Method and apparatus for token-based conditioning

US 8,789,143 B2
Filed: 08/15/2011
Issued: 07/22/2014
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory operable to store a plurality of tokens indicating a user is requesting access to a resource over a network, the plurality of tokens comprising a resource token indicating a form of authentication provided by the resource; and

a processor operable to;

determine at least one condition associated with accessing the resource based on the plurality of tokens, the condition determined in addition to a determination to grant or deny access to the resource, the at least one condition comprising;

an obligation to be fulfilled, the obligation comprising;

a task to be performed in conjunction with accessing the resource, wherein the task indicates a peripheral device attached to the device should be removed before access may be granted; and

a second task that is optional with respect to accessing the resource, the second task indicating synchronizing a system clock of the resource provider with a clock on the network; and

a message providing instruction regarding how to fulfill the obligation, wherein the message further indicates a reason access to the resource was not granted;

generate a decision token representing the at least one condition; and

communicate the decision token to a resource provider to facilitate enforcement of the at least one condition.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may store a plurality of tokens indicating a user is requesting access to a resource over a network. The apparatus may determine a condition associated with accessing the resource based on the plurality of tokens. The condition may be determined in addition to a determination to grant or deny access to the resource. The condition may include an obligation to be fulfilled and a message providing instruction regarding how to fulfill the obligation. The apparatus may generate a decision token representing the condition, and communicate the decision token to a resource provider to facilitate enforcement of the condition.

Citations

15 Claims

1. An apparatus comprising:
- a memory operable to store a plurality of tokens indicating a user is requesting access to a resource over a network, the plurality of tokens comprising a resource token indicating a form of authentication provided by the resource; and
  
  a processor operable to;
  
  determine at least one condition associated with accessing the resource based on the plurality of tokens, the condition determined in addition to a determination to grant or deny access to the resource, the at least one condition comprising;
  
  an obligation to be fulfilled, the obligation comprising;
  
  a task to be performed in conjunction with accessing the resource, wherein the task indicates a peripheral device attached to the device should be removed before access may be granted; and
  
  a second task that is optional with respect to accessing the resource, the second task indicating synchronizing a system clock of the resource provider with a clock on the network; and
  
  a message providing instruction regarding how to fulfill the obligation, wherein the message further indicates a reason access to the resource was not granted;
  
  generate a decision token representing the at least one condition; and
  
  communicate the decision token to a resource provider to facilitate enforcement of the at least one condition.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein the second task further indicates at least one of initializing logging of errors and performance metrics related with granting access to the resource and consuming the resource, and tracking transactions end to end.
  - 3. The apparatus of claim 1, wherein the obligation further comprises a second task indicating that missing information required to access the resource should be provided.
  - 4. The apparatus of claim 1, the memory further operable to store a plurality of token-based rules, wherein a token-based rule facilitates the generation of the decision token.
  - 5. The apparatus of claim 1, wherein the determination of the at least one privilege is based on a token-based rule.

6. A method for communicating an access control determination to a resource comprising:
- storing a plurality of tokens indicating a user is requesting access to a resource over a network, the plurality of tokens comprising a resource token indicating a form of authentication provided by the resource;
  
  determining, by a processor, at least one condition associated with accessing the resource based on the plurality of tokens, the condition determined in addition to a determination to grant or deny access to the resource, the at least one condition comprising;
  
  an obligation to be fulfilled, the obligation comprising;
  
  a task to be performed in conjunction with accessing the resource, wherein the task indicates a peripheral device attached to the device should be removed before access may be granted; and
  
  a second task that is optional with respect to accessing the resource, the second task indicating synchronizing a system clock of the resource provider with a clock on the network; and
  
  a message providing instruction regarding how to fulfill the obligation, wherein the message further indicates a reason access to the resource was not granted;
  
  generating a decision token representing the at least one condition; and
  
  communicating, by the processor, the decision token to a resource provider to facilitate enforcement of the at least one condition.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein the second task further indicates at least one of initializing logging of errors and performance metrics related with granting access to the resource and consuming the resource, and tracking transactions end to end.
  - 8. The method of claim 6, wherein the obligation further comprises a second task indicating that missing information required to access the resource should be provided.
  - 9. The method of claim 6, further comprising storing a plurality of token-based rules, wherein a token-based rule facilitates the generation of the decision token.
  - 10. The method of claim 6, wherein the determination of the at least one privilege is based on a token-based rule.

11. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- store a plurality of tokens indicating a user is requesting access to a resource over a network, the plurality of tokens comprising a resource token indicating a form of authentication provided by the resource;
  
  determine at least one condition associated with accessing the resource based on the plurality of tokens, the condition determined in addition to a determination to grant or deny access to the resource, the at least one condition comprising;
  
  an obligation to be fulfilled, the obligation comprising;
  
  a task to be performed in conjunction with accessing the resource, wherein the task indicates a peripheral device attached to the device should be removed before access may be granted; and
  
  a second task that is optional with respect to accessing the resource, the second task indicating synchronizing a system clock of the resource provider with a clock on the network; and
  
  a message providing instruction regarding how to fulfill the obligation, wherein the message further indicates a reason access to the resource was not granted;
  
  generate a decision token representing the at least one condition; and
  
  communicate the decision token to a resource provider to facilitate enforcement of the at least one condition.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The media of claim 11, wherein the second task further indicates at least one of initializing logging of errors and performance metrics related with granting access to the resource and consuming the resource, and tracking transactions end to end.
  - 13. The media of claim 11, wherein the obligation further comprises a second task indicating that missing information required to access the resource should be provided.
  - 14. The media of claim 11 embodying software further operable to store a plurality of token-based rules, wherein a token-based rule facilitates the generation of the decision token.
  - 15. The media of claim 11, wherein the determination of the at least one privilege is based on a token-based rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh, Frick, Cynthia Ann, Marian, Radu, Barbir, Abdulkader Omar, Badhwar, Rajat P.
Primary Examiner(s)
KIM, TAE K

Application Number

US13/210,164
Publication Number

US 20130047265A1
Time in Patent Office

1,072 Days
Field of Search

726 2- 21, 713150-159, 713168-181
US Class Current

726/4
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/35   communicating wirelessly

G06F 21/53   by executing in a restricte...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2129   Authenticate client device ...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

Method and apparatus for token-based conditioning

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for token-based conditioning

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links