Method and apparatus for token-based transaction tagging

US 8,910,290 B2
Filed: 08/15/2011
Issued: 12/09/2014
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory operable to;

store a first subject token associated with a user, wherein the first subject token indicates a form of user authentication has been performed by the user;

store a second subject token associated with a device, wherein the second subject token indicates a form of device authentication has been performed by the device;

store a session token associated with a session, wherein;

the form of user authentication and the form of device authentication must be performed in order for the session to be generated; and

the session facilitates processing of a transaction, the transaction representing an action taken against a resource during the session; and

store a resource token associated with a resource; and

a processor operable to;

monitor the session;

determine that the transaction qualifies for additional monitoring;

in response to the determination, generate a tag, the tag being unique to the transaction;

associate the tag with the transaction to facilitate tracing of the transaction;

add the tag to the first subject token;

trace the transaction during the processing of the transaction by following the tag, wherein tracing the transaction allows the steps taken to process the transaction to be recreated; and

communicate a message to transfer the transaction to an isolated processing unit in response to the determination that the transaction qualifies for additional monitoring, wherein the isolated processing unit processes the transaction in isolation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may monitor a session that facilitates the processing of a transaction. The transaction may represent an action taken against a resource during the session. The apparatus may determine that the transaction qualifies for additional monitoring, and in response, generate a tag. The tag may be unique to the transaction. The apparatus may then associate the tag with the transaction to facilitate tracing of the transaction. The apparatus may then trace the transaction during the processing of the transaction by following the tag, and communicate a message to transfer the transaction to an isolated processing unit. The isolated processing unit processes the transaction in isolation.

34 Citations

View as Search Results

21 Claims

1. An apparatus comprising:
- a memory operable to;
  
  store a first subject token associated with a user, wherein the first subject token indicates a form of user authentication has been performed by the user;
  
  store a second subject token associated with a device, wherein the second subject token indicates a form of device authentication has been performed by the device;
  
  store a session token associated with a session, wherein;
  
  the form of user authentication and the form of device authentication must be performed in order for the session to be generated; and
  
  the session facilitates processing of a transaction, the transaction representing an action taken against a resource during the session; and
  
  store a resource token associated with a resource; and
  
  a processor operable to;
  
  monitor the session;
  
  determine that the transaction qualifies for additional monitoring;
  
  in response to the determination, generate a tag, the tag being unique to the transaction;
  
  associate the tag with the transaction to facilitate tracing of the transaction;
  
  add the tag to the first subject token;
  
  trace the transaction during the processing of the transaction by following the tag, wherein tracing the transaction allows the steps taken to process the transaction to be recreated; and
  
  communicate a message to transfer the transaction to an isolated processing unit in response to the determination that the transaction qualifies for additional monitoring, wherein the isolated processing unit processes the transaction in isolation.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, further comprising a memory operable to store a plurality of token-based rules, wherein a token-based rule facilitates monitoring a plurality of transactions;
    - andthe processor further operable to;
      
      receive a transaction risk token, wherein the transaction risk token indicates a risk associated with processing the transaction; and
      
      determine at least one token-based rule based at least in part upon the transaction risk token and the transaction.
  - 3. The apparatus of claim 2, wherein the transaction risk token is a high risk token and the transaction is a high risk transaction.
  - 4. The apparatus of claim 2, the processor further operable to apply the at least one token-based rule to determine that the transaction qualifies for additional monitoring.
  - 5. The apparatus of claim 1, wherein adding a tag to the transaction comprises adding the tag to a selected one of a subject token and a resource token associated with the transaction.
  - 6. The apparatus of claim 1, wherein the tag is a ciphered value added to a syntax of the transaction.
  - 7. The apparatus of claim 1, the processor further operable to log the transaction in a database.

8. A method for monitoring transactions in a token-based environment, comprising:
- storing, by a memory, a first subject token associated with a user, wherein the first subject token indicates a form of user authentication has been performed by the user;
  
  storing, by the memory, a second subject token associated with a device, wherein the second subject token indicates a form of device authentication has been performed by the device;
  
  storing, by the memory, a session token associated with a session, wherein;
  
  the form of user authentication and the form of device authentication must be performed in order for the session to be generated; and
  
  the session facilitates processing of a transaction, the transaction representing an action taken against a resource during the session;
  
  storing, by the memory, a resource token associated with a resource;
  
  monitoring, by a hardware processor, the session;
  
  determining, by the processor, that the transaction qualifies for additional monitoring;
  
  in response to the determination, generating, by the processor, a tag, the tag being unique to the transaction;
  
  associating, by the processor, the tag with the transaction to facilitate tracing of the transaction;
  
  adding, by the processor, the tag to the first subject token;
  
  tracing, by the processor, the transaction during the processing of the transaction by following the tag, wherein tracing the transaction allows the steps taken to process the transaction to be recreated; and
  
  communicating, by the processor, a message to transfer the transaction to an isolated processing unit in response to the determination that the transaction qualifies for additional monitoring, wherein the isolated processing unit processes the transaction in isolation.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - storing a plurality of token-based rules, wherein a token-based rule facilitates monitoring a plurality of transactions;
      
      receiving a transaction risk token, wherein the transaction risk token indicates a risk associated with processing the transaction; and
      
      determining, by the processor, at least one token-based rule based at least in part upon the transaction risk token and the transaction.
  - 10. The method of claim 9, wherein the transaction risk token is a high risk token and the transaction is a high risk transaction.
  - 11. The method of claim 9, further comprising applying, by the processor, the at least one token-based rule to determine that the transaction qualifies for additional monitoring.
  - 12. The method of claim 8, wherein adding a tag to the transaction comprises adding the tag to a selected one of a subject token and a resource token associated with the transaction.
  - 13. The method of claim 8, wherein the tag is a ciphered value added to a syntax of the transaction.
  - 14. The method of claim 8, further comprising logging the transaction in a database.

15. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- store a first subject token associated with a user, wherein the first subject token indicates a form of user authentication has been performed by the user;
  
  store a second subject token associated with a device, wherein the second subject token indicates a form of device authentication has been performed by the device;
  
  store a session token associated with a session, wherein;
  
  the form of user authentication and the form of device authentication must be performed in order for the session to be generated; and
  
  the session facilitates processing of a transaction, the transaction representing an action taken against a resource during the session;
  
  store a resource token associated with a resource;
  
  monitor the session;
  
  determine that the transaction qualifies for additional monitoring;
  
  in response to the determination, generate a tag, the tag being unique to the transaction;
  
  associate the tag with the transaction to facilitate tracing of the transaction;
  
  add the tag to the first subject token;
  
  trace the transaction during the processing of the transaction by following the tag, wherein tracing the transaction allows the steps taken to process the transaction to be recreated; and
  
  communicate a message to transfer the transaction to an isolated processing unit in response to the determination that the transaction qualifies for additional monitoring, wherein the isolated processing unit processes the transaction in isolation.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The media of claim 15 embodying software further operable when executed to:
    - store a plurality of token-based rules, wherein a token-based rule facilitates monitoring a plurality of transactions;
      
      receive a transaction risk token, wherein the transaction risk token indicates a risk associated with processing the transaction; and
      
      determine at least one token-based rule based at least in part upon the transaction risk token and the transaction.
  - 17. The media of claim 16, wherein the transaction risk token is a high risk token and the transaction is a high risk transaction.
  - 18. The media of claim 16 embodying software further operable when executed to apply the at least one token-based rule to determine that the transaction qualifies for additional monitoring.
  - 19. The media of claim 15, wherein adding a tag to the transaction comprises adding the tag to a selected one of a subject token and a resource token associated with the transaction.
  - 20. The media of claim 15, wherein the tag is a ciphered value added to a syntax of the transaction.
  - 21. The media of claim 15 embodying software further operable when executed to log the transaction in a database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh, Frick, Cynthia Ann, Marian, Radu, Barbir, Abdulkader Omar, Badhwar, Rajat P.
Primary Examiner(s)
Kim, Tae

Application Number

US13/210,276
Publication Number

US 20130047254A1
Time in Patent Office

1,212 Days
Field of Search

726 2- 30, 713150-159, 713168-181
US Class Current

726/25
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2115   Third party

G06F 2221/2135   Metering

G06Q 30/00   Commerce

G06Q 40/00   Finance; Insurance; Tax str...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

Method and apparatus for token-based transaction tagging

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for token-based transaction tagging

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links