Apparatus and method for performing end-to-end encryption

US 8,806,602 B2
Filed: 05/24/2012
Issued: 08/12/2014
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory;

a processor communicatively coupled to the memory;

a plurality of token-based rules stored in the memory, wherein a token-based rule facilitates access to a resource; and

computer instructions stored in the memory;

wherein the computer instructions, when executed by the processor, cause the processor to;

receive a first token indicating that a first form of encryption has been performed;

determine, based at least in part upon the first token, at least one token-based rule;

determine, based at least in part upon the token-based rule, that a second form of encryption should be performed, wherein the first form of encryption is associated with a lower layer of the open systems interconnection model than the second form of encryption;

receive a second token indicating that the second form of encryption has been performed;

determine that access to the resource should be granted in response to the determination that the second form of encryption has been performed;

generate a decision token representing the determination that access to the resource should be granted;

transmit the decision token;

grant access to the resource over a network, wherein;

the first token is associated with the network; and

the second token is associated with the resource;

determine, based at least in part upon the token-based rule, that a third form of encryption should be performed in response to receiving the second token;

generate a message indicating that the third form of encryption should be performed; and

transmit the message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may store a plurality of token-based rules. A token-based rule facilitates access to a resource. The apparatus may receive a first token indicating that a first form of encryption has been performed and determine, based at least in part upon the first token, at least one token-based rule. The apparatus may determine, based at least in part upon the token-based rule, that a second form of encryption should be performed. The apparatus may receive a second token indicating that the second form of encryption has been performed and determine that access to the resource should be granted in response to the determination that the second form of encryption has been performed. The apparatus may then generate a decision token representing the determination that access to the resource should be granted and transmit the decision token.

63 Citations

View as Search Results

9 Claims

1. An apparatus comprising:
- a memory;
  
  a processor communicatively coupled to the memory;
  
  a plurality of token-based rules stored in the memory, wherein a token-based rule facilitates access to a resource; and
  
  computer instructions stored in the memory;
  
  wherein the computer instructions, when executed by the processor, cause the processor to;
  
  receive a first token indicating that a first form of encryption has been performed;
  
  determine, based at least in part upon the first token, at least one token-based rule;
  
  determine, based at least in part upon the token-based rule, that a second form of encryption should be performed, wherein the first form of encryption is associated with a lower layer of the open systems interconnection model than the second form of encryption;
  
  receive a second token indicating that the second form of encryption has been performed;
  
  determine that access to the resource should be granted in response to the determination that the second form of encryption has been performed;
  
  generate a decision token representing the determination that access to the resource should be granted;
  
  transmit the decision token;
  
  grant access to the resource over a network, wherein;
  
  the first token is associated with the network; and
  
  the second token is associated with the resource;
  
  determine, based at least in part upon the token-based rule, that a third form of encryption should be performed in response to receiving the second token;
  
  generate a message indicating that the third form of encryption should be performed; and
  
  transmit the message.
- View Dependent Claims (2, 3)
- - 2. The apparatus of claim 1, wherein the computer instructions stored in the memory, when executed by the processor, further cause the processor to grant at least one of a user and a device access to the resource, wherein the determination of the at least one token-based rule is further based at least in part upon at least one of:
    - a subject token associated with the user and the device; and
      
      a resource token associated with the resource.
  - 3. The apparatus of claim 1, wherein the computer instructions stored in the memory, when executed by the processor, further cause the processor to:
    - receive an encrypted token;
      
      determine, based at least in part upon the encrypted token, at least one second token-based rule, wherein;
      
      the at least one second token-based rule specifies a first form of encryption and a second form of encryption; and
      
      the first and second forms of encryption have been performed on the encrypted token;
      
      determine, based at least in part upon the at least one second token-based rule, a first form of decryption and a second form of decryption, wherein;
      
      the first and second forms of decryption correspond to the first and second forms of encryption performed on the encrypted token; and
      
      performing the first and second forms of decryption on the encrypted token decrypts the encrypted token;
      
      determine that the first form of decryption has been performed on the encrypted token; and
      
      determine, in response to the determination that the first form of decryption has been performed, that the second form of decryption should be performed on the encrypted token.

4. A method comprising:
- storing, by a memory, a plurality of token-based rules, wherein a token-based rule facilitates access to a resource;
  
  receiving, by a processor communicatively coupled to the memory, a first token indicating that a first form of encryption has been performed;
  
  determining, by the processor, based at least in part upon the first token, at least one token-based rule;
  
  determining, by the processor, based at least in part upon the token-based rule, that a second form of encryption should be performed, wherein the first form of encryption is associated with a lower layer of the open systems interconnection model than the second form of encryption;
  
  receiving, by the processor, a second token indicating that the second form of encryption has been performed;
  
  determining, by the processor, that access to the resource should be granted in response to the determination that the second form of encryption has been performed;
  
  generating, by the processor, a decision token representing the determination that access to the resource should be granted;
  
  transmitting, by the processor, the decision token;
  
  granting access to the resource over a network, wherein;
  
  the first token is associated with the network; and
  
  the second token is associated with the resource;
  
  determining, by the processor, based at least in part upon the token-based rule, that a third form of encryption should be performed in response to receiving the second token;
  
  generating a message indicating that the third form of encryption should be performed; and
  
  transmitting the message.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, further comprising granting, by the processor, at least one of a user and a device access to the resource, wherein the determination of the at least one token-based rule is further based at least in part upon at least one of:
    - a subject token associated with the user and the device; and
      
      a resource token associated with the resource.
  - 6. The method of claim 4, further comprising:
    - receiving, by the processor, an encrypted token;
      
      determining, by the processor, based at least in part upon the encrypted token, at least one second token-based rule, wherein;
      
      the at least one second token-based rule specifies a first form of encryption and a second form of encryption, andthe first and second forms of encryption have been performed on the encrypted token;
      
      determining, by the processor, based at least in part upon the at least one second token-based rule, a first form of decryption and a second form of decryption, wherein;
      
      the first and second forms of decryption correspond to the first and second forms of encryption performed on the encrypted token; and
      
      performing the first and second forms of decryption on the encrypted token decrypts the encrypted token;
      
      determining, by the processor, that the first form of decryption has been performed on the encrypted token; and
      
      determining, by the processor, in response to the determination that the first form of decryption has been performed, that the second form of decryption should be performed on the encrypted token.

7. One or more computer-readable non-transitory storage media embodying software that when executed by a processor causes the processor to execute operations comprising:
- storing a plurality of token-based rules, wherein a token-based rule facilitates access to a resource;
  
  receiving a first token indicating that a first form of encryption has been performed;
  
  determining, based at least in part upon the first token, at least one token-based rule;
  
  determining, based at least in part upon the token-based rule, that a second form of encryption should be performed, wherein the first form of encryption is associated with a lower layer of the open systems interconnection model than the second form of encryption;
  
  receiving a second token indicating that the second form of encryption has been performed;
  
  determining that access to the resource should be granted in response to the determination that the second form of encryption has been performed;
  
  generating a decision token representing the determination that access to the resource should be granted;
  
  transmitting the decision token;
  
  granting access to the resource over a network, wherein;
  
  the first token is associated with the network; and
  
  the second token is associated with the resource;
  
  determining, based at least in part upon the token-based rule, that a third form of encryption should be performed in response to receiving the second token;
  
  generating a message indicating that the third form of encryption should be performed; and
  
  transmitting the message.
- View Dependent Claims (8, 9)
- - 8. The media of claim 7 embodying software that when executed by the processor further causes the processor to execute operations comprising granting at least one of a user and a device access to the resource, wherein the determination of the at least one token-based rule is further based at least in part upon at least one of:
    - a subject token associated with the user and the device; and
      
      a resource token associated with the resource.
  - 9. The media of claim 7 embodying software that when executed by the processor further causes the processor to execute operations comprising:
    - receiving an encrypted token;
      
      determining, based at least in part upon the encrypted token, at least one second token-based rule, wherein;
      
      the at least one second token-based rule specifies a first form of encryption and a second form of encryption, andthe first and second forms of encryption have been performed on the encrypted token;
      
      determining, based at least in part upon the at least one second token-based rule, a first form of decryption and a second form of decryption, wherein;
      
      the first and second forms of decryption correspond to the first and second forms of encryption performed on the encrypted token; and
      
      performing the first and second forms of decryption on the encrypted token decrypts the encrypted token;
      
      determining that the first form of decryption has been performed on the encrypted token; and
      
      determining, in response to the determination that the first form of decryption has been performed, that the second form of decryption should be performed on the encrypted token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh
Primary Examiner(s)
Williams, Jeffery
Assistant Examiner(s)
Zhu, Zhimei

Application Number

US13/479,667
Publication Number

US 20130046987A1
Time in Patent Office

810 Days
Field of Search

713/172, 726/2, 726/4, 726/5, 726/9, 726/10, 726/20, 726 26- 28, 726/30
US Class Current

726/9
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/62   Protecting access to data v...

H04L 2463/082   applying multi-factor authe...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/16   Implementing security featu...

H04L 63/20   for managing network securi...

H04L 9/3213   using tickets or tokens, e....

Apparatus and method for performing end-to-end encryption

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

63 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for performing end-to-end encryption

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links