Apparatus and method for expert decisioning
First Claim
Patent Images
1. An apparatus comprising:
- a memory operable to;
store a plurality of token-based rules, wherein a token-based rule facilitates access to a resource;
store at least one subject token associated with a user and a device;
store at least one resource token associated with the resource; and
store at least one network token associated with a network; and
a processor communicatively coupled to the memory and operable to;
determine that access to the resource has been requested;
determine at least one token-based rule in response to the determination that access has been requested, wherein;
the at least one token-based rule associates a first access value with a combination of a second access value, a third access value, and a fourth access value; and
the at least one token-based rule conditions access to the resource upon a fifth access value;
determine a sixth access value based at least in part upon the at least one subject token;
determine a seventh access value based at least in part upon the at least one resource token, wherein the seventh access value indicates a chance that at least one of access may be granted to an unrequested resource and the resource may corrupt the device;
determine an eighth access value based at least in part upon the at least one network token;
determine that the fifth access value should be equal to the first access value by;
comparing the sixth access value with the second access value;
comparing the seventh access value with the third access value; and
comparing the eighth access value with the fourth access value;
set the value of the fifth access value as the first access value in response to the determination that the fifth access value should be equal to the first access value;
determine, based at least in part upon the at least one token-based rule, that the fifth access value is insufficient to grant access to the resource;
determine, in response to the determination that the fifth access value is insufficient to grant access to the resource, that access by at least one of the user and the device to the resource over the network should be denied;
communicate a first decision token indicating that access by at least one of the user and the device to the resource should be denied;
receive an updated resource token;
redetermine the seventh access value based at least in part upon the updated resource token;
redetermine the fifth access value based at least upon the redetermined seventh access value; and
determine, based at least in part upon the at least one token-based rule, that the redetermined fifth access value is sufficient to grant access to the resource; and
communicate a second decision token indicating that access by at least one of the user and the device to the resource should be granted.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment, an apparatus may store at least one subject token associated with a user and a device, at least one resource token associated with the resource, and at least one network token associated with a network. The apparatus may determine various access values associated with these stored tokens. The apparatus may then determine the value of a first access value based on the values of these various access values. The apparatus may determine that the value of the first access value is insufficient to grant access to the resource and determine that access by at least one of the user and the device to the resource over the network should be denied.
17 Citations
15 Claims
-
1. An apparatus comprising:
-
a memory operable to; store a plurality of token-based rules, wherein a token-based rule facilitates access to a resource; store at least one subject token associated with a user and a device; store at least one resource token associated with the resource; and store at least one network token associated with a network; and a processor communicatively coupled to the memory and operable to; determine that access to the resource has been requested; determine at least one token-based rule in response to the determination that access has been requested, wherein; the at least one token-based rule associates a first access value with a combination of a second access value, a third access value, and a fourth access value; and the at least one token-based rule conditions access to the resource upon a fifth access value; determine a sixth access value based at least in part upon the at least one subject token; determine a seventh access value based at least in part upon the at least one resource token, wherein the seventh access value indicates a chance that at least one of access may be granted to an unrequested resource and the resource may corrupt the device; determine an eighth access value based at least in part upon the at least one network token; determine that the fifth access value should be equal to the first access value by; comparing the sixth access value with the second access value; comparing the seventh access value with the third access value; and comparing the eighth access value with the fourth access value; set the value of the fifth access value as the first access value in response to the determination that the fifth access value should be equal to the first access value; determine, based at least in part upon the at least one token-based rule, that the fifth access value is insufficient to grant access to the resource; determine, in response to the determination that the fifth access value is insufficient to grant access to the resource, that access by at least one of the user and the device to the resource over the network should be denied; communicate a first decision token indicating that access by at least one of the user and the device to the resource should be denied; receive an updated resource token; redetermine the seventh access value based at least in part upon the updated resource token; redetermine the fifth access value based at least upon the redetermined seventh access value; and determine, based at least in part upon the at least one token-based rule, that the redetermined fifth access value is sufficient to grant access to the resource; and communicate a second decision token indicating that access by at least one of the user and the device to the resource should be granted. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
storing, by a memory, a plurality of token-based rules, wherein a token-based rule facilitates access to a resource; storing, by the memory, at least one subject token associated with a user and a device; storing, by the memory, at least one resource token associated with the resource; storing, by the memory, at least one network token associated with a network; determining, by a processor communicatively coupled to the memory, that access to the resource has been requested; determining, by the processor, at least one token-based rule in response to the determination that access has been requested, wherein; the at least one token-based rule associates a first access value with a combination of a second access value, a third access value, and a fourth access value; and the at least one token-based rule conditions access to the resource upon a fifth access value; determining, by the processor, a sixth access value based at least in part upon the at least one subject token; determining, by the processor, a seventh access value based at least in part upon the at least one resource token, wherein the seventh access value indicates a chance that at least one of access may he granted to an unrequested resource and the resource may corrupt the device; determining, by the processor, an eighth access value based at least in part upon the at least one network token; determining, by the processor, that the fifth access value should be equal to the first access value by; comparing the sixth access value with the second access value; comparing the seventh access value with the third access value; and comparing the eighth access value with the fourth access value; determining, by the processor, based at least in put upon the at least one token-based rule, that the fifth access value is insufficient to grant access to the resource; determining, by the processor, in response to the determination that the fifth access value is insufficient to grant access to the resource, that access by at least one of the user and the device to the resource over the network should be denied; communicating a first decision token indicating that access by at least one of the user and the device to the resource should be denied; receiving, by the processor, an updated resource token; redetermining, by the processor, the seventh access value based at least in part upon the updated resource token; redetermining, by the processor, the fifth access value based at least upon the redetermined seventh access value; and determining, by the processor, based at least in part upon the at least one token-based rule, that the redetermined fifth access value is sufficient to grant access to the resource; and communicating a second decision token indicating that access by at least one of the user and the device to the resource should be granted. - View Dependent Claims (7, 8, 9, 10)
-
-
11. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
-
store a plurality of token-based rules, wherein a token-based rule facilitates access to a resource; store at least one subject token associated with a user and a device; store at least one resource token associated with the resource; store at least one network token associated with a network; determine that access to the resource has been requested; determine at least one token-based rule in response to the determination that access has been requested, wherein; the at least one token-based rule associates a first access value with a combination of a second access value, a third access value, and a fourth access value; and the at least one token-based rule conditions access to the resource upon a fifth access value; determine a sixth access value based at least in part upon the at least one subject token; determine a seventh access value based at least in part upon the at least one resource token, wherein the seventh access value indicates a chance that at least one of access may be granted to an unrequested resource and the resource may corrupt the device; determine an eighth access value based at least in part upon the at least one network token; determine that the fifth access value should be equal to the first access value by; comparing the sixth access value with the second access value; comparing the seventh access value with the third access value; and comparing the eighth access value with the fourth access value; set the value of the fifth access value as the first access value in response to the determination that the fifth access value should be equal to the first access value; determine, based at least in part upon the at least one token-based rule, that the fifth access value is insufficient to grant access to the resource; determine, in response to the determination that the fifth access value is insufficient to grant access to the resource, that access by at least one of the user and the device to the resource over the network should be denied; communicate a first decision token indicating that access by at least one of the user and the device to the resource should be denied; receive an updated resource token; redetermine the seventh access value based at least in part upon the updated resource token; redetermine the fifth access value based at least upon the redetermined seventh access value; and determine, based at least in part upon the at least one token-based rule, that the redetermined fifth access value is sufficient to grant access to the resource; and communicate a second decision token indicating that access by at least one of the user and the device to the resource should be granted. - View Dependent Claims (12, 13, 14, 15)
-
Specification