×

Apparatus and method for performing real-time authentication using subject token combinations

  • US 8,752,124 B2
  • Filed: 05/24/2012
  • Issued: 06/10/2014
  • Est. Priority Date: 08/15/2011
  • Status: Active Grant
First Claim
Patent Images

1. An apparatus comprising:

  • a memory configured to;

    store a plurality of token-based rules, wherein a token-based rule facilitates access to a first resource and a second resource;

    store a plurality of first subject tokens associated with a user, wherein the plurality of first subject tokens indicates at least one form of user authentication that has been performed;

    store a plurality of second subject tokens associated with a device, wherein the plurality of second subject tokens indicates at least one form of device authentication that has been performed; and

    store a session token associated with a session, wherein;

    access to the first resource has been granted during the session; and

    the at least one form of user authentication and the at least one form of device authentication must be performed in order for access to the first resource to be granted; and

    a processor communicatively coupled to the memory and configured to;

    receive a resource token indicating that access to the second resource has been requested;

    determine at least one token-based rule based at least in part upon the resource token, wherein the at least one token-based rule is associated with at least one subject token, the at least one subject token indicating a form of authentication that must be performed in order for access to the second resource to be granted;

    determine that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens, wherein the determination that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens indicates that the form of authentication has not been performed during the session;

    determine that access to the second resource should be denied based at least in part upon the determination that the at least one subject token is not in the plurality of first subject tokens and the plurality of second subject tokens;

    generate a message indicating the determination that access to the second resource should be denied, wherein the message further indicates the form of authentication; and

    transmit the message to the device.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×