensing, network-connected devices, that can integrate seamlessly with each other and/or with a central server or a cloud-computing system or any other device that is network-connected.
[0057] In an embodiment, the UE 104 may include, but is not limited to, a handheld wireless communication device (e.g., a mobile phone, a smart phone, a phablet device, and so on), a wearable computer device (e.g., a head-mounted display computer device, a head-mounted camera device, a wristwatch computer device, and so on), a Global Positioning System (GPS) device, a laptop computer, a tablet computer, or another type of portable computer, a media playing device, a portable gaming system, and/or any other type of computer device with wireless communication capabilities, and the like. In an embodiment, the UE 104 may include, but is not limited to, any electrical, electronic, electro-mechanical, or an equipment, or a combination of one or more of the above devices such as virtual reality (VR) devices, augmented reality (AR) devices, a laptop, a general-purpose computer, a desktop, a personal digital assistant, a tablet computer, a mainframe computer, or any other computing device. Further, the UE 104 may include one or more in-built or externally coupled accessories including, but not limited to, a visual aid device such as a camera, an audio aid, a microphone, a keyboard, and input devices for receiving input from the user 102 or an entity such as a touch pad, a touch enabled screen, an electronic pen, and the like. A person of ordinary skill in the art will appreciate that the UE 104 may not be restricted to the mentioned devices and various other devices may be used.
[0058] In FIG. 1, the UE 104 may communicate with the system 108 through the network 106. In particular, the UE 104 may be communicatively coupled with the network 106. The coupling including steps of receiving, by the network 106, a connection request from the UE 104. Upon receiving the connection request, the coupling including steps of sending, by the network 106, an acknowledgment of the connection request to the UE 104. Further, the coupling including steps of transmitting a plurality of signals in response to the connection request. The plurality of signals is responsible for communicating with the system 108 to manage the data access for the users (i.e., the user 102) in the network 106.
[0059] In an embodiment, the network 106 may include at least one of a 4G network, a 5G network, a 6G network, or the like. The network 106 may enable the UE 104 to communicate with other devices in the network architecture 100 and/or with the system 108. The network 106 may include a wireless card or some other transceiver connection to facilitate this communication. In another embodiment, the network 106 may be implemented as, or include any of a variety of different communication technologies such as a wide area network (WAN), a local area network (LAN), a wireless network, a mobile network, a Virtual Private Network (VPN), an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, or some combination thereof. In another embodiment, the network 106 includes, by way of example but not limitation, at least a portion of one or more networks having one or more nodes that transmit, receive, forward, generate, buffer, store, route, switch, process, or a combination thereof, etc. one or more messages, packets, signals, waves, voltage or current levels, some combination thereof, or so forth.
[0060] In another exemplary embodiment, the network architecture 100 may include a centralized server (not shown) may include or comprise, by way of example but not limitation, one or more of: a stand-alone server, a server blade, a server rack, a bank of servers, a server farm, a hardware supporting a part of a cloud service or a system, a home server, a hardware running a virtualized server, one or more processors executing code to function as a server, one or more machines performing server-side functionality as described herein, at least a portion of any of the above, some combination thereof.
[0061] Although FIG. 1 shows exemplary components of the network architecture 100, in other embodiments, the network architecture 100 may include fewer components, different components, differently arranged components, or additional functional components than depicted in FIG. 1. Additionally, or alternatively, one or more components of the network architecture 100 may perform functions described as being performed by one or more other components of the network architecture 100.
[0062] FIG. 2 illustrates an exemplary block diagram 200 of the system 108 configured for managing the data access for the users (e.g., the users 102) in the network 106, in accordance with an embodiment of the disclosure. FIG. 2 is explained in conjunction with FIG. 1.
[0063] In an embodiment, the system 108 may include one or more processor(s) 202 (also referred to as a processor 202). The one or more processor(s) 202 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, logic circuitries, and/or any devices that process data based on operational instructions. Among other capabilities, the one or more processor(s) 202 may be configured to fetch and execute computer-readable instructions stored in a memory 204 of the system 108. The memory 204 may be configured to store one or more computer-readable instructions or routines in a non-transitory computer readable storage medium, which may be fetched and executed to create or share data packets over a network service. The memory 204 may include any non-transitory storage device including, for example, volatile memory such as a Random-Access Memory (RAM), or a non-volatile memory such as an Erasable Programmable Read Only Memory (EPROM), a flash memory, and the like.
[0064] In an embodiment, the system 108 may include an interface(s) 206. The interface(s) 206 may include a variety of interfaces, for example, interfaces for data input and output devices (I/O), storage devices, and the like. The interface(s) 206 may facilitate communication through the system 108. The interface(s) 206 may also provide a communication pathway for one or more components of the system 108. Examples of such components include a database 208, a receiving unit 210, and a validating unit 212. The receiving unit 210 and validating unit 212 may be coupled with the processor 202 to manage the data access for the users in network 106.
[0065] In an embodiment, the receiving unit 210 is configured to receive one or more user credentials associated with a user (e.g., the user 102) from a UE (e.g., the UE 104). The one or more user credentials may be received corresponding to an application. The application may be a web application (or a website) or a mobile application. Examples of the application may include, but are not limited to, an online banking application (also referred to as a mobile banking application), a business application, an e-commerce application, a healthcare management application, a remote work collaboration application, a social media application, an educational applicational application, a government service application, a gaming application, and the like. The one or more user credentials may include a username and a password. The username and password may be assigned to the user during the registration process of the user with the application. Further, to assign the username and password during the registration process, a user profile may be created corresponding to the user. The user profile may be created based on the username and password associated with the user. In particular, in order to create the user profile corresponding to the user, additional information, such as an email address, date of birth, gender, phone number, age, address, etc., may be captured from the user. Further, the user may be requested to provide a username and set the password for future login to the application. Further, upon receiving the one or more user credentials, the receiving unit 210 is configured to transfer the one or more user credentials to the validating unit 212.
[0066] Upon receiving the one or more user credentials from the receiving unit 210, the validating unit 212 is configured to fetch authorization information associated with the user from the database (e.g., the database 208) based on the one or more user credentials. In some embodiment, the database 208 may be a database of a centralized server associated with the application. The authorization information may include one or more user credentials and the additional information associated with the user that was captured while creating the user profile for the user. Further, the validating unit 212 is configured to validate the one or more user credentials based on the authorization information fetched from the database. In other words, the validating unit 212 is configured to match the one or more user credentials with the authorization information associated with the user to verify whether one or more user credentials provided by the user are correct or not. The validation is one of a successful validation and an unsuccessful validation. Further, upon the successful validation, the validating unit 212 is configured to determine a set of access parameters associated with the user. The set of access parameters may include at least one of a role (e.g., a designation) of the user and a number of affiliated circles corresponding to the user. In an embodiment, the number of affiliated circles may be the user based on a User Plane Function (UPF) node. The UPF node is configured to support an assignment of circles to the user by managing user data traffic based on the set of access parameters associated with the user. Once the set of access parameters is determined, the validating unit 212 is configured to grant access to the data to the user. The data may correspond to a set of documents stored within a database on a server, a set of functionalities associated with the application, and the like. The set of access parameters associated with the user can be modified based on an end-user requirement (e.g., an administrator, a manager, etc.). This complete method of managing user data access is further explained in detail in conjunction with FIG. 3 to FIG. 6.
[0067] In an embodiment, the system 108 may include the processor 202 that may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processor 202. In the examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processor 202 may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processor 202 may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the machine-readable storage medium may store instructions that, when executed by the processing resource, implement the processor 202. In such examples, the system 108 may comprise the machine-readable storage medium storing the instructions and the processing resource to execute the instructions, or the machine-readable storage medium may be separate but accessible to the system 108 and the processing resource. In other examples, the processor 202 may be implemented by electronic circuitry.
[0068] In an embodiment, the system 108 may include the database 208 that includes data (e.g., the one or more user credentials, a user profile for a plurality of users, the authorization information associated with the plurality of users, etc.) that may be either stored or generated as a result of functionalities implemented by any of the components of the processor 202.
[0069] FIG. 3 illustrates an exemplary process flow diagram 300 of a method for managing the data access for the users in the network 106, in accordance with an embodiment of the present disclosure. FIG. 3 is explained in conjunction with FIGS. 1 and 2.
[0070] In an example, the system 108 may be implemented as a user plane function (UPF) cluster management and monitoring system. In an aspect, the UPF cluster management and monitoring system includes a plurality of client UPF graphical user interfaces (GUIs), a plurality of UPF nodes, a server, a UPF backend, UPF a database, and a plurality of data plane (DP) servers.
[0071] The plurality of client UPF GUIs may communicate with the plurality of DP servers via the server and the UPF backend. The server may receive DP commands from the plurality of client UPF GUIs. The server may send the received DP commands to the UPF backend. The UPF backend may send the received DP commands to an appropriate DP server from the plurality of DP servers based on a type of DP command. The UPF backend may communicate with the UPF database. The UPF backend may manage and organize server Internet Protocols (IPs). The UPF backend may store the server IPs (or server IP addresses) in the UPF database.
[0072] In FIG. 3, suppose a user may want to access a web application 302. The web application 302, for example, may correspond to a business application associated with an enterprise (or an organization). For example, the web application 302 may be a time-tracking application. In order to enable the user to access the application, a user profile may initially be created for the user. The user profile may be created during the registration process of the user with the web application 302. During the registration process, the user may provide additional information (e.g., the name, date of birth, email address, etc.) and create one or more user credentials corresponding to the web application. The one or more user credentials include the username and the password corresponding to the user for future login in the web application 302. In FIG. 3, the additional information, and the username and the password are represented as user information 304. The additional information, along with the username and the password, may be processed to create the user profile for the user. In other words, a predefined process 306, i.e., the creation of the user profile, may be performed by the system 108. In an embodiment, during the user profile creation, the set of access parameters may be defined for the user. The set of access parameters may include the role assigned to the user within the enterprise, and the number of affiliated circles to the user. Further, the additional information, along with the username and the password, may be stored as authorization information in database 308 (i.e., database 208 associated with system 108). In some embodiments, the database 308 may correspond to the database associated with the centralized server in communication with the system 108.
[0073] In an embodiment, the database 308 may be configured to store a plurality of user profiles of a plurality of users registered with the web application 302 and to store program instructions. In an embodiment, the database 308 is configured to store data associated with the web application. The program instructions include a program that implements a method for managing the data access for the plurality of users in accordance with embodiments of the present disclosure and may implement other embodiments described in this specification.
[0074] Once the user profile is created, when the user attempts to access the web application 302, the user may enter the one or more user credentials, i.e., the username and the password created during the registration process with the web application 302. In some embodiments, the one or more user credentials may include biometric data, such as a fingerprint, face recognition, etc., of the user. The web application 302 may be configured to receive the one or more user credentials associated with the user (e.g., the user 102) from the UE (e.g., the UE 104) associated with the user. In an embodiment, the web application 302 may be installed within the UE of the user. For example, the user may insert the one or more user credentials via an input module of the UE. For example, the input module may be a numeric keypad or a touch panel.
[0075] Upon receiving the one or more user credentials (represented as the user information 304), the predefined process 306 may be performed to provide access to the data to the user based on the one or more user credentials. In this case, the predefined process 306 may include fetching or retrieving the authorization information from the database 308 based on the one or more user credentials. Further, the predefined process 306 includes validating the one or more user credentials based on the authorization information associated with the user. The validation is one of the successful validation and the unsuccessful validation. In an embodiment, if the validation is unsuccessful validation, then the user may be restricted from accessing the data associated with the web application 302. In other words, if the one or more user credentials do not match the stored authorization information, an error message may be generated and displayed to the user via a display screen (or a GUI) of the UE. For example, the error message may include “username does not exist” or “password is wrong”. For example, if the user forgets the username or the password, the user may be redirected to a password reset page by clicking a link, e.g., ‘forget password’ present on a login page of the web application 302. In case of multiple failed login attempts or multiple unsuccessful validation, the user may be blocked from accessing the application for a pre-defined time period (e.g., 3 days).
[0076] In another embodiment, in case of successful validation, the set of access parameters associated with the user may be determined. In other words, a two-step authentication process may be performed for the user before granting the access of the data to the user, upon the successful validation of the one or more access parameters. The two-step authentication process includes a role-based authentication (i.e., a role-based access control) and a circle-based authentication (i.e., a circle-based access control). The role-based authentication may be performed to determine what data associated with the web application 302 should be made accessible to the user based on the role of the user. Further, circle-based authentication may be performed to determine the number of affiliated circles to the user. In an embodiment, the number of affiliated circles is assigned to the user based on the UPF node. Once the set of access parameters corresponding to the user is determined, the user may be granted access to the data based on the set of access parameters.
[0077] In an embodiment, the system 108 may be configured to provide user authentication by employing at least one password-based authentication, role-based authentication, circle-based authentication, or a combination thereof. The system 108 may be configured to confirm the authenticity of the users (or entities) seeking to tap into resources or execute specific functions associated with various applications. The system 108 may be configured to act as a bulwark against identity theft, curtail unwarranted access, and deter potential compromises of classified data or assets associated with the applications. The system 108 may be configured to authorize the user to gain access to the data related to the applications based on their assigned role and affiliated circles. Each user is granted access to the data strictly within their designated circles. For instance, the data accessible to the users in circle 1 might differ and be more restrictive than that of circle 2.
[0078] In an embodiment, role-based authentication specifies that the data access to each user is granted and revoked based on a specific role that is assigned to the user. The specific role may be based on the designation of the user in the organization or the subscription or membership taken by the user for the application. For example, the user may be assigned the role based upon assigned responsibilities or the subscription, and each role has a defined policy that gives one or more authorizations in relation to the data associated with the application, which the user can access.
[0079] In an embodiment, the circle-based authentication allows restriction of access to vital information (or the data) associated with the application. For instance, "circle1" and "circle2" might have different and limited access permissions. The circle-based authentication ensures that users can only view or modify data pertinent to their specific circle. By dynamically allocating access rights based on role and circle affiliation, the system 108 may be configured to introduce an added layer of security, ensuring precision in the authentication and authorization process.
[0080] FIG. 4 illustrates an exemplary flow diagram for a method 400 for managing the data access for the users in the network 106, in accordance with an embodiment of the present disclosure. FIG. 4 is explained in conjunction with FIGS. 1, 2, and 3.
[0081] In order to manage the data access for the user, initially, at step 402, the one or more user credentials associated with the user (e.g., the user 102) may be received from the UE (e.g., the UE 104). The one or more user credentials may be received corresponding to the application. The application may be the web application (or the website) or the mobile application. Examples of the application may include, but are not limited to, the online banking application (also referred to as the mobile banking application), the business application, the e-commerce application, the healthcare management application, the remote work collaboration application, the social media application, the educational applicational application, the government service application, the gaming application, and the like.
[0082] The one or more user credentials may include the username and the password associated with the user. The username and the password may be assigned to the user during the registration process of the user with the application. Further, to assign the username and the password during the registration process, the user profile may be created corresponding to the user. The user profile may be created based on the username and the password along with the additional information associated with the user. In particular, in order to create the user profile corresponding to the user, additional information, such as the name, email address, date of birth, gender, etc., may be captured from the user. Further, the user may be requested to provide a username and set the password for future login to the application. In an embodiment, the user profile corresponding to the user may be created by the end-user (such as the administrator, the IT manager, etc.) during the user’s registration process while onboarding the user. In an embodiment, the user profile may correspond to the plurality of users. Once the user profile is created, the username and the password (in encrypted form), along with the additional information, may be stored in the database (e.g., the database 208) as the authorization information for validating the identity of the user during future login attempts by the user.
[0083] Upon receiving the one or more user credentials, at step 404, the authorization information associated with the user may be retrieved from the database based on the one or more user credentials. The authorization information may include the one or more user credentials and the additional information associated with the user. Further, at step 406, the one or more user credentials may be validated based on the authorization information fetched from the database. The one or more user credentials may be validated to validate the identity of the user. In other words, the one or more user credentials may be matched with the authorization information associated with the user to verify whether the one or more user credentials provided by the user are correct. In an embodiment, the validation is one of the successful validation or the unsuccessful validation.
[0084] In one embodiment, upon the successful validation at step 408, the set of access parameters associated with the user may be determined. The set of access parameters may include at least one of the role (e.g., the designation, the membership, etc.) of the user, and the number of affiliated circles corresponding to the user. A circle refers to a distinct group or a distinct category within the application that defines a set of permissions or access rights for a set of users associated with that circle. The user may belong to multiple circles, each granting different access levels or functionality. In an embodiment, the number of affiliated circles may be assigned to the user based on the UPF node. The UPF node is configured to support an assignment of circles to the user by managing user data traffic based on the set of access parameters associated with the user. In other words, the UPF node manages the number of affiliated circles associated with the user, controlling the access permissions for the user within the application according to the role of the user and the number of affiliated circles to which the user belongs. The UPF node is a critical component in a 5G network architecture responsible for handling user data traffic. The UPF node manages routing, forwarding, and processing of user data packets between the UE and external networks (e.g., the network 106). The UPF node also supports traffic management, Quality of Service (QoS) enforcement, and policy control. It can integrate with other network functions (e.g., a Session Management Function (SMF), an Access and Mobility Management Function (AMF)) to support the dynamic assignment of network resources and access parameters.
[0085] Once the set of access parameters is determined, at step 410, the user may be granted access to the data based on the determined set of access parameters. The data may correspond to the set of documents stored within the database of the server, the set of functionalities associated with the application, and the like. For example, when the application is a business application (e.g., a project management platform). In this case, a user in a manager role may be assigned a circle with higher data traffic. Further, the user in the manager role may be able to access various data associated with the project management platform. For example, the user at the manager role may be able to access all projects received for a client, projects allocated to various team members, etc. Further, using the project management platform, the user in the manager role may be able to perform multiple functionalities, such as allocation or re-allocation of a project to a team member, addition of documents related to new projects, setting a start date and an end date for the project, viewing user profiles of the team members working under him, and the like. In contrast, a user in a team member role may be assigned a circle with lower data traffic. In this case, the user in the team member role may be able to access a limited amount of data as was accessible by the user in the manager role. For example, the user in the team member role may be able to access documents of projects allocated to him. Further, using the project management platform, the user in the team member role may be able to perform limited functionalities, such as viewing the status of the projects allocated to him, updating the status of the allocated projects, viewing his user profile, updating information associated with his profile, etc.
[0086] In an embodiment, the access permission for each user can be modified based on the end-user requirement. In an example, the end-user may be the administrator or the IT manager. For example, when a team member is promoted to a senior level role, then the end-user may modify the access permission of the data based on a current role, i.e., the senior level role assigned to the team member along with the number of affiliated circles allocated to the team member. In another embodiment, upon the unsuccessful validation of the one or more user credentials, the user may be restricted from accessing the data. In some embodiments, in case of unsuccessful validation, the user may be redirected to a login page of the application to retry login using the one or more user credentials.
[0087] FIG. 5 illustrates an exemplary detailed flow diagram depicting a method 500 for managing the data access for the users in the network 106, in accordance with an embodiment of the present disclosure. FIG. 5 is explained in conjunction with FIGS. 1, 2, 3, and 4.
[0088] At step 502, the end-user, e.g., the administrator (also referred to as the admin), may be configured to create the plurality of user profiles for the plurality of users during the registration process. For example, the administrator may request additional information from the user during the creation of the user profile. For example, the additional information may include the name, date of birth, place of birth, email address, phone number, gender, age, address, department of the user in which he is working, the number of additional details corresponding to security questions, and so on. Further, when creating the user profile, the user may generate the one or more user credentials, i.e., the username and the password. In an example, the user may raise a request for creating the user profile. In another example, an authorized person (e.g., the manager) may raise a request for creating the user profile by providing the additional information of the user. In such a scenario, the username and the password may be communicated to the user. Further, the user may be able to change the username and the password based on his requirements while accessing the user profile. In an example, the administrator may create the user profile by logging into a backend with the one or more user credentials and the additional information associated with each user. In addition to creating the user profile, the administrator may define the set of access parameters (i.e., the role of the user and the number of affiliated circles corresponding to the user) for the user.
[0089] At step 504, the administrator may be configured to set a plurality of access functionalities based on the set of access parameters corresponding to each user profile. For example, the plurality of functionalities may include a type of access to the data (e.g., limited access, full access, access based on hours, etc.), a list of documents accessible to the user, a list of restricted documents, etc. Further, at step 506, the administrator may be configured to send the created user profiles towards the backend (may be the UPF backend). In an example, the backend is the server-side of the application. The backend stores and arranges data corresponding to the application. In an example, the backend may store the received user profiles in the database associated with the centralized server integrating the application. The application may be a web application or a mobile application.
[0090] At step 508, the user may log in to the application using the one or more user credentials generated during the registration process. In an example, when the user wants to access the data associated with the application, the user may enter the one or more user credentials. The one or more user credentials may include the username and the password. In an embodiment, the one or more user credentials may include the biometric data, e.g., the fingerprint or the face recognition, of the user. In an example, the user may insert the one or more user credentials via the input module associated with the UE. For example, the input module may be the numeric keypad, the touch panel, the camera, etc.
[0091] Upon receiving the one or more user credentials, at step 510, the one or more user credentials may be authenticated. In order to authenticate the one or more user credentials, the authorization information associated with the user may be retrieved from the database based on the one or more user credentials. Further, the one or more user credentials may be validated based on the authorization information fetched from the database. The one or more user credentials may be validated to validate the identity of the user. In other words, the one or more user credentials may be matched with the authorization information associated with the user to verify whether the one or more user credentials provided by the user are correct or not. In an embodiment, the validation is one of the successful validation or the unsuccessful validation.
[0092] In one embodiment, upon the successful validation, at step 512, the set of access parameters associated with the user may be determined. The set of access parameters may include at least one of the role (e.g., the designation or the membership) of the user and the number of affiliated circles corresponding to the user. In an embodiment, the number of affiliated circles may be assigned to the user based on the UPF node. The UPF node is configured to support the assignment of circles to the user by managing user data traffic based on the set of access parameters associated with the user. Once the set of access parameters is determined, access to the data may be granted to the user based on the determined set of access parameters. The data may correspond to the set of documents stored within the database of the server, the set of functionalities associated with the application, and the like. For example, suppose the application is a streaming media application. In this case, a user with a higher content subscription (or membership) may be assigned a circle with higher data traffic. In this case, the user may be able to access full media content offered by the streaming media application.
[0093] In another embodiment, upon the unsuccessful validation of the one or more user credentials, the user may be restricted from accessing the data. In some embodiments, in case of the unsuccessful validation, the user may be redirected to the login page of the application to retry login using the one or more user credentials. In an example, the error message may be displayed to the user on the display screen associated with the UE. For example, the error message may include “username does not exist” or “password is wrong”. Further, the steps 510 and 512 may be re-executed. In an embodiment, the end-user (e.g., the administrator) may be able to modify the access permission of the data corresponding to the user based on the end-user requirement. The end-user may be able to modify the access permission by modifying the set of access parameters associated with the user. For example, when the role of the user is changed, then the end-user may update an existing role of the user with a new role assigned to the user along with the number of affiliated circles assigned to the user. Further, based on the changes in the set of access parameters, the access permission for the user may be changed.
[0094] FIG. 6 illustrates an exemplary computer system 600 in which or with which embodiments of the present disclosure may be implemented. As shown in FIG. 6, the computer system 600 may include an external storage device 610, a bus 620, a main memory 630, a read-only memory 640, a mass storage device 650, communication port(s) 660, and a processor 670. A person skilled in the art will appreciate that the computer system 600 may include more than one processor and communication ports. The processor 670 may include various modules associated with embodiments of the present disclosure. The communication port(s) 660 may be any of an RS-232 port for use with a modem-based dialup connection, a 10/100 Ethernet port, a Gigabit or 10 Gigabit port using copper or fiber, a serial port, a parallel port, or other existing or future ports. The communication port(s) 660 may be chosen depending on a network, such a Local Area Network (LAN), Wide Area Network (WAN), or any network to which the computer system 600 connects.
[0095] The main memory 630 may be Random-Access Memory (RAM), or any other dynamic storage device commonly known in the art. The read-only memory 640 may be any static storage device(s) e.g., but not limited to, a Programmable Read Only Memory (PROM) chips for storing static information e.g., start-up or Basic Input/Output System (BIOS) instructions for the processor 670. The mass storage device 650 may be any current or future mass storage solution, which can be used to store information and/or instructions. The mass storage device 650 includes, but is not limited to, Parallel Advanced Technology Attachment (PATA) or Serial Advanced Technology Attachment (SATA) hard disk drives or solid-state drives (internal or external, e.g., having Universal Serial Bus (USB) and/or Firewire interfaces), one or more optical discs, a Redundant Array of Independent Disks (RAID) storage, e.g. an array of disks.
[0096] The bus 620 communicatively couples the processor 670 with the other memory, storage, and communication blocks. The bus 620 may be, e.g. a Peripheral Component Interconnect (PCI)/PCI Extended (PCI-X) bus, Small Computer System Interface (SCSI), Universal Serial Bus (USB), or the like, for connecting expansion cards, drives, and other subsystems as well as other buses, such a front side bus (FSB), which connects the processor 670 to the computer system 600.
[0097] Optionally, operator and administrative interfaces, e.g. a display, keyboard, joystick, and a cursor control device, may also be coupled to the bus 620 to support direct operator interaction with the computer system 600. Other operator and administrative interfaces can be provided through network connections connected through the communication port(s) 660. Components described above are meant only to exemplify various possibilities. In no way should the aforementioned exemplary computer system 600 limit the scope of the present disclosure.
[0098] While the foregoing describes various embodiments of the invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof. The scope of the invention is determined by the claims that follow. The invention is not limited to the described embodiments, versions or examples, which are included to enable a person having ordinary skill in the art to make and use the invention when combined with information and knowledge available to the person having ordinary skill in the art.
[0099] The method and system of the present disclosure may be implemented in a number of ways. For example, the methods and systems of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
[00100] While considerable emphasis has been placed herein on the preferred embodiments, it will be appreciated that many embodiments can be made and that many changes can be made in the preferred embodiments without departing from the principles of the disclosure. These and other changes in the preferred embodiments of the disclosure will be apparent to those skilled in the art from the disclosure herein, whereby it is to be distinctly understood that the foregoing descriptive matter is to be implemented merely as illustrative of the disclosure and not as a limitation.
[00101] The present disclosure provides technical advancement related to managing data access for users in the network. This advancement addresses the limitations of existing solutions by facilitating the implementation of a two-factor security mechanism. Integrating the two-factor security mechanism provides a user with an additional layer of authentication. The present disclosure supports role-based access control and a circle-based access control for the users to provide data access to users based on a role and the number of circles assigned to each user. The present disclosure also provides enhanced security and meticulous control over information dissemination among the users through a robust multilayered protection mechanism (i.e., the two-factor security mechanism).
ADVANTAGES OF THE PRESENT DISCLOSURE
[00102] The present disclosure provides a method and a system for managing data access for users in a network to maintain data integrity and confidentiality.
[00103] The present disclosure employs a two-factor security mechanism (also referred to as a two-step protection or a dual factor protection). Integrating the two-factor security mechanism provides a user with an additional layer of authentication.
[00104] The present disclosure supports role-based access control and a circle-based access control for the users to provide data access to the users based on a role and the number of affiliated circles associated with each user.
[00105] The present disclosure provides enhanced security and meticulous control over information dissemination among the users through a robust multilayered protection mechanism (i.e., the two-factor security mechanism).
[00106] The present disclosure provides a universally applicable technique across various systems and industries. It adapts to various organizational needs, from corporate environments to educational institutions.
[00107] The present disclosure provides a method and a system that supports a user-centric design. The user centric design ensures security measures do not compromise user experience, making it easier for the users to comply with security protocols.
[00108] The present disclosure provides a method and a system that is cost-efficient compared to existing high-security measures that require extensive hardware and infrastructure.
,CLAIMS:CLAIMS
We claim:
1. A method (400) for managing data access for users in a network, the method (400) comprising:
receiving (402), by a processor (202), one or more user credentials associated with a user (102) from a User Equipment (UE) (104);
fetching (404), by the processor (202), authorization information associated with the user (102) from a database (208), based on the one or more user credentials;
validating (406), by the processor (202), the one or more user credentials based on the authorization information fetched from the database (208), wherein the validation is one of a successful validation and an unsuccessful validation;
upon the successful validation of the one or more user credentials, determining (408), by the processor (202), a set of access parameters associated with the user (102), wherein the set of access parameters comprises at least one of a role of the user (102) and a number of affiliated circles corresponding to the user (102); and
granting (410), by the processor (202), an access of the data to the user (102) based on the set of access parameters associated with the user (102).

2. The method (400) as claimed in claim 1, further comprising:
creating, by the processor (202), a user profile for the user (102) based on the one or more user credentials associated with the user (102), wherein the one or more user credentials include a username, and a password associated with the user (102).

3. The method (400) as claimed in claim 1, wherein the number of affiliated circles is assigned to the user (102) based on a User Plane Function (UPF) node.

4. The method (400) as claimed in claim 1, further comprising:
modifying, by the processor (202), an access permission of the data corresponding to the user (102) based on an end-user requirement.

5. The method (400) as claimed in claim 1, further comprising:
upon the unsuccessful validation of the one or more user credentials, restricting, by the processor (202), the user (102) from accessing the data.

6. A system (108) for managing data access for users in a network, the system (108) is configured to:
a memory (204); and
a processor (202) coupled to the memory (204), configured to:
receive (402) one or more user credentials associated with a user (102) from a User Equipment (UE) (104);
fetch (404) authorization information associated with the user (102) from a database (208) based on the one or more user credentials;
validate (406) the one or more user credentials based on the authorization information fetched from the database (208), wherein the validation in one of a successful validation and an unsuccessful validation;
upon the successful validation of the one or more user credentials, determine (408) a set of access parameters associated with the user (102), wherein the set of access parameters comprises at least one of a role of the user (102) and a number of affiliated circles corresponding to the user (102); and
grant (410) access of the data to the user (102) based on the set of access parameters associated with the user (102).

7. The system (108) claimed as in claim 6, wherein the processor (202) is further configured to create a user profile for the user (102) based on the one or more user credentials, wherein the one or more user credentials include a username, and a password associated with the user (102).

8. The system (108) claimed as in claim 6, wherein the number of affiliated circles is assigned to the user (102) based on a User Plane Function (UPF) node.

9. The system (108) claimed as in claim 6, wherein the processor (202) is further configured to:
modify an access permission of the data corresponding to the user (102) based on an end-user requirement.

10. The system (108) claimed as in claim 6, wherein the processor (202) is further configured to:
upon the unsuccessful validation of the one or more user credentials, restrict the user (102) from accessing the data.

11. A user equipment (UE) (104) communicatively coupled with a network (106), the coupling comprises steps of:
receiving, by the network (106), a connection request from the UE (104);
sending, by the network (106), an acknowledgment of the connection request to the UE (104); and
transmitting a plurality of signals in response to the connection request, wherein based on the connection request, data access for a user (102) in a network is managed by the method (400) as claimed in claim 1.