System and method for injecting a tag into a computing resource

US 10,659,451 B2
Filed: 07/18/2017
Issued: 05/19/2020
Est. Priority Date: 07/18/2017
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

an interface operable to receive requests from a network; and

processing circuitry operable to;

assign a first tag onto a first portion of a computing resource, wherein assigning the first tag onto the first portion of the computing resource comprises;

generating a first token based on a tokenized identifier for an institution; and

encrypting the first portion of the computing resource using the first token, wherein;

the first token is associated with the first tag;

the first token is required to access the first portion of the computing resource; and

the first token is associated with a first user and a second user;

receive a tagging request from the first user;

inject a second tag into a second portion of the computing resource in response to the tagging request, wherein injecting the second tag onto the second portion of the computing resource comprises;

generating a second token based on the tokenized identifier for the institution and a tokenized identifier for the first user; and

encrypting the second portion of the computing resource with the second token, wherein;

the second token is associated with the second tag;

the second token is required to access the second portion of the computing resource; and

the second tag restricts access to the second portion of the computing resource for the second user;

receive a request to access the computing resource;

determine whether the request to access the computing resource includes the first token, the second token, or both; and

control access to the first portion of the computing resource and the second portion of the computing resource based on whether the request comprises the first token, the second token, or both.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In certain embodiments, a system determines to assign a computing resource to one or more users that are affiliated with an institution. The system pre-injects a first tag into a first portion of the computing resource and then assigns the computing resource to the one or more users. The first tag is associated with the institution and requires a first token to access the first portion of the computing resource. The system mid-process or post injects a second tag into a second portion of the computing resource. The second tag is associated with one of the users and requires a second token to access the second portion of the computing resource. The system controls access to the first and second portions of the computing resource based on whether subsequent requests to access the computing resource comprise the first token, the second token, or both.

30 Citations

View as Search Results

17 Claims

1. A system, comprising:
- an interface operable to receive requests from a network; and
  
  processing circuitry operable to;
  
  assign a first tag onto a first portion of a computing resource, wherein assigning the first tag onto the first portion of the computing resource comprises;
  
  generating a first token based on a tokenized identifier for an institution; and
  
  encrypting the first portion of the computing resource using the first token, wherein;
  
  the first token is associated with the first tag;
  
  the first token is required to access the first portion of the computing resource; and
  
  the first token is associated with a first user and a second user;
  
  receive a tagging request from the first user;
  
  inject a second tag into a second portion of the computing resource in response to the tagging request, wherein injecting the second tag onto the second portion of the computing resource comprises;
  
  generating a second token based on the tokenized identifier for the institution and a tokenized identifier for the first user; and
  
  encrypting the second portion of the computing resource with the second token, wherein;
  
  the second token is associated with the second tag;
  
  the second token is required to access the second portion of the computing resource; and
  
  the second tag restricts access to the second portion of the computing resource for the second user;
  
  receive a request to access the computing resource;
  
  determine whether the request to access the computing resource includes the first token, the second token, or both; and
  
  control access to the first portion of the computing resource and the second portion of the computing resource based on whether the request comprises the first token, the second token, or both.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the first user and the second user are affiliated with an institution.
  - 3. The system of claim 1, wherein to inject the second tag into the second portion of the computing resource, the processing circuitry is operable to post-inject the second tag.
  - 4. The system of claim 1, wherein to inject the second tag into the second portion of the computing resource, the processing circuitry is operable to mid-process inject the second tag.
  - 5. The system of claim 1, wherein to control access to the first portion of the computing resource, the processing circuitry is operable to limit access to requests that do not include the first token.
  - 6. The system of claim 1, wherein the first portion of the computing resource contains the second portion of the computing resource, and wherein to control access to the second portion of the computing resource, the processing circuitry is operable to limit access to requests that do not include both the first token and the second token.
  - 7. The system of claim 1, wherein to control access, the processing circuitry is operable to determine security and/or audit requirements based on whether the request comprises the first token, the second token, or both.
  - 8. The system of claim 1, wherein the computing resource comprises one or more of a cloud object, an application, a processor, a memory, an interface, data, a hardware resource, and/or a software resource.

9. A method, comprising:
- assigning, by a management system, a first tag onto a first portion of a computing resource, wherein assigning the first tag onto the first portion of the computing resource comprises;
  
  generating a first token based on a tokenized identifier for an institution; and
  
  encrypting the first portion of the computing resource using the first token, wherein;
  
  the first token is associated with the first tag;
  
  the first token is required to access the first portion of the computing resource; and
  
  the first token is associated with a first user and a second user;
  
  receiving, by the management system, a tagging request from the first user;
  
  injecting, by the management system, a second tag into a second portion of the computing resource in response to the tagging request, wherein injecting the second tag onto the second portion of the computing resource comprises;
  
  generating a second token based on the tokenized identifier for the institution and a tokenized identifier for the first user; and
  
  encrypting the second portion of the computing resource with the second token, wherein;
  
  the second token associated with the second tag;
  
  the second token is required to access the second portion of the computing resource; and
  
  the second tag restricts access to the second portion of the computing resource for the second user;
  
  receiving, by the management system, a request to access the computing resource;
  
  determining, by the management system, whether the request to access the computing resource includes the first token, the second token, or both; and
  
  controlling, by the management system, access to the first portion of the computing resource and the second portion of the computing resource based on whether the request comprises the first token, the second token, or both.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein:
    - the first user and the second user are affiliated with an institution.
  - 11. The method of claim 9, wherein injecting the second tag into the second portion of the computing resource comprises post-injecting the second tag.
  - 12. The method of claim 9, wherein injecting the second tag into the second portion of the computing resource comprises inter-injecting the second tag.
  - 13. The method of claim 9, wherein controlling access to the first portion of the computing resource comprises limiting access to requests that do not include the first token.
  - 14. The method of claim 9, wherein the first portion of the computing resource contains the second portion of the computing resource, and wherein controlling access to the second portion of the computing resource comprises limiting access to requests that do not include both the first token and the second token.
  - 15. The method of claim 9, wherein controlling access comprises determining security and/or audit requirements based on whether the request comprises the first token, the second token, or both.

16. A non-transitory computer readable medium comprising logic that, when executed by processing circuitry, is operable to:
- assign a first tag onto a first portion of a computing resource, wherein assigning the first tag onto the first portion of the computing resource comprises;
  
  generating a first token based on a tokenized identifier for an institution; and
  
  encrypting the first portion of the computing resource using the first token, wherein;
  
  the first token associated with the first tag;
  
  the first token is required to access the first portion of the computing resource; and
  
  the first token is associated with a first user and a second user;
  
  receive a tagging request from the first user;
  
  inject a second tag into a second portion of the computing resource in response to the tagging request, wherein injecting the second tag onto the second portion of the computing resource comprises;
  
  generating a second token based on the tokenized identifier for the institution and a tokenized identifier for the first user; and
  
  encrypting the second portion of the computing resource with the second token, wherein;
  
  the second token associated with the second tag;
  
  the second token is required to access the second portion of the computing resource; and
  
  the second tag restricts access to the second portion of the computing resource for the second user;
  
  receive a request to access the computing resource;
  
  determine whether the request to access the computing resource includes the first token, the second token, or both; and
  
  control access to the first portion of the computing resource and the second portion of the computing resource based on whether the request comprises the first token, the second token, or both.
- View Dependent Claims (17)
- - 17. The non-transitory computer readable medium of claim 16, wherein:
    - the first user and the second user are affiliated with an institution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Kurian, Manu J.
Primary Examiner(s)
Le, Chau
Assistant Examiner(s)
Gadalla, Hany S.

Application Number

US15/652,614
Publication Number

US 20190028456A1
Time in Patent Office

1,036 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

System and method for injecting a tag into a computing resource

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for injecting a tag into a computing resource

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links