Method and system for optimal selection of targets based on business rules and resource availability

A method and system for solving a problem construct. The problem construct includes an input set of targets that may satisfy a request based on at least one rule. The method and system specifies the problem construct, recasts the problem construct as at least one of a set cover problem and an integer program and approximately solves the at least one set cover problem and the integer program.


One application for an exemplary embodiment of the present invention chooses one or more targets for a request for computer application access. In this embodiment, a user may enter the names of applications and choose ranges of data for which they request access. For example, a range may specify certain countries, certain geographies, and/or certain divisions. An aspect of the invention is to determine a set of targets that may authorize this request before access is granted.

FIG. 3 illustrates the operation of an exemplary system 300 in accordance with the present invention. The system 300 includes a user terminal 302, an application 304, a target selector 306, a database 308, a plurality of targets 310, and a set 314 of rules and data related to the targets 310. The system 300 starts operation by a user terminal 302 sending a request to access and/or process at least a portion of the data in the database 308 using the application 304.

For example, a user (not shown) may operate the user terminal 302 to send a request to access checking accounts in the state of Texas using a financial reporting system (application 304). The database 308 may include financial data and a portion of that data may be relevant to checking accounts in the state of Texas.

As explained above, it may be desirable to control access to such financial data to avoid invasion and/or breach of privacy rights.

Thus, before the application 304 permits the user at the user terminal 302 to access the requested data, the application must determine whether the user is authorized to access the requested data. Authorization may only be granted by one or more of the targets 312 of the plurality of targets 310. Each of the targets 312 corresponding to an entity which is authorized to review and then either approve or reject requests to access the data in the database 308.

However, as explained above, there may be a plurality of targets 312 who have the capability of reviewing the request and it is desirable to identify the target 312 which is best for the requested access.

Therefore, the application 304 forwards the details of the request to the target selector 306 of the present invention. The target selector 306 obtains the rules for each target 312 of the plurality of targets 310. For example, the target selector 306 may receive a rule “Texas” for a target “Target A,” a rule “United States” for “Target B,” a rule “Europe” for “Target C,” et. seq.

The target selector 306 receives the rules for each of the plurality of targets 310 and uses a set cover algorithm to identify at least one of the plurality of targets 310, which covers the request slice. For example, the target selector 306 may use a set cover algorithm which identifies “Target A” as a target which covers the request slice “Texas” and “checking” because the rule for “Target A” is “Texas.”

The target selector 306 then provides the identity of “Target A” to the application 304, with which the application may communicate directly with “Target A” to obtain approval or denial of access to the requested data. The application 304 may then inform the user terminal 302 of the decision made by the target.

While the system 300 of FIG. 3 illustrates only a single application, an exemplary embodiment of the present invention may communicate with any number of applications, any number of different databases 308, and any number of different types of targets 312 and still practice the invention.

Further, while the system 300 of FIG. 3 illustrates that the application 304 forwards a request slice to the target selector 306, those of ordinary skill in the art understand that the target selector of the present invention may communicate directly with the user terminal and/or user and still practice the invention.

Further, while the system 300 of FIG. 3 illustrates that the application 304 forwards a single request slice to the target selector 306, those of ordinary skill in the art understand that an exemplary embodiment of the invention allows the application 304 to send multiple slices in one request and considers the plurality of slices when choosing one target 312 or a plurality of targets.

FIG. 4 illustrates a flowchart 400 in accordance with an exemplary method of the present invention. The flowchart 400 starts at 402 and continues to step 404, where the target selector 304 receives a request to access data. The flowchart 400 continues to step 406, where the target selector 304 receives data regarding targets from the database 308, rules associated with those targets, and data associated with the targets from the database 314 and continues to step 408. In step 408, the target selector 306 receives an objective function and continues to step 410.

In step 410, the target selector 304 identifies at least one target based upon the request, the targets and target rules, and the objective function using a set cover algorithm and continues to step 412. In step 412, the target selector 304 outputs the identified target and continues to step 414 where the flowchart ends.

The requests that are submitted to an exemplary embodiment of this invention might be generated using an input form (not shown). Such an input form could contain field names and field values. For example, an input field name could be “state” and input form values for State could include “Texas”, “California”, and “Florida”. For a given set of input form field names and values, there may be a field-space, where each field name is a dimension and each point in the space contains a value for each field.

A field name may inherit from one other field name. However, the chain of inheritance for the field names may not be circular. If a field name is inherited, then each value of the field must be inherited from exactly one value from a parent field.

A slice in this field value space may include a set where there are values for some of the field values and wild cards for other field values, subject to the constraint that for each field-name value pair in the slice, ancestor fields may only contain ancestor field values.

In accordance with an exemplary embodiment of the present invention, a field name may be “state” and field values may include, for example, “Oklahoma,” “Texas,” “New Mexico,” and the like. A parent field value for these field values may be “United States” and the field name corresponding to the value “United States” may be “country” Another field name may be “bank accounts” and field values may include, for example “savings,” “checking,” “money market” and the like. A field name for these field values may be “bank account.”

A slice across such a field space may be “all points such that for field name ‘state’ the field value is Texas and for the field name country the field value is ‘United States.’” In this representation of the slice, the allowable field values for field name “bank account” are implicit. Another representation would state that the slice is “all points such that for field name ‘state’ the field value is Texas and for field name ‘country’ the field value is ‘United States’ and for field name ‘bank account’ the field value is a wild card.” (This uses the standard notion of a wild card matching any allowable value.). These two representations are the same except that the wild cards are explicit in one and implicit in the other.

A request may have an identifier and a set of slices. For example, a request for the above field space may be, for example, “Texas” and “checking.” More formally, this could be represented by “for field name ‘state’, field value is ‘Texas’; and for field name ‘bank account’, field value is ‘checking.’” This is not necessary in this exemplary embodiment because each field value is associated with only one field name.

A target may be identified by a unique identifier. A rule may be a slice and a target. For example, a rule may be, for example, “Texas” and “Target A” which indicates that the target identified by “Target A” has the authority to approve or reject requests for access to any data having the field value “Texas.” A rule may cover a request slice if, for each field, the value in the rule is not a wild card and the value in the rule is the same as the value in the request slice. There may be a plurality of rules for each target. A target may cover a request slice if one of the rules for that target covers the request slice. A solution to the request may be a target. Since, the rule “Texas” and “Target A” covers the request slice “Texas” and “checking” for this example, then the target identified by “Target A” covers the request slice and a solution to the set cover problem is “Target A.” Using this, it is possible to define “satisfy”: a target satisfies a request slice if and only if the target covers the request slice.

One exemplary embodiment of the present invention provides a method related to computer application input processing. The method includes reading in a set of field names, reading in a set of field values for each field name, reading in targets and rules, reading an objective function on the targets and data that is used in the objective function, reading a request, and finding a solution that approximately optimizes the objective function and covers an optimal number of request slices.

An exemplary embodiment of the present invention may read specifications of the resources of targets, read in capacities of the resource of each target, read in data and a calculation that is used to compute the resources required for each slice in the request, and find a solution that approximately optimizes an objective function and which covers an optimum number of request slices while respecting the resource capacities of the targets and the resource requirements of the request.

An exemplary embodiment of the present invention may read in a set of field names, read in a set of field values for each field name, read in targets and rules, read in weights for the targets, use a predefined objective function that finds a low value for the sum of the weights of the targets, and find a solution that approximately optimizes the objective function and covers an optimal number of request slices.

An exemplary embodiment of the present invention may be used to satisfy a request to identify one or more targets using rules having the following form:

  If value(FieldName[1]) == Value[1] & value(FieldName[2]) ==

Value[2] & . . . & value(FieldName[N]) == Value[N] then the

target is T.


Value[i] may be an actual allowable value for FieldName[i] or a wild card.

A problem construct is a complete specification of the problem to be solved. It may have a limited or an unlimited number of rules of this form and a list of the targets along with an objective function and optionally a list of rules that specify inheritance between the field names and values. It also contains the request, which may have zero or more slices.

In one exemplary embodiment of the invention, weights can be used to automatically construct an objective function. A variant of the problem construct does not have an objective function but has data that is used to automatically construct an objective function.

A problem construct also admits types of rules that are different from the rules described above. Any function that determines whether a target is allowed to cover a slice can be used as a rule.

For example, a problem construct for a teller in a bank who requests access to an application and a database for the application may look like this:

    • Request: <Field Name: Country, Field Value: United States>,
    • Rules: if Field Name==Country and Field Value==United States then Target=Joe; if Field Name==Country and Field Value=Canada then Target=Jane.
    • Weights: weight[Joe]=5, weight[Jane]=7.

Each request would include a set of field names and values. Then based on that request, a set cover algorithm finds one or more targets to satisfy that request.

An exemplary embodiment of the present invention may take a virtually unlimited number of rules of this form and find the optimal set of targets for a request.

An exemplary embodiment of the present invention may also take into account factors such as target workload and resource availability.

An exemplary embodiment of the present invention may provide an automated method of finding approvers for authorization requests without hard coding rules, field names, field values, and objective functions.

An exemplary embodiment of the present invention may be used for privacy protection and/or for Sarbanes—Oxley compliance. In this manner, an exemplary embodiment may protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws of the United States of America.

An exemplary description of how a set cover problem may be formulated in accordance with the present invention follows.

As explained above, a rule may be a set of slices that provide attributes and values for those attributes, although some of those values may be wild cards. For example, a rule may state: North American geography and a model number of a machine.

Rules are owned by targets. In an exemplary embodiment, the rules are owned by approvers and are used by the approvers to review and/or approve requests.

In accordance with an exemplary embodiment of the present invention, each request slice is matched with a target that owns a rule that can approve that slice.

A rule may be exactly the same as a request or it may be something more general. More general means that, for every attribute value in a request, the target has a rule which either has that attribute value or has something more general. Something general might mean, for example, geography that includes a country, or it may be the most general where it is a wild card.

In accordance with an exemplary embodiment of the present invention, a target set which covers a request may be determined by solving the following:














T is a set of targets;

T is a target;

S is a set of slices associated with a request.

S is a request slice;

T  S denotes that target T covers request slice S.

For TεT, let x(T) be a 0/1 variable indicating whether or not target T is selected in the solution. Let x denote the vector of x(T).

For SεS, let z(S) be a 0/1 variable indicating whether or not request slice S is selected in the solution.

Let f: {0,1}T  R denote the objective function that is approximately minimized in accordance with an exemplary embodiment of the present invention. Where R is a set of rules, an element for R is R=(U,T), U is a slice, and T is a target.

For TεT and SεS such that T covers S, let y(T,S) be a 0/1 variable indicating whether or not target T is assigned to request slice S in the solution.

An exemplary embodiment of the present invention may determine targets for a request slice where the resources are constrained. This exemplary embodiment ensures that the request will not exceed the resources that are available to a particular target by solving:























M is a set of resources;

b(M,T) is an endowment of resources for target T;

a(M,S) is the amount of resources required by a request slice S; and

y(T,S) is defined above.

An endowment of resources for a target may include, for example, time, budgeted dollars, and the like.

An exemplary embodiment of the present invention identifies an optimal set of targets covering the request using an Integer Linear Programming (ILP) problem.

An exemplary embodiment of the present invention identifies the maximum number of slices that can be covered by optimizing the following objective function:








subject to the constraints (1) and (2) above and the following additional constarints:































Let z* be the objective value of this solution.

Next, choose a coverage proportion τ such that 0<τ≦1. τ is a user-specified proportion of the maximum-number of slices that are required to be covered. For example, if it is calculated that z*=15 slices can be covered and the coverage proportion is 0.8, then there is a desire to minimize cost over solutions that have at least 12 slices covered. If it is desired to cover as many request slices as possible, then the coverage proportion should be set to 1.0. Coverage proportions should be chosen based on business considerations. Factors that are relevant include the cost of not covering a slice.

Find an approximately optimal solution to the Integer Non-Linear Programming (INLP) problem comprising:

min f(x).   (6)









and equations (1), (2), (4) and (5) set forth above.

The solution of equation (6) identifies selected targets, covered request slices, and an assignment of covered slices to selected slices respecting the rules and resource limitations.

Another exemplary embodiment of the present invention is capable of accounting for priorities of various targets by assigning a weight to each target. For example, in the banking example set forth above, an approver that is at a higher level of management within the bank hierarchy may be assigned a higher weight than an approver who is at a lower level of management.

In this embodiment, the process proceeds as described above, except, rather than optimizing formula (6), the following formula (8) is optimized:











w is the weight assigned to a target.

Yet another embodiment of the present invention identifies targets that cover request slices without regard to resource constraints. In this embodiment, for all request slices S that cannot be covered by some target in T, fix z(S)=0 for all other request slices, fix z(S)=1.

This embodiment then optimizes the formula (8), subject to the constraints (1), as a set cover problem with a linear objective. Finding a good or optimal solution identifies selected targets.

While the invention has been described in terms of several exemplary embodiments, those skilled in the art will recognize that the invention can be practiced with modification.

While the application discusses approximately solving a set cover problem or an integer program, one of ordinary skill in the art understands that approximately solving covers exactly solving.

While the exemplary embodiments described above refer to an input set of targets, it is to be understood that the claims of the present invention cover an input set having no targets, one target, or a plurality of targets, whether they cover a request or not. Further, the present invention includes a problem construct having a request that is based on one rule or a plurality of rules.

While the previous exemplary embodiments refer to “business rules” it is to be understood that this term is used in a general sense as understood by those of ordinary skill in the information technology arts. The present invention is not limited to application to businesses. Rather, the present invention may be applied in any domain that has rules, regardless of whether that domain is a business domain or not.

Further, it is noted that, Applicant's intent is to encompass equivalents of all claim elements, even if amended later during prosecution.

