TOKEN-BASED ACCESS CONTROL

US 20140123312A1
Filed: 10/25/2012
Published: 05/01/2014
Est. Priority Date: 10/25/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

assigning, using a processor, a set of workflow specific tokens to a user in response to a workflow event, wherein the set of workflow specific tokens grant the user temporary access to a portion of data;

receiving a request from a workflow tool to allow the user to access data; and

using the workflow specific tokens assigned to the user to determine which portion of the data can be accessed.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for enabling token-based access control to data are provided. In particular, some embodiments use a token-based access management system to allow or restrict an individual'"'"'s ability to access data. The access management system uses tokens to define rules (e.g., a Boolean matching rule or algorithm that results in a true/false output indicating the decision) within the access management system to determine if the token is valid and if the individual should be granted access to the requested data. Tokens may further have tool constraints for controlling access. In some cases, the tokens may expire upon completion of a task or after a pre-set amount of time. A generic workflow utilizing tokens and at least one specific workflow showing employees utilizing tokens as part of performing a task responsive to a user.

Citations

20 Claims

1. A method comprising:
- assigning, using a processor, a set of workflow specific tokens to a user in response to a workflow event, wherein the set of workflow specific tokens grant the user temporary access to a portion of data;
  
  receiving a request from a workflow tool to allow the user to access data; and
  
  using the workflow specific tokens assigned to the user to determine which portion of the data can be accessed.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising assigning a set of default tokens to a user that include a default set of permissions or restrictions for access the data.
  - 3. The method of claim 2, wherein the set of default tokens have a higher priority level than the set of workflow specific tokens.
  - 4. The method of claim 1, wherein the set of workflow specific tokens and the default tokens include a cryptographic message authentication code (MAC).
  - 5. The method of claim 4, further comprising using the cryptographic MAC to determine if the workflow specific tokens or the default tokens have been modified.
  - 6. The method of claim 1, wherein the set of workflow specific tokens grant a second user temporary access to a second portion of data.
  - 7. The method of claim 1, wherein the temporary access granted by the set of workflow tokens is not more than twenty-four hours.

8. A token-based access management system comprising:
- a database having data stored thereon;
  
  a workflow engine to receive an event and generate a workflow specific token to temporarily grant access to a portion of the data in order to respond to the event;
  
  a communications module to associate the workflow specific token with a user; and
  
  a set of tools configured to access the workflow specific token, verify that the user should be granted access to the portion of the data, and allow the user to access the portion of the data.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The token-based access management system of claim 8, wherein the set of tools provide tool constraints restricting access to the data based on a tool that is being used by the user.
  - 10. The token-based access management system of claim 8, wherein the workflow specific tokens are assigned a cryptographic message authentication code and the system further comprising a verification module to authenticate the cryptographic message authentication code before allows the user to access the portion of the data.
  - 11. The token-based access management system of claim 8, further comprising a reassignment module configured to receive a request from the user to reassign the event.
  - 12. The token-based access management system of claim 9, further comprising a permission evaluation module configured to receive and evaluate a request from the user to access an additional portion of the data in order to respond to the event.
  - 13. The token-based access management system of claim 8, wherein the workflow engine generates multiple workflow specific tokens.
  - 14. The token-based access management system of claim 13, wherein the each of the multiple specific tokens are associated with different users.
  - 15. The token-based access management system of claim 8, wherein further comprising a priority module to resolve access permissions based on multiple specific tokens assigned to the user.

16. A computer-implemented method comprising:
- generating, using a processor, a set of default tokens for a specific user;
  
  generating, using the processor, a set of workflow tokens based on a workflow event, wherein the at least some of the workflow tokens are assigned to the specific user to allow the specific user temporary access to a selected portions of a data set; and
  
  determining, upon receiving a request, which portion of the data set the user can access based on the default tokens and workflow specific tokens assigned to the specific user.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-implemented method of claim 16, wherein generating the set of default tokens for the specific user occurs on a predetermine schedule.
  - 18. The computer-implemented method of claim 16, further comprising associating a deactivation event with the workflow token.
  - 19. The computer-implemented method of claim 18, further comprising deactivating the workflow token upon detection of the deactivation event.
  - 20. The computer-implemented method of claim 16, wherein the workflow tokens and the set of default tokens each include a matching rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Marcotte, Garrett

Granted Patent

US 8,887,260 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/28
CPC Class Codes

G06F 21/33 using certificates

TOKEN-BASED ACCESS CONTROL

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TOKEN-BASED ACCESS CONTROL

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links