Apparatus and method for expert decisioning

US 8,726,340 B2
Filed: 05/24/2012
Issued: 05/13/2014
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory operable to;

store a plurality of token-based rules, wherein a token-based rule facilitates access to a resource;

store at least one subject token associated with a user and a device;

store at least one resource token associated with the resource; and

store at least one network token associated with a network; and

a processor communicatively coupled to the memory and operable to;

determine that access to the resource has been requested;

determine at least one token-based rule in response to the determination that access has been requested, wherein;

the at least one token-based rule associates a first access value with a combination of a second access value, a third access value, and a fourth access value; and

the at least one token-based rule conditions access to the resource upon a fifth access value;

determine a sixth access value based at least in part upon the at least one subject token;

determine a seventh access value based at least in part upon the at least one resource token, wherein the seventh access value indicates a chance that at least one of access may be granted to an unrequested resource and the resource may corrupt the device;

determine an eighth access value based at least in part upon the at least one network token;

determine that the fifth access value should be equal to the first access value by;

comparing the sixth access value with the second access value;

comparing the seventh access value with the third access value; and

comparing the eighth access value with the fourth access value;

set the value of the fifth access value as the first access value in response to the determination that the fifth access value should be equal to the first access value;

determine, based at least in part upon the at least one token-based rule, that the fifth access value is insufficient to grant access to the resource;

determine, in response to the determination that the fifth access value is insufficient to grant access to the resource, that access by at least one of the user and the device to the resource over the network should be denied;

communicate a first decision token indicating that access by at least one of the user and the device to the resource should be denied;

receive an updated resource token;

redetermine the seventh access value based at least in part upon the updated resource token;

redetermine the fifth access value based at least upon the redetermined seventh access value; and

determine, based at least in part upon the at least one token-based rule, that the redetermined fifth access value is sufficient to grant access to the resource; and

communicate a second decision token indicating that access by at least one of the user and the device to the resource should be granted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may store at least one subject token associated with a user and a device, at least one resource token associated with the resource, and at least one network token associated with a network. The apparatus may determine various access values associated with these stored tokens. The apparatus may then determine the value of a first access value based on the values of these various access values. The apparatus may determine that the value of the first access value is insufficient to grant access to the resource and determine that access by at least one of the user and the device to the resource over the network should be denied.

17 Citations

15 Claims

1. An apparatus comprising:
- a memory operable to;
  
  store a plurality of token-based rules, wherein a token-based rule facilitates access to a resource;
  
  store at least one subject token associated with a user and a device;
  
  store at least one resource token associated with the resource; and
  
  store at least one network token associated with a network; and
  
  a processor communicatively coupled to the memory and operable to;
  
  determine that access to the resource has been requested;
  
  determine at least one token-based rule in response to the determination that access has been requested, wherein;
  
  the at least one token-based rule associates a first access value with a combination of a second access value, a third access value, and a fourth access value; and
  
  the at least one token-based rule conditions access to the resource upon a fifth access value;
  
  determine a sixth access value based at least in part upon the at least one subject token;
  
  determine a seventh access value based at least in part upon the at least one resource token, wherein the seventh access value indicates a chance that at least one of access may be granted to an unrequested resource and the resource may corrupt the device;
  
  determine an eighth access value based at least in part upon the at least one network token;
  
  determine that the fifth access value should be equal to the first access value by;
  
  comparing the sixth access value with the second access value;
  
  comparing the seventh access value with the third access value; and
  
  comparing the eighth access value with the fourth access value;
  
  set the value of the fifth access value as the first access value in response to the determination that the fifth access value should be equal to the first access value;
  
  determine, based at least in part upon the at least one token-based rule, that the fifth access value is insufficient to grant access to the resource;
  
  determine, in response to the determination that the fifth access value is insufficient to grant access to the resource, that access by at least one of the user and the device to the resource over the network should be denied;
  
  communicate a first decision token indicating that access by at least one of the user and the device to the resource should be denied;
  
  receive an updated resource token;
  
  redetermine the seventh access value based at least in part upon the updated resource token;
  
  redetermine the fifth access value based at least upon the redetermined seventh access value; and
  
  determine, based at least in part upon the at least one token-based rule, that the redetermined fifth access value is sufficient to grant access to the resource; and
  
  communicate a second decision token indicating that access by at least one of the user and the device to the resource should be granted.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein the processor is further operable to:
    - receive an updated subject token;
      
      redetermine the value of the second access value based at least in part upon the updated subject token;
      
      redetermine the value of the first access value in response to redetermining the value of the second access value; and
      
      determine, based at least in part upon the at least one token-based rule, that the redetermined value of the first access value is sufficient to grant access to the resource.
  - 3. The apparatus of claim 1, wherein the processor is further operable to:
    - receive an updated network token;
      
      redetermine the value of the fourth access value based at least in part upon the updated network token;
      
      redetermine the value of the first access value in response to redetermining the value of the fourth access value; and
      
      determine, based at least in part upon the at least one token-based rule, that the redetermined value of the first access value is sufficient to grant access to the resource.
  - 4. The apparatus of claim 1, wherein the value of the first access value corresponds to the magnitude of the values of the second, third, and fourth access values.
  - 5. The apparatus of claim 1, wherein the processor is further operable to generate a risk token associated with a risk associated with granting at least one of the user and the device access to the resource over the network, wherein the first access value indicates the risk.

6. A method comprising:
- storing, by a memory, a plurality of token-based rules, wherein a token-based rule facilitates access to a resource;
  
  storing, by the memory, at least one subject token associated with a user and a device;
  
  storing, by the memory, at least one resource token associated with the resource;
  
  storing, by the memory, at least one network token associated with a network;
  
  determining, by a processor communicatively coupled to the memory, that access to the resource has been requested;
  
  determining, by the processor, at least one token-based rule in response to the determination that access has been requested, wherein;
  
  the at least one token-based rule associates a first access value with a combination of a second access value, a third access value, and a fourth access value; and
  
  the at least one token-based rule conditions access to the resource upon a fifth access value;
  
  determining, by the processor, a sixth access value based at least in part upon the at least one subject token;
  
  determining, by the processor, a seventh access value based at least in part upon the at least one resource token, wherein the seventh access value indicates a chance that at least one of access may he granted to an unrequested resource and the resource may corrupt the device;
  
  determining, by the processor, an eighth access value based at least in part upon the at least one network token;
  
  determining, by the processor, that the fifth access value should be equal to the first access value by;
  
  comparing the sixth access value with the second access value;
  
  comparing the seventh access value with the third access value; and
  
  comparing the eighth access value with the fourth access value;
  
  determining, by the processor, based at least in put upon the at least one token-based rule, that the fifth access value is insufficient to grant access to the resource;
  
  determining, by the processor, in response to the determination that the fifth access value is insufficient to grant access to the resource, that access by at least one of the user and the device to the resource over the network should be denied;
  
  communicating a first decision token indicating that access by at least one of the user and the device to the resource should be denied;
  
  receiving, by the processor, an updated resource token;
  
  redetermining, by the processor, the seventh access value based at least in part upon the updated resource token;
  
  redetermining, by the processor, the fifth access value based at least upon the redetermined seventh access value; and
  
  determining, by the processor, based at least in part upon the at least one token-based rule, that the redetermined fifth access value is sufficient to grant access to the resource; and
  
  communicating a second decision token indicating that access by at least one of the user and the device to the resource should be granted.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising:
    - receiving, by the processor, an updated subject token;
      
      redetermining, by the processor, the value of the second access value based at least in part upon the updated subject token;
      
      redetermining, by the processor, the value of the first access value in response to redetermining the value of the second access value; and
      
      determining, by the processor, based at least in part upon the at least one token-based rule, that the redetermined value of the first access value is sufficient to grant access to the resource.
  - 8. The method of claim 6, further comprising:
    - receiving, by the processor, an updated network token;
      
      redetermining, by the processor, the value of the fourth access value based at least in part upon the updated network token;
      
      redetermining, by the processor, the value of the first access value in response to redetermining the value of the fourth access value; and
      
      determining, by the processor, based at least in part upon the at least one token-based rule, that the redetermined value of the first access value is sufficient to grant access to the resource.
  - 9. The method of claim 6, wherein the value of the first access value corresponds to the magnitude of the values of the second, third, and fourth access values.
  - 10. The method of claim 6, further comprising generating, by the processor, a risk token associated with a risk associated with granting at least one of the user and the device access to the resource over the network, wherein the first access value indicates the risk.

11. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- store a plurality of token-based rules, wherein a token-based rule facilitates access to a resource;
  
  store at least one subject token associated with a user and a device;
  
  store at least one resource token associated with the resource;
  
  store at least one network token associated with a network;
  
  determine that access to the resource has been requested;
  
  determine at least one token-based rule in response to the determination that access has been requested, wherein;
  
  the at least one token-based rule associates a first access value with a combination of a second access value, a third access value, and a fourth access value; and
  
  the at least one token-based rule conditions access to the resource upon a fifth access value;
  
  determine a sixth access value based at least in part upon the at least one subject token;
  
  determine a seventh access value based at least in part upon the at least one resource token, wherein the seventh access value indicates a chance that at least one of access may be granted to an unrequested resource and the resource may corrupt the device;
  
  determine an eighth access value based at least in part upon the at least one network token;
  
  determine that the fifth access value should be equal to the first access value by;
  
  comparing the sixth access value with the second access value;
  
  comparing the seventh access value with the third access value; and
  
  comparing the eighth access value with the fourth access value;
  
  set the value of the fifth access value as the first access value in response to the determination that the fifth access value should be equal to the first access value;
  
  determine, based at least in part upon the at least one token-based rule, that the fifth access value is insufficient to grant access to the resource;
  
  determine, in response to the determination that the fifth access value is insufficient to grant access to the resource, that access by at least one of the user and the device to the resource over the network should be denied;
  
  communicate a first decision token indicating that access by at least one of the user and the device to the resource should be denied;
  
  receive an updated resource token;
  
  redetermine the seventh access value based at least in part upon the updated resource token;
  
  redetermine the fifth access value based at least upon the redetermined seventh access value; and
  
  determine, based at least in part upon the at least one token-based rule, that the redetermined fifth access value is sufficient to grant access to the resource; and
  
  communicate a second decision token indicating that access by at least one of the user and the device to the resource should be granted.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The media of claim 11 embodying software further operable when executed to:
    - receive an updated subject token;
      
      redetermine the value of the second access value based at least in part upon the updated subject token;
      
      redetermine the value of the first access value in response to redetermining the value of the second access value; and
      
      determine, based at least in part upon the at least one token-based rule, that the redetermined value of the first access value is sufficient to grant access to the resource.
  - 13. The media of claim 11 embodying software further operable when executed to:
    - receive an updated network token;
      
      redetermine the value of the fourth access value based at least in part upon the updated network token;
      
      redetermine the value of the first access value in response to redetermining the value of the fourth access value; and
      
      determine, based at least in part upon the at least one token-based rule, that the redetermined value of the first access value is sufficient to grant access to the resource.
  - 14. The media of claim 11, wherein the value of the first access value corresponds to the magnitude of the values of the second, third, and fourth access values.
  - 15. The media of claim 11 embodying software further operable when executed to generate a risk token associated with a risk associated with granting at least one of the user and the device access to the resource over the network, wherein the first access value indicates the risk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Torres-Diaz, Lizbeth

Application Number

US13/479,498
Publication Number

US 20130047201A1
Time in Patent Office

719 Days
Field of Search

713/159, 713172-174, 713/182, 713185-186, 705 65- 79, 726/9, 726/20
US Class Current

726/1
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/335   for accessing specific reso...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2115   Third party

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

Apparatus and method for expert decisioning

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Apparatus and method for expert decisioning

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others