METHOD AND APPARATUS FOR TOKEN-BASED REASSIGNMENT OF PRIVILEGES
First Claim
1. An apparatus comprising a processor operable to:
- monitor a session, wherein the session facilitates a user'"'"'s access to a resource, the user granted a privilege associated with accessing the resource;
detect a change in at least one token of a plurality of tokens during the session, the change associated with the privilege granted to the user;
communicate a token that represents the change;
receive a risk token associated with the token;
determine to revoke the privilege based on the risk token;
generate a second token that represents the determination to revoke the privilege; and
communicate the second token to facilitate the revoking of the privilege.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment, an apparatus may monitor a session that facilitates a user'"'"'s access to a resource. The user may be granted a privilege associated with accessing the resource. The apparatus may detect a change associated with the privilege granted to the user in at least one token of a plurality of tokens. The apparatus may then communicate a token that represents the change, and receive a risk token associated with the token. The apparatus may then determine to revoke the privilege based on the risk token, and generate a second token that represents the determination to revoke the privilege. The apparatus may then communicate the second token to facilitate the revoking of the privilege.
20 Citations
21 Claims
-
1. An apparatus comprising a processor operable to:
-
monitor a session, wherein the session facilitates a user'"'"'s access to a resource, the user granted a privilege associated with accessing the resource; detect a change in at least one token of a plurality of tokens during the session, the change associated with the privilege granted to the user; communicate a token that represents the change; receive a risk token associated with the token; determine to revoke the privilege based on the risk token; generate a second token that represents the determination to revoke the privilege; and communicate the second token to facilitate the revoking of the privilege. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for privilege-based access control in a token-based environment, comprising:
-
monitoring a session, wherein the session facilitates a user'"'"'s access to a resource, the user granted a privilege associated with accessing the resource; detecting a change in at least one token of a plurality of tokens during the session, the change associated with the privilege granted to the user; communicating a token that represents the change; receiving a risk token associated with the token; determining, by a processor, to revoke the privilege based on the risk token; generating, by the processor, a second token that represents the determination to revoke the privilege; and communicating the second token to facilitate the revoking of the privilege. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
-
monitor a session, wherein the session facilitates a user'"'"'s access to a resource, the user granted a privilege associated with accessing the resource; detect a change in at least one token of a plurality of tokens during the session, the change associated with the privilege granted to the user; communicate a token that represents the change; receive a risk token associated with the token; determine to revoke the privilege based on the risk token; generate a second token that represents the determination to revoke the privilege; and communicate the second token to facilitate the revoking of the privilege. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification