Method and apparatus for token-based conditioning
First Claim
Patent Images
1. An apparatus comprising:
- a memory operable to store a plurality of tokens indicating a user is requesting access to a resource over a network, the plurality of tokens comprising a resource token indicating a form of authentication provided by the resource; and
a processor operable to;
determine at least one condition associated with accessing the resource based on the plurality of tokens, the condition determined in addition to a determination to grant or deny access to the resource, the at least one condition comprising;
an obligation to be fulfilled, the obligation comprising;
a task to be performed in conjunction with accessing the resource, wherein the task indicates a peripheral device attached to the device should be removed before access may be granted; and
a second task that is optional with respect to accessing the resource, the second task indicating synchronizing a system clock of the resource provider with a clock on the network; and
a message providing instruction regarding how to fulfill the obligation, wherein the message further indicates a reason access to the resource was not granted;
generate a decision token representing the at least one condition; and
communicate the decision token to a resource provider to facilitate enforcement of the at least one condition.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment, an apparatus may store a plurality of tokens indicating a user is requesting access to a resource over a network. The apparatus may determine a condition associated with accessing the resource based on the plurality of tokens. The condition may be determined in addition to a determination to grant or deny access to the resource. The condition may include an obligation to be fulfilled and a message providing instruction regarding how to fulfill the obligation. The apparatus may generate a decision token representing the condition, and communicate the decision token to a resource provider to facilitate enforcement of the condition.
-
Citations
15 Claims
-
1. An apparatus comprising:
-
a memory operable to store a plurality of tokens indicating a user is requesting access to a resource over a network, the plurality of tokens comprising a resource token indicating a form of authentication provided by the resource; and a processor operable to; determine at least one condition associated with accessing the resource based on the plurality of tokens, the condition determined in addition to a determination to grant or deny access to the resource, the at least one condition comprising; an obligation to be fulfilled, the obligation comprising; a task to be performed in conjunction with accessing the resource, wherein the task indicates a peripheral device attached to the device should be removed before access may be granted; and a second task that is optional with respect to accessing the resource, the second task indicating synchronizing a system clock of the resource provider with a clock on the network; and a message providing instruction regarding how to fulfill the obligation, wherein the message further indicates a reason access to the resource was not granted; generate a decision token representing the at least one condition; and communicate the decision token to a resource provider to facilitate enforcement of the at least one condition. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for communicating an access control determination to a resource comprising:
-
storing a plurality of tokens indicating a user is requesting access to a resource over a network, the plurality of tokens comprising a resource token indicating a form of authentication provided by the resource; determining, by a processor, at least one condition associated with accessing the resource based on the plurality of tokens, the condition determined in addition to a determination to grant or deny access to the resource, the at least one condition comprising; an obligation to be fulfilled, the obligation comprising; a task to be performed in conjunction with accessing the resource, wherein the task indicates a peripheral device attached to the device should be removed before access may be granted; and a second task that is optional with respect to accessing the resource, the second task indicating synchronizing a system clock of the resource provider with a clock on the network; and a message providing instruction regarding how to fulfill the obligation, wherein the message further indicates a reason access to the resource was not granted; generating a decision token representing the at least one condition; and communicating, by the processor, the decision token to a resource provider to facilitate enforcement of the at least one condition. - View Dependent Claims (7, 8, 9, 10)
-
-
11. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
-
store a plurality of tokens indicating a user is requesting access to a resource over a network, the plurality of tokens comprising a resource token indicating a form of authentication provided by the resource; determine at least one condition associated with accessing the resource based on the plurality of tokens, the condition determined in addition to a determination to grant or deny access to the resource, the at least one condition comprising; an obligation to be fulfilled, the obligation comprising; a task to be performed in conjunction with accessing the resource, wherein the task indicates a peripheral device attached to the device should be removed before access may be granted; and a second task that is optional with respect to accessing the resource, the second task indicating synchronizing a system clock of the resource provider with a clock on the network; and a message providing instruction regarding how to fulfill the obligation, wherein the message further indicates a reason access to the resource was not granted; generate a decision token representing the at least one condition; and communicate the decision token to a resource provider to facilitate enforcement of the at least one condition. - View Dependent Claims (12, 13, 14, 15)
-
Specification