Method and apparatus for token-based access of related resources

US 8,950,002 B2
Filed: 08/15/2011
Issued: 02/03/2015
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory that stores a plurality of tokens indicating that a user is attempting to access a resource; and

a processor that;

determines a related resource that shares a relationship with the resource, wherein;

the resource is a composite resource;

the related resource is a sub-resource of the composite resource; and

the related resource is accessed in conjunction with accessing the resource;

receives a risk token computed based at least in part upon the resource and the related resource;

determines a numeric authorization level for the user based at least in part upon the plurality of tokens and the risk token, the numeric authorization level indicating whether the user is authorized to access the resource, wherein the composite resource comprises at least one sub-resource that the user is not authorized to access based on the numeric authorization level and at least one sub-resource that the user is authorized to access based on the numeric authorization level;

compares the numeric authorization level to a numeric threshold;

determines, based at least in part on the comparison between the numeric authorization level and the numeric threshold, that the user is authorized to access the related resource;

communicates a decision token indicating that the user is authorized to access the resource and the related resource;

receives a recomputed risk token computed based at least in part upon;

a form of authentication performed by the user; and

the presence of network jitter;

re-determines determine the numeric authorization level based at least in part upon the recomputed risk token;

determines, based at least in part upon the recomputed risk token, that the user is authorized to access the at least one sub-resource; and

communicates a second decision token indicating that the user is authorized to access the resource, the related resource, and the at least one sub-resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may store a plurality of tokens indicating that a user is attempting to access a resource. The apparatus may determine an authorization level for the user based at least in part upon the plurality of tokens. The authorization level may indicate whether the user is authorized to access the resource. The apparatus may then determine a related resource that shares a relationship with the resource, and determine that the authorization level indicates that the user is authorized to access the related resource. The apparatus may then communicate a decision token indicating that the user is authorized to access the resource and the related resource.

Citations

9 Claims

1. An apparatus comprising:
- a memory that stores a plurality of tokens indicating that a user is attempting to access a resource; and
  
  a processor that;
  
  determines a related resource that shares a relationship with the resource, wherein;
  
  the resource is a composite resource;
  
  the related resource is a sub-resource of the composite resource; and
  
  the related resource is accessed in conjunction with accessing the resource;
  
  receives a risk token computed based at least in part upon the resource and the related resource;
  
  determines a numeric authorization level for the user based at least in part upon the plurality of tokens and the risk token, the numeric authorization level indicating whether the user is authorized to access the resource, wherein the composite resource comprises at least one sub-resource that the user is not authorized to access based on the numeric authorization level and at least one sub-resource that the user is authorized to access based on the numeric authorization level;
  
  compares the numeric authorization level to a numeric threshold;
  
  determines, based at least in part on the comparison between the numeric authorization level and the numeric threshold, that the user is authorized to access the related resource;
  
  communicates a decision token indicating that the user is authorized to access the resource and the related resource;
  
  receives a recomputed risk token computed based at least in part upon;
  
  a form of authentication performed by the user; and
  
  the presence of network jitter;
  
  re-determines determine the numeric authorization level based at least in part upon the recomputed risk token;
  
  determines, based at least in part upon the recomputed risk token, that the user is authorized to access the at least one sub-resource; and
  
  communicates a second decision token indicating that the user is authorized to access the resource, the related resource, and the at least one sub-resource.
- View Dependent Claims (2, 3)
- - 2. The apparatus of claim 1, the memory further stores a plurality of token-based rules, wherein a token-based rule facilitates the determination of the related resource.
  - 3. The apparatus of claim 1, wherein the determination of the related resource is based on a token-based rule.

4. A method for determining resource contexts comprising:
- storing a plurality of tokens indicating that a user is attempting to access a resource;
  
  determining, by the processor, a related resource that shares a relationship with the resource, wherein;
  
  the resource is a composite resource;
  
  the related resource is a sub-resource of the composite resource; and
  
  the related resource is accessed in conjunction with accessing the resource;
  
  receiving a risk token computed based at least in part upon the resource and the related resource;
  
  determining, by a processor, a numeric authorization level for the user based at least in part upon the plurality of tokens and the risk token, the numeric authorization level indicating whether the user is authorized to access the resource, wherein the composite resource comprises at least one sub-resource that the user is not authorized to access based on the numeric authorization level and at least one sub-resource that the user is authorized to access based on the numeric authorization level;
  
  comparing, by the processor, the numeric authorization level to a numeric threshold;
  
  determining, by the processor, based at least in part on the comparison between the numeric authorization level and the numeric threshold, that the user is authorized to access the related resource;
  
  communicating a decision token indicating that the user is authorized to access the resource and the related resource;
  
  receiving a recomputed risk token computed based at least in part upon;
  
  a form of authentication performed by the user; and
  
  the presence of network jitter;
  
  re-determining, by the processor, the numeric authorization level based at least in part upon the recomputed risk token;
  
  determining, by the processor, based at least in part upon the recomputed risk token, that the user is authorized to access the at least one sub-resource; and
  
  communicating a second decision token indicating that the user is authorized to access the resource, the related resource, and the at least one sub-resource.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, further comprising storing a plurality of token-based rules, wherein a token-based rule facilitates the determination of the related resource.
  - 6. The method of claim 4, wherein the determination of the related resource is based on a token-based rule.

7. One or more computer-readable non-transitory storage media embodying software that when executed:
- stores a plurality of tokens indicating that a user is attempting to access a resource; and
  
  determines a related resource that shares a relationship with the resource, wherein;
  
  the resource is a composite resource;
  
  the related resource is a sub-resource of the composite resource; and
  
  the related resource is accessed in conjunction with accessing the resource;
  
  receives a risk token computed based at least in part upon the resource and the related resource;
  
  determines a numeric authorization level for the user based at least in part upon the plurality of tokens and the risk token, the numeric authorization level indicating whether the user is authorized to access the resource, wherein the composite resource comprises at least one sub-resource that the user is not authorized to access and at least one sub-resource that the user is authorized to access;
  
  compares the numeric authorization level to a numeric threshold;
  
  determines, based at least in part on the comparison between the numeric authorization level and the numeric threshold, that the user is authorized to access the related resource;
  
  communicates a decision token indicating that the user is authorized to access the resource and the related resource;
  
  receives a recomputed risk token computed based at least in part upon;
  
  a form of authentication performed by the user; and
  
  the presence of network jitter;
  
  re-determines determine the numeric authorization level based at least in part upon the recomputed risk token;
  
  determines, based at least in part upon the recomputed risk token, that the user is authorized to access the at least one sub-resource; and
  
  communicates a second decision token indicating that the user is authorized to access the resource, the related resource, and the at least one sub-resource.
- View Dependent Claims (8, 9)
- - 8. The media of claim 7 embodying software that when executed further stores a plurality of token-based rules, wherein a token-based rule facilitates the determination of the related resource.
  - 9. The media of claim 7, wherein the determination of the related resource is based on a token-based rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh, Frick, Cynthia Ann, Marian, Radu, Barbir, Abdulkader Omar, Badhwar, Rajat P.
Primary Examiner(s)
Zaidi, Syed

Application Number

US13/210,213
Publication Number

US 20130047266A1
Time in Patent Office

1,268 Days
Field of Search

726/28, 726/4, 726/22, 713/185, 709/229
US Class Current

726/28
CPC Class Codes

G06F 21/40   by quorum, i.e. whereby two...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0876   based on the identity of th...

H04L 63/105   Multiple levels of security

H04L 63/205   involving negotiation or de...

H04L 9/088   Usage controlling of secret...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3234   involving additional secure...

Method and apparatus for token-based access of related resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for token-based access of related resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links