Apparatus and method for performing data tokenization

US 8,752,123 B2
Filed: 05/24/2012
Issued: 06/10/2014
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory operable to store a plurality of token-based rules, wherein a token-based rule facilitates access to a resource, the resource requiring data external to the resource; and

a processor communicatively coupled to the memory and operable to;

receive a resource token indicating a request for access to the resource;

receive a first data token indicating a request for the data external to the resource, the first data token generated in response to the request for access to the resource;

receive a subject token indicating that at least one of a form of user authentication and a form of device authentication has been completed;

receive a network token indicating that at least one form of encryption has been performed, wherein the at least one form of encryption comprises Wi-Fi Protected Access;

determine at least one token-based rule based at least in part upon the first data token, the subject token, and the network token, wherein the at least one token-based rule conditions the generation of a second data token upon the processor determining that the at least one form of encryption has been performed and that at least one of the form of user authentication and the form of device authentication has been completed;

deny the generation of the second data token if at least one of the at least one form of encryption has not been performed, the at least one form of user authentication has not been completed, and the at least one form of device authentication has not been completed;

determine, based at least in part upon the at least one token-based rule, that the second data token representing the data should be generated, wherein;

the second data token further represents at least one attribute associated with the data;

generate a message indicating the determination that the second data token should be generated; and

transmit the message, wherein the second data token is generated in response to receiving the message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may receive a first data token indicating a request for data associated with the resource, a subject token indicating that at least one form of authentication has been completed, and a network token indicating that at least one form of encryption has been performed. The apparatus may determine at least one token-based rule based at least in part upon the first data token, the subject token, and the network token. The apparatus may determine, based at least in part upon the at least one token-based rule, that a second data token representing the data should be generated. The apparatus may generate a message indicating the determination that the second data token should be generated and then transmit the message.

32 Citations

View as Search Results

12 Claims

1. An apparatus comprising:
- a memory operable to store a plurality of token-based rules, wherein a token-based rule facilitates access to a resource, the resource requiring data external to the resource; and
  
  a processor communicatively coupled to the memory and operable to;
  
  receive a resource token indicating a request for access to the resource;
  
  receive a first data token indicating a request for the data external to the resource, the first data token generated in response to the request for access to the resource;
  
  receive a subject token indicating that at least one of a form of user authentication and a form of device authentication has been completed;
  
  receive a network token indicating that at least one form of encryption has been performed, wherein the at least one form of encryption comprises Wi-Fi Protected Access;
  
  determine at least one token-based rule based at least in part upon the first data token, the subject token, and the network token, wherein the at least one token-based rule conditions the generation of a second data token upon the processor determining that the at least one form of encryption has been performed and that at least one of the form of user authentication and the form of device authentication has been completed;
  
  deny the generation of the second data token if at least one of the at least one form of encryption has not been performed, the at least one form of user authentication has not been completed, and the at least one form of device authentication has not been completed;
  
  determine, based at least in part upon the at least one token-based rule, that the second data token representing the data should be generated, wherein;
  
  the second data token further represents at least one attribute associated with the data;
  
  generate a message indicating the determination that the second data token should be generated; and
  
  transmit the message, wherein the second data token is generated in response to receiving the message.
- View Dependent Claims (2, 3, 4)
- - 2. The apparatus of claim 1, wherein the processor is further operable to generate the second data token.
  - 3. The apparatus of claim 1, wherein the request for the data is made in response to the request to access the resource.
  - 4. The apparatus of claim 1, wherein the at least one attribute is at least one of:
    - the size of the data; and
      
      a form of encryption performed on the data.

5. A method comprising:
- storing, by a memory, a plurality of token-based rules, wherein a token-based rule facilitates access to a resource, the resource requiring data external to the resource; and
  
  receiving, by a processor communicatively coupled to the memory, a resource token indicating a request for access to the resource;
  
  receiving, by the processor, a first data token indicating a request for the data external to the resource, the first data token generated in response to the request for access to the resource;
  
  receiving, by the processor, a subject token indicating that at least one of a form of user authentication and a form of device authentication has been completed;
  
  receiving, by the processor, a network token indicating that at least one form of encryption has been performed, wherein the at least one form of encryption comprises Wi-Fi Protected Access;
  
  determining, by the processor, at least one token-based rule based at least in part upon the first data token, the subject token, and the network token, wherein the at least one token-based rule conditions the generation of a second data token upon the processor determining that the at least one form of encryption has been performed and that at least one of the form of user authentication and the form of device authentication has been completed;
  
  denying, by the processor, the generation of the second data token if at least one of the at least one form of encryption has not been performed, the at least one form of user authentication has not been completed, and the at least one form of device authentication has not been completed;
  
  determining, by the processor, based at least in part upon the at least one token-based rule, that the second data token representing the data should be generated, wherein the second data token further represents at least one attribute associated with the data;
  
  generating, by the processor, a message indicating the determination that the second data token should be generated; and
  
  transmitting, by the processor, the message, wherein the second data token is generated in response to receiving the message.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, further comprising generating, by the processor, the second data token.
  - 7. The method of claim 5, wherein the request for the data is made in response to the request to access the resource.
  - 8. The method of claim 5, wherein the at least one attribute is at least one of:
    - the size of the data; and
      
      a form of encryption performed on the data.

9. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- store a plurality of token-based rules, wherein a token-based rule facilitates access to a resource, the resource requiring data external to the resource; and
  
  receive a resource token indicating a request for access to the resource;
  
  receive a first data token indicating a request for the data external to the resource, the first data token generated in response to the request for access to the resource;
  
  receive a subject token indicating that at least one of a form of user authentication and a form of device authentication has been completed;
  
  receive a network token indicating that at least one form of encryption has been performed, wherein the at least one form of encryption comprises Wi-Fi Protected Access;
  
  determine at least one token-based rule based at least in part upon the first data token, the subject token, and the network token, wherein the at least one token-based rule conditions the generation of a second data token upon the processor determining that the at least one form of encryption has been performed and that at least one of the form of user authentication and the form of device authentication has been completed;
  
  deny the generation of the second data token if at least one of the at least one form of encryption has not been performed, the at least one form of user authentication has not been completed, and the at least one form of device authentication has not been completed;
  
  determine, based at least in part upon the at least one token-based rule, that the second data token representing the data should be generated, wherein the second data token further represents at least one attribute associated with the data;
  
  generate a message indicating the determination that the second data token should be generated; and
  
  transmit the message, wherein the second data token is generated in response to receiving the message.
- View Dependent Claims (10, 11, 12)
- - 10. The one or more computer-readable non-transitory storage media of claim 9 embodying software further operable when executed to generate the second data token.
  - 11. The one or more computer-readable non-transitory storage media of claim 9 embodying software, wherein the request for data is made in response to the request to access the resource.
  - 12. The one or more computer-readable non-transitory storage media of claim 9, wherein the at least one attribute is at least one of:
    - the size of the data; and
      
      a form of encryption performed on the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh, Frick, Cynthia A., Ritchey, Ronald Wayne, Barbir, Abdulkader Omar, Labella, Lawrence Robert
Primary Examiner(s)
SHEHNI, GHAZAL B

Application Number

US13/479,464
Publication Number

US 20130047200A1
Time in Patent Office

747 Days
Field of Search

726 2- 10
US Class Current

726/1
CPC Class Codes

G06F 21/34 involving the use of extern...

Apparatus and method for performing data tokenization

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for performing data tokenization

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links