Method and apparatus for token-based attribute abstraction
First Claim
1. An apparatus for abstraction in a token-based environment, comprising:
- a memory operable to store a plurality of tokens associated with a session, wherein;
the session facilitates access to a resource by a user and the session is identified by a session token; and
the plurality of tokens comprises a resource token indicating a form of authentication provided by the resource, a virtual machine token corresponding to a virtual machine provisioned to the user, and a compliance token indicating that a device of the user comprises sufficient hardware and firmware to access the resource; and
a processor operable to;
determine a second plurality of tokens required to facilitate determination of a risk token, wherein;
the risk token is used to facilitate determination of an access decision to the resource; and
the second plurality of tokens is determined based on a token-based rule that indicates that a dataset token representing the plurality of tokens can be generated if the plurality of tokens comprises the second plurality of tokens;
determine that the plurality of tokens comprises the second plurality of tokens;
generate the dataset token representing the plurality of tokens in response to the determination that the plurality of tokens comprises the second plurality of tokens;
communicate the dataset token to facilitate generation of the risk token;
receive the risk token, wherein the risk token is based at least in part on the dataset token; and
correlate the risk token with the session token to facilitate determination of the access decision to the resource, wherein the risk token impacts a trust level indicating the security provided by the form of authentication provided by the resource.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment, an apparatus may store a plurality of tokens associated with a session. The session may facilitate access to a resource by a user. The session may be identified by a session token. The apparatus may determine, based on a token-based rule, a second plurality of tokens required to facilitate determination of a risk token. The risk token may be used to facilitate determination of an access decision to the resource. The apparatus may determine that the plurality of tokens comprises the second plurality of tokens and generate a dataset token that represents the plurality of tokens. The apparatus may then communicate the dataset token to facilitate the generation of the risk token. The apparatus may receive the risk token and correlate it with the session token to facilitate determination of the access decision.
-
Citations
10 Claims
-
1. An apparatus for abstraction in a token-based environment, comprising:
-
a memory operable to store a plurality of tokens associated with a session, wherein; the session facilitates access to a resource by a user and the session is identified by a session token; and the plurality of tokens comprises a resource token indicating a form of authentication provided by the resource, a virtual machine token corresponding to a virtual machine provisioned to the user, and a compliance token indicating that a device of the user comprises sufficient hardware and firmware to access the resource; and a processor operable to; determine a second plurality of tokens required to facilitate determination of a risk token, wherein; the risk token is used to facilitate determination of an access decision to the resource; and the second plurality of tokens is determined based on a token-based rule that indicates that a dataset token representing the plurality of tokens can be generated if the plurality of tokens comprises the second plurality of tokens; determine that the plurality of tokens comprises the second plurality of tokens; generate the dataset token representing the plurality of tokens in response to the determination that the plurality of tokens comprises the second plurality of tokens; communicate the dataset token to facilitate generation of the risk token; receive the risk token, wherein the risk token is based at least in part on the dataset token; and correlate the risk token with the session token to facilitate determination of the access decision to the resource, wherein the risk token impacts a trust level indicating the security provided by the form of authentication provided by the resource. - View Dependent Claims (2, 3)
-
-
4. A method for abstraction in a token-based environment, comprising:
-
storing a plurality of tokens associated with a session, wherein; the session facilitates access to a resource by a user and the session is identified by a session token; and the plurality of tokens comprises a resource token indicating a form of authentication provided by the resource, a virtual machine token corresponding to a virtual machine provisioned to the user, and a compliance token indicating that a device of the user comprises sufficient hardware and firmware to access the resource; determining, by a processor, a second plurality of tokens required to facilitate determination of a risk token, wherein; the risk token is used to facilitate determination of an access decision to the resource; and the second plurality of tokens is determined based on a token-based rule that indicates that a dataset token representing the plurality of tokens can be generated if the plurality of tokens comprises the second plurality of tokens; determining, by the processor, that the plurality of tokens comprises the second plurality of tokens; generating the dataset token representing the plurality of tokens in response to the determination that the plurality of tokens comprises the second plurality of tokens; communicating the dataset token to facilitate generation of the risk token; receiving the risk token, wherein the risk token is based at least in part on the dataset token; and correlating the risk token with the session token to facilitate determination of the access decision to the resource, wherein the risk token impacts a trust level indicating the security provided by the form of authentication provided by the resource. - View Dependent Claims (5, 6)
-
-
7. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
-
store a plurality of tokens associated with a session, wherein; the session facilitates access to a resource by a user and the session is identified by a session token; and the plurality of tokens comprises a resource token indicating a form of authentication provided by the resource, a virtual machine token corresponding to a virtual machine provisioned to the user, and a compliance token indicating that a device of the user comprises sufficient hardware and firmware to access the resource; determine a second plurality of tokens required to facilitate determination of a risk token, wherein; the risk token is used to facilitate determination of an access decision to the resource; and the second plurality of tokens is determined based on a token-based rule that indicates that a dataset token representing the plurality of tokens can be generated if the plurality of tokens comprises the second plurality of tokens;
determine that the plurality of tokens comprises the second plurality of tokens;generate the dataset token representing the plurality of tokens in response to the determination that the plurality of tokens comprises the second plurality of tokens; communicate the dataset token to facilitate generation of the risk token; receive the risk token, wherein the risk token is based at least in part on the dataset token; and correlate the risk token with the session token to facilitate determination of the access decision to the resource, wherein the risk token impacts a trust level indicating the security provided by the form of authentication provided by the resource. - View Dependent Claims (8, 9, 10)
-
Specification