Controlled token distribution to protect against malicious data and resource access

US 10,715,512 B2
Filed: 05/24/2019
Issued: 07/14/2020
Est. Priority Date: 09/04/2007
Status: Active Grant

First Claim

Patent Images

1. A system for communicating using tokens in lieu of access-enabling codes to enhance security, the system comprising:

a communication engine that;

receives, at a first system, a first communication from a second system, the first communication corresponding to a credential for requesting tokens and having been transmitted by the second system;

transmits a second communication to the second system at a first time, the second communication including a token, the token corresponding to an access-enabling code stored at the first system, and access to a spatial area associated with a resource is granted using only the access-enabling code;

receives, at the first system, a third communication from a user device, the third communication including the token and being received at a second time that is after the first time; and

in response to receiving the token at the first system and from the user device, transmits a fourth communication to the user device, the fourth communication including the access-enabling code corresponding to an access right for the resource;

an authentication engine that authenticates the credential, the authentication indicating that an entity associated with the second system is authorized to receive secure tokens for facilitating resource access;

a resource-access allocation engine that;

determines that the access right is available, wherein the fourth communication is transmitted in response to receiving the token at the first system and that an access right for the resource is available; and

updates an access-code data store to change an availability status of the access right, wherein a token engine further updates an access-code data store to change an availability status of the access right; and

the token engine that;

in response to the authentication, generates the token, the token being generated based on or to correspond with each of the entity and the resource;

identifies that the resource corresponds to the token; and

determines that the token corresponds to the user device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for controlling data and resource access. For example, methods and systems can facilitate controlled token distribution across systems and token processing in a manner so as to limit access to and to protect data that includes access codes.

Citations

20 Claims

1. A system for communicating using tokens in lieu of access-enabling codes to enhance security, the system comprising:
- a communication engine that;
  
  receives, at a first system, a first communication from a second system, the first communication corresponding to a credential for requesting tokens and having been transmitted by the second system;
  
  transmits a second communication to the second system at a first time, the second communication including a token, the token corresponding to an access-enabling code stored at the first system, and access to a spatial area associated with a resource is granted using only the access-enabling code;
  
  receives, at the first system, a third communication from a user device, the third communication including the token and being received at a second time that is after the first time; and
  
  in response to receiving the token at the first system and from the user device, transmits a fourth communication to the user device, the fourth communication including the access-enabling code corresponding to an access right for the resource;
  
  an authentication engine that authenticates the credential, the authentication indicating that an entity associated with the second system is authorized to receive secure tokens for facilitating resource access;
  
  a resource-access allocation engine that;
  
  determines that the access right is available, wherein the fourth communication is transmitted in response to receiving the token at the first system and that an access right for the resource is available; and
  
  updates an access-code data store to change an availability status of the access right, wherein a token engine further updates an access-code data store to change an availability status of the access right; and
  
  the token engine that;
  
  in response to the authentication, generates the token, the token being generated based on or to correspond with each of the entity and the resource;
  
  identifies that the resource corresponds to the token; and
  
  determines that the token corresponds to the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system for communicating using tokens in lieu of access-enabling codes to enhance security, as recited in claim 1, wherein generating the token includes:
    - identifying a key available to the second system;
      
      generating a first claim value that is indicative of the resource;
      
      generating a second claim value that is indicative of a characteristic for accessing the resource;
      
      generating an alphanumeric string that includes the first claim value and the second claim value; and
      
      encrypting the alphanumeric string using the key.
  - 3. The system for communicating using tokens in lieu of access-enabling codes to enhance security, as recited in claim 1, wherein:
    - generating the token includes identifying an expiration time for the token, wherein a part of the token is indicative of the expiration time; and
      
      the token engine further;
      
      determines, upon receiving the third communication, whether the expiration time has elapsed, wherein the fourth communication is transmitted in response to determining that the token corresponds to the second system and that the expiration time has not elapsed.
  - 4. The system for communicating using tokens in lieu of access-enabling codes to enhance security, as recited in claim 1, wherein:
    - the third communication further includes an identifier of a third system; and
      
      the fourth communication is transmitted to the third system.
  - 5. The system for communicating using tokens in lieu of access-enabling codes to enhance security, as recited in claim 1, wherein the token is further generated based on or to correspond with a characteristic for accessing the resource, and wherein the access right includes an access right associated with the characteristic.
  - 6. The system for communicating using tokens in lieu of access-enabling codes to enhance security, as recited in claim 5, wherein:
    - the communication engine further;
      
      receives a fifth communication from a fourth system, the fifth communication being associated with a second credential;
      
      transmits, at a third time that is before the second time, a sixth communication to the fourth system, the sixth communication including a second token; and
      
      in response to receiving the third communication and determining that the token corresponds to the second system, transmits a seventh communication to the fourth system, the seventh communication indicating that the second token is expired;
      
      the authentication engine further;
      
      authenticates the second credential, the authentication of the second credential indicating that a second entity associated with the fourth system is authorized to receive secure tokens for facilitating resource access; and
      
      the token engine further;
      
      in response to the authentication of the second credential, generating the second token, the second token being generated based on or to correspond with each of;
      
      the second entity, the resource and a resource-access characteristic.
  - 7. The system for communicating using tokens in lieu of access-enabling codes to enhance security, as recited in claim 1, further comprising:
    - a resource-access allocation engine that;
      
      identifies a time associated with performance of a resource;
      
      identifies a time threshold for transmitting access-enabling codes for the resource based on the time;
      
      identifies the access-enabling code as corresponding to the token; and
      
      detects that the time threshold has passed, wherein the fourth communication is transmitted in response to the detecting.

8. A computer-implemented method for communicating using tokens in lieu of access-enabling codes to enhance security, the method comprising:
- receiving, at a first system, a first communication from a second system, the first communication corresponding to a credential for requesting tokens and having been transmitted by the second system;
  
  authenticating, at the first system, the credential, the authentication indicating that an entity associated with the second system is authorized to receive secure tokens for facilitating resource access;
  
  in response to the authentication, generating, at the first system, a token, the token being generated based on or to correspond with each of;
  
  the entity and a resource;
  
  transmitting, from the first system, a second communication to the second system at a first time, the second communication including a token, the token corresponding to an access-enabling code stored at the first system, and access to a spatial area associated with a resource is granted using only the access-enabling code;
  
  receiving, at the first system, a third communication from a user device, the third communication including the token and being received at a second time that is after the first time;
  
  identifying, at the first system, that the resource corresponds to the token;
  
  determining that the token corresponds to the user device;
  
  in response to receiving the token at the first system and from the user device, transmits a fourth communication to the user device, the fourth communication including the access-enabling code corresponding to an access right for the resource;
  
  determining that the access right is available, wherein the fourth communication is transmitted in response to determining that the token corresponds to the second system and that the access right for the resource is available;
  
  updating a token data store to indicate that the token has been used; and
  
  updating an access-code data store to change an availability status of the access right.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-implemented method for communicating using tokens in lieu of access-enabling codes to enhance security, as recited in claim 8, wherein generating the token includes:
    - identifying a key available to the second system;
      
      generating a first claim value that is indicative of the resource;
      
      generating a second claim value that is indicative of a characteristic for accessing the resource;
      
      generating an alphanumeric string that includes the first claim value and the second claim value; and
      
      encrypting the alphanumeric string using the key.
  - 10. The computer-implemented method for communicating using tokens in lieu of access-enabling codes to enhance security, as recited in claim 8, wherein:
    - generating the token includes identifying an expiration time for the token, wherein a part of the token is indicative of the expiration time; and
      
      the method further includes;
      
      determining, upon receiving the third communication, whether the expiration time has elapsed, wherein the fourth communication is transmitted in response to determining that the token corresponds to the second system and that the expiration time has not elapsed.
  - 11. The computer-implemented method for communicating using tokens in lieu of access-enabling codes to enhance security, as recited in claim 8, wherein:
    - the third communication further includes an identifier of a third system; and
      
      the fourth communication is transmitted to the third system.
  - 12. The computer-implemented method for communicating using tokens in lieu of access-enabling codes to enhance security, as recited in claim 8, wherein the token is further generated based on or to correspond with a characteristic for accessing the resource, and wherein the access right includes an access right associated with the characteristic.
  - 13. The computer-implemented method for communicating using tokens in lieu of access-enabling codes to enhance security, as recited in claim 12, further comprising:
    - receiving, at a first system, a fifth communication from a fourth system, the fifth communication being associated with a second credential;
      
      authenticating, at the first system, the second credential, the authentication of the second credential indicating that a second entity associated with the fourth system is authorized to receive secure tokens for facilitating resource access;
      
      in response to the authentication of the second credential, generating, at the first system, a second token, the second token being generated based on or to correspond with each of;
      
      the second entity, the resource and a resource-access characteristic;
      
      transmitting, from the first system and at a third time that is before the second time, a sixth communication to the fourth system, the sixth communication including the second token; and
      
      in response to receiving the third communication from the second system and determining that the token corresponds to the second system, transmitting a seventh communication to the fourth system, the seventh communication indicating that the second token is expired.
  - 14. The computer-implemented method for communicating using tokens in lieu of access-enabling codes to enhance security, as recited in claim 8, further comprising:
    - identifying a time associated with performance of a resource;
      
      identifying a time threshold for transmitting access-enabling codes for the resource based on the time; and
      
      detecting that the time threshold has passed, wherein the fourth communication is transmitted in response to the detecting.

15. A computer-program product tangibly embodied in a non-transitory machine-readable storage medium, including instructions configured to cause one or more data processors to perform actions including:
- receiving, at a first system, a first communication from a second system, the first communication corresponding to a credential for requesting tokens and having been transmitted by the second system;
  
  authenticating, at the first system, the credential, the authentication indicating that an entity associated with the second system is authorized to receive secure tokens for facilitating resource access;
  
  in response to the authentication, generating, at the first system, a token, the token being generated based on or to correspond with each of;
  
  the entity and a resource;
  
  transmitting, from the first system, a second communication to the second system at a first time, the second communication including a token, the token corresponding to an access-enabling code stored at the first system, and access to a spatial area associated with a resource is granted using only the access-enabling code;
  
  receiving, at the first system, a third communication from a user device, the third communication including the token and being received at a second time that is after the first time;
  
  identifying, at the first system, that the resource corresponds to the token;
  
  determining that the token corresponds to the user device;
  
  in response to receiving the token at the first system and from the user device, transmits a fourth communication to the user device, the fourth communication including the access-enabling code corresponding to an access right for the resource;
  
  determining that the access right is available, wherein the fourth communication is transmitted in response to determining that the token corresponds to the second system and that the access right for the resource is available;
  
  updating a token data store to indicate that the token has been used; and
  
  updating an access-code data store to change an availability status of the access right.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-program product, as recited in claim 15, wherein generating the token includes:
    - identifying a key available to the second system;
      
      generating a first claim value that is indicative of the resource;
      
      generating a second claim value that is indicative of a characteristic for accessing the resource;
      
      generating an alphanumeric string that includes the first claim value and the second claim value; and
      
      encrypting the alphanumeric string using the key.
  - 17. The computer-program product, as recited in claim 15, wherein:
    - generating the token includes identifying an expiration time for the token, wherein a part of the token is indicative of the expiration time; and
      
      the actions further include;
      
      determining, upon receiving the third communication, whether the expiration time has elapsed, wherein the fourth communication is transmitted in response to determining that the token corresponds to the second system and that the expiration time has not elapsed.
  - 18. The computer-program product, as recited in claim 15, wherein:
    - the third communication further includes an identifier of a third system; and
      
      the fourth communication is transmitted to the third system.
  - 19. The computer-program product, as recited in claim 15, wherein the token is further generated based on or to correspond with a characteristic for accessing the resource, and wherein the access right includes an access right associated with the characteristic.
  - 20. The computer-program product, as recited in claim 19, further comprising:
    - receiving, at a first system, a fifth communication from a fourth system, the fifth communication being associated with a second credential;
      
      authenticating, at the first system, the second credential, the authentication of the second credential indicating that a second entity associated with the fourth system is authorized to receive secure tokens for facilitating resource access;
      
      in response to the authentication of the second credential, generating, at the first system, a second token, the second token being generated based on or to correspond with each of;
      
      the second entity, the resource and a resource-access characteristic;
      
      transmitting, from the first system and at a third time that is before the second time, a sixth communication to the fourth system, the sixth communication including the second token; and
      
      in response to receiving the third communication from the second system and determining that the token corresponds to the second system, transmitting a seventh communication to the fourth system, the seventh communication indicating that the second token is expired.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Live Nation Entertainment Incorporated
Original Assignee
Live Nation Entertainment Incorporated
Inventors
Volini, Phillip, Werneke, John Raymond, Schumaler, Carl, Smith, Michael, Giannantonio, Frank, Iaia, Vito, Moriarty, Sean
Primary Examiner(s)
Tabor, Amare F

Application Number

US16/421,925
Publication Number

US 20190364031A1
Time in Patent Office

417 Days
Field of Search

713159
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

Controlled token distribution to protect against malicious data and resource access

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Controlled token distribution to protect against malicious data and resource access

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links