Apparatus and method for performing real-time authentication using subject token combinations
First Claim
Patent Images
1. An apparatus comprising:
- a memory configured to;
store a plurality of token-based rules, wherein a token-based rule facilitates access to a first resource and a second resource;
store a plurality of first subject tokens associated with a user, wherein the plurality of first subject tokens indicates at least one form of user authentication that has been performed;
store a plurality of second subject tokens associated with a device, wherein the plurality of second subject tokens indicates at least one form of device authentication that has been performed; and
store a session token associated with a session, wherein;
access to the first resource has been granted during the session; and
the at least one form of user authentication and the at least one form of device authentication must be performed in order for access to the first resource to be granted; and
a processor communicatively coupled to the memory and configured to;
receive a resource token indicating that access to the second resource has been requested;
determine at least one token-based rule based at least in part upon the resource token, wherein the at least one token-based rule is associated with at least one subject token, the at least one subject token indicating a form of authentication that must be performed in order for access to the second resource to be granted;
determine that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens, wherein the determination that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens indicates that the form of authentication has not been performed during the session;
determine that access to the second resource should be denied based at least in part upon the determination that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens;
generate a message indicating the determination that access to the second resource should be denied, wherein the message further indicates the form of authentication; and
transmit the message to the device.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment, an apparatus may receive a resource token associated with a resource indicating that access to the resource has been requested. The apparatus may determine at least one token-based rule based at least in part upon the resource token, wherein the at least one token-based rule may be associated with at least one subject token. The apparatus may then determine that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens based at least in part upon the at least one token-based rule, and deny access to the resource.
-
Citations
21 Claims
-
1. An apparatus comprising:
-
a memory configured to; store a plurality of token-based rules, wherein a token-based rule facilitates access to a first resource and a second resource; store a plurality of first subject tokens associated with a user, wherein the plurality of first subject tokens indicates at least one form of user authentication that has been performed; store a plurality of second subject tokens associated with a device, wherein the plurality of second subject tokens indicates at least one form of device authentication that has been performed; and store a session token associated with a session, wherein; access to the first resource has been granted during the session; and the at least one form of user authentication and the at least one form of device authentication must be performed in order for access to the first resource to be granted; and a processor communicatively coupled to the memory and configured to; receive a resource token indicating that access to the second resource has been requested; determine at least one token-based rule based at least in part upon the resource token, wherein the at least one token-based rule is associated with at least one subject token, the at least one subject token indicating a form of authentication that must be performed in order for access to the second resource to be granted; determine that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens, wherein the determination that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens indicates that the form of authentication has not been performed during the session; determine that access to the second resource should be denied based at least in part upon the determination that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens; generate a message indicating the determination that access to the second resource should be denied, wherein the message further indicates the form of authentication; and transmit the message to the device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
storing, by a memory, a plurality of token-based rules, wherein a token-based rule facilitates access to a first resource and a second resource; storing, by the memory, a plurality of first subject tokens associated with a user, wherein the plurality of first subject tokens indicates at least one form of user authentication that has been performed; storing, by the memory, a plurality of second subject tokens associated with a device, wherein the plurality of second subject tokens indicates at least one form of device authentication that has been performed; storing, by the memory, a session token associated with a session, wherein; access to the first resource has been granted during the session; and the at least one form of user authentication and the at least one form of device authentication must be performed in order for access to the first resource to be granted; receiving, by a processor communicatively coupled to the memory, a resource token indicating that access to the second resource has been requested; determining, by the processor, at least one token-based rule based at least in part upon the resource token, wherein the at least one token-based rule is associated with at least one subject token, the at least one subject token indicating a form of authentication that must be performed in order for access to the second resource to be granted; determining, by the processor, that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens, wherein the determination that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens indicates that the form of authentication has not been performed during the session; determining, by the processor, that access to the second resource should be denied based at least in part upon the determination that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens; generating, by the processor, a message indicating the determination that access to the second resource should be denied, wherein the message further indicates the form of authentication; and transmitting, by the processor, the message to the device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. One or more computer-readable non-transitory storage media embodying software that, when executed, is configured to:
-
store a plurality of token-based rules, wherein a token-based rule facilitates access to a first resource and a second resource; store a plurality of first subject tokens associated with a user, wherein the plurality of first subject tokens indicates at least one form of user authentication that has been performed; store a plurality of second subject tokens associated with a device, wherein the plurality of second subject tokens indicates at least one form of device authentication that has been performed; store a session token associated with a session, wherein; access to the first resource has been granted during the session; and the at least one form of user authentication and the at least one form of device authentication must be performed in order for access to the first resource to be granted; receive a resource token indicating that access to the second resource has been requested; determine at least one token-based rule based at least in part upon the resource token, wherein the at least one token-based rule is associated with at least one subject token, the at least one subject token indicating a form of authentication that must be performed in order for access to the second resource to be granted; determine that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens, wherein the determination that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens indicates that the form of authentication has not been performed during the session; determine that access to the second resource should be denied based at least in part upon the determination that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens; generate a message indicating the determination that access to the second resource should be denied, wherein the message further indicates the form of authentication; and transmit the message to the device. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification