Method and apparatus for token-based attribute abstraction

US 8,726,361 B2
Filed: 08/15/2011
Issued: 05/13/2014
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus for abstraction in a token-based environment, comprising:

a memory operable to store a plurality of tokens associated with a session, wherein;

the session facilitates access to a resource by a user and the session is identified by a session token; and

the plurality of tokens comprises a resource token indicating a form of authentication provided by the resource, a virtual machine token corresponding to a virtual machine provisioned to the user, and a compliance token indicating that a device of the user comprises sufficient hardware and firmware to access the resource; and

a processor operable to;

determine a second plurality of tokens required to facilitate determination of a risk token, wherein;

the risk token is used to facilitate determination of an access decision to the resource; and

the second plurality of tokens is determined based on a token-based rule that indicates that a dataset token representing the plurality of tokens can be generated if the plurality of tokens comprises the second plurality of tokens;

determine that the plurality of tokens comprises the second plurality of tokens;

generate the dataset token representing the plurality of tokens in response to the determination that the plurality of tokens comprises the second plurality of tokens;

communicate the dataset token to facilitate generation of the risk token;

receive the risk token, wherein the risk token is based at least in part on the dataset token; and

correlate the risk token with the session token to facilitate determination of the access decision to the resource, wherein the risk token impacts a trust level indicating the security provided by the form of authentication provided by the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may store a plurality of tokens associated with a session. The session may facilitate access to a resource by a user. The session may be identified by a session token. The apparatus may determine, based on a token-based rule, a second plurality of tokens required to facilitate determination of a risk token. The risk token may be used to facilitate determination of an access decision to the resource. The apparatus may determine that the plurality of tokens comprises the second plurality of tokens and generate a dataset token that represents the plurality of tokens. The apparatus may then communicate the dataset token to facilitate the generation of the risk token. The apparatus may receive the risk token and correlate it with the session token to facilitate determination of the access decision.

Citations

10 Claims

1. An apparatus for abstraction in a token-based environment, comprising:
- a memory operable to store a plurality of tokens associated with a session, wherein;
  
  the session facilitates access to a resource by a user and the session is identified by a session token; and
  
  the plurality of tokens comprises a resource token indicating a form of authentication provided by the resource, a virtual machine token corresponding to a virtual machine provisioned to the user, and a compliance token indicating that a device of the user comprises sufficient hardware and firmware to access the resource; and
  
  a processor operable to;
  
  determine a second plurality of tokens required to facilitate determination of a risk token, wherein;
  
  the risk token is used to facilitate determination of an access decision to the resource; and
  
  the second plurality of tokens is determined based on a token-based rule that indicates that a dataset token representing the plurality of tokens can be generated if the plurality of tokens comprises the second plurality of tokens;
  
  determine that the plurality of tokens comprises the second plurality of tokens;
  
  generate the dataset token representing the plurality of tokens in response to the determination that the plurality of tokens comprises the second plurality of tokens;
  
  communicate the dataset token to facilitate generation of the risk token;
  
  receive the risk token, wherein the risk token is based at least in part on the dataset token; and
  
  correlate the risk token with the session token to facilitate determination of the access decision to the resource, wherein the risk token impacts a trust level indicating the security provided by the form of authentication provided by the resource.
- View Dependent Claims (2, 3)
- - 2. The apparatus of claim 1, wherein:
    - the processor operable to communicate the dataset token comprises communicating the dataset token to a risk token provider; and
      
      the processor operable to receive the risk token comprises receiving the risk token from the risk token provider.
  - 3. The apparatus of claim 1, wherein:
    - the risk token further impacts at least one of a risk level and an integrity level; and
      
      at least one of the risk level, the trust level, and the integrity level facilitates determination of the access decision to the resource.

4. A method for abstraction in a token-based environment, comprising:
- storing a plurality of tokens associated with a session, wherein;
  
  the session facilitates access to a resource by a user and the session is identified by a session token; and
  
  the plurality of tokens comprises a resource token indicating a form of authentication provided by the resource, a virtual machine token corresponding to a virtual machine provisioned to the user, and a compliance token indicating that a device of the user comprises sufficient hardware and firmware to access the resource;
  
  determining, by a processor, a second plurality of tokens required to facilitate determination of a risk token, wherein;
  
  the risk token is used to facilitate determination of an access decision to the resource; and
  
  the second plurality of tokens is determined based on a token-based rule that indicates that a dataset token representing the plurality of tokens can be generated if the plurality of tokens comprises the second plurality of tokens;
  
  determining, by the processor, that the plurality of tokens comprises the second plurality of tokens;
  
  generating the dataset token representing the plurality of tokens in response to the determination that the plurality of tokens comprises the second plurality of tokens;
  
  communicating the dataset token to facilitate generation of the risk token;
  
  receiving the risk token, wherein the risk token is based at least in part on the dataset token; and
  
  correlating the risk token with the session token to facilitate determination of the access decision to the resource, wherein the risk token impacts a trust level indicating the security provided by the form of authentication provided by the resource.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein:
    - communicating the dataset token comprises communicating the dataset token to a risk token provider; and
      
      receiving the risk token comprises receiving the risk token from the risk token provider.
  - 6. The method of claim 4, wherein:
    - the risk token further impacts at least one of a risk level and an integrity level; and
      
      at least one of the risk level, the trust level, and the integrity level facilitates determination of the access decision to the resource.

7. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- store a plurality of tokens associated with a session, wherein;
  
  the session facilitates access to a resource by a user and the session is identified by a session token; and
  
  the plurality of tokens comprises a resource token indicating a form of authentication provided by the resource, a virtual machine token corresponding to a virtual machine provisioned to the user, and a compliance token indicating that a device of the user comprises sufficient hardware and firmware to access the resource;
  
  determine a second plurality of tokens required to facilitate determination of a risk token, wherein;
  
  the risk token is used to facilitate determination of an access decision to the resource; and
  
  the second plurality of tokens is determined based on a token-based rule that indicates that a dataset token representing the plurality of tokens can be generated if the plurality of tokens comprises the second plurality of tokens;
  
  determine that the plurality of tokens comprises the second plurality of tokens;
  
  generate the dataset token representing the plurality of tokens in response to the determination that the plurality of tokens comprises the second plurality of tokens;
  
  communicate the dataset token to facilitate generation of the risk token;
  
  receive the risk token, wherein the risk token is based at least in part on the dataset token; and
  
  correlate the risk token with the session token to facilitate determination of the access decision to the resource, wherein the risk token impacts a trust level indicating the security provided by the form of authentication provided by the resource.
- View Dependent Claims (8, 9, 10)
- - 8. The media of claim 7, wherein:
    - the software operable when executed to communicate the dataset token comprises communicating the dataset token to a risk token provider; and
      
      the software operable when executed to receive the risk token comprises receiving the risk token from the risk token provider.
  - 9. The media of Claim 7, wherein:
    - the risk token further impacts at least one of a risk level and an integrity level; and
      
      at least one of the risk level, the trust level, and the integrity level facilitates determination of the access decision to the resource.
  - 10. The media of claim 7, wherein the determination of the second plurality of tokens is based on a token-based rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh
Primary Examiner(s)
Kim, Tae

Application Number

US13/210,075
Publication Number

US 20130047224A1
Time in Patent Office

1,002 Days
Field of Search

726 2- 21, 713150-159, 713168-181
US Class Current

726/9
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/604   Tools and structures for ma...

Method and apparatus for token-based attribute abstraction

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for token-based attribute abstraction

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links