METHOD AND APPARATUS FOR TOKEN-BASED ATTRIBUTE ABSTRACTION

US 20130047224A1
Filed: 08/15/2011
Published: 02/21/2013
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus for abstraction in a token-based environment, comprising:

a memory operable to store a plurality of tokens associated with a session, wherein the session facilitates access to a resource by a user and the session is identified by a session token; and

a processor operable to;

determine a second plurality of tokens required to facilitate determination of a risk token, wherein the risk token is used to facilitate determination of an access decision to the resource;

determine that the plurality of tokens comprises the second plurality of tokens;

generate a dataset token that represents the plurality of tokens;

communicate the dataset token to facilitate generation of the risk token;

receive the risk token, wherein the risk token is based at least in part on the dataset token; and

correlate the risk token with the session token to facilitate determination of the access decision to the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may store a plurality of tokens associated with a session. The session may facilitate access to a resource by a user. The session may be identified by a session token. The apparatus may determine, based on a token-based rule, a second plurality of tokens required to facilitate determination of a risk token. The risk token may be used to facilitate determination of an access decision to the resource. The apparatus may determine that the plurality of tokens comprises the second plurality of tokens and generate a dataset token that represents the plurality of tokens. The apparatus may then communicate the dataset token to facilitate the generation of the risk token. The apparatus may receive the risk token and correlate it with the session token to facilitate determination of the access decision.

15 Citations

View as Search Results

16 Claims

1. An apparatus for abstraction in a token-based environment, comprising:
- a memory operable to store a plurality of tokens associated with a session, wherein the session facilitates access to a resource by a user and the session is identified by a session token; and
  
  a processor operable to;
  
  determine a second plurality of tokens required to facilitate determination of a risk token, wherein the risk token is used to facilitate determination of an access decision to the resource;
  
  determine that the plurality of tokens comprises the second plurality of tokens;
  
  generate a dataset token that represents the plurality of tokens;
  
  communicate the dataset token to facilitate generation of the risk token;
  
  receive the risk token, wherein the risk token is based at least in part on the dataset token; and
  
  correlate the risk token with the session token to facilitate determination of the access decision to the resource.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein:
    - the processor operable to communicate the dataset token comprises communicating the dataset token to a risk token provider; and
      
      the processor operable to receive the risk token comprises receiving the risk token from the risk token provider.
  - 3. The apparatus of claim 1, wherein the plurality of tokens comprises at least one of a subject token, a resource token, a virtual machine token, and a compliance token.
  - 4. The apparatus of claim 1, wherein:
    - the risk token impacts a token level;
      
      the token level is at least one of a risk level, a trust level, and a integrity level; and
      
      the token level facilitates determination of the access decision to the resource
  - 5. The apparatus of claim 1, wherein the second plurality of tokens is determined based on a token-based rule.

6. A method for abstraction in a token-based environment, comprising:
- storing a plurality of tokens associated with a session, wherein the session facilitates access to a resource by a user and the session is identified by a session token;
  
  determining, by a processor, a second plurality of tokens required to facilitate determination of a risk token, wherein the risk token is used to facilitate determination of an access decision to the resource;
  
  determining, by the processor, that the plurality of tokens comprises the second plurality of tokens;
  
  generating a dataset token that represents the plurality of tokens;
  
  communicating the dataset token to facilitate generation of the risk token;
  
  receiving the risk token, wherein the risk token is based at least in part on the dataset token; and
  
  correlating the risk token with the session token to facilitate determination of the access decision to the resource.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein:
    - communicating the dataset token comprises communicating the dataset token to a risk token provider; and
      
      receiving the risk token comprises receiving the risk token from the risk token provider.
  - 8. The method of claim 6, wherein the plurality of tokens comprises at least one of a subject token, a resource token, a virtual machine token, and a compliance token.
  - 9. The method of claim 6, wherein:
    - the risk token impacts a token level;
      
      the token level is at least one of a risk level, a trust level, and a integrity level; and
      
      the token level facilitates determination of the access decision to the resource.
  - 10. The method of claim 6, wherein the second plurality of tokens is determined based on a token-based rule.

11. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- store a plurality of tokens associated with a session, wherein the session facilitates access to a resource by a user and the session is identified by a session token;
  
  determine a second plurality of tokens required to facilitate determination of a risk token, wherein the risk token is used to facilitate determination of an access decision to the resource;
  
  determine that the plurality of tokens comprises the second plurality of tokens;
  
  generate a dataset token that represents the plurality of tokens;
  
  communicate the dataset token to facilitate generation of the risk token;
  
  receive the risk token, wherein the risk token is based at least in part on the dataset token; and
  
  correlate the risk token with the session token to facilitate determination of the access decision to the resource.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The media of claim 11, wherein:
    - the software operable when executed to communicate the dataset token comprises communicating the dataset token to a risk token provider; and
      
      the software operable when executed to receive the risk token comprises receiving the risk token from the risk token provider.
  - 13. The media of claim 11, wherein the plurality of tokens comprises at least one of a subject token, a resource token, a virtual machine token, and a compliance token.
  - 14. The media of claim 11, wherein:
    - the risk token impacts a token level;
      
      the token level is at least one of a risk level, a trust level, and a integrity level; and
      
      the token level facilitates determination of the access decision to the resource.
  - 15. The media of claim 11, wherein the second plurality of tokens is determined based on a token-based rule.
  - 16. The media of claim 11, wherein the determination of the second plurality of tokens is based on a token-based rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh

Granted Patent

US 8,726,361 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/604   Tools and structures for ma...

METHOD AND APPARATUS FOR TOKEN-BASED ATTRIBUTE ABSTRACTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR TOKEN-BASED ATTRIBUTE ABSTRACTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links