Method and apparatus for token-based access of related resources
First Claim
Patent Images
1. An apparatus comprising:
- a memory that stores a plurality of tokens indicating that a user is attempting to access a resource; and
a processor that;
determines a related resource that shares a relationship with the resource, wherein;
the resource is a composite resource;
the related resource is a sub-resource of the composite resource; and
the related resource is accessed in conjunction with accessing the resource;
receives a risk token computed based at least in part upon the resource and the related resource;
determines a numeric authorization level for the user based at least in part upon the plurality of tokens and the risk token, the numeric authorization level indicating whether the user is authorized to access the resource, wherein the composite resource comprises at least one sub-resource that the user is not authorized to access based on the numeric authorization level and at least one sub-resource that the user is authorized to access based on the numeric authorization level;
compares the numeric authorization level to a numeric threshold;
determines, based at least in part on the comparison between the numeric authorization level and the numeric threshold, that the user is authorized to access the related resource;
communicates a decision token indicating that the user is authorized to access the resource and the related resource;
receives a recomputed risk token computed based at least in part upon;
a form of authentication performed by the user; and
the presence of network jitter;
re-determines determine the numeric authorization level based at least in part upon the recomputed risk token;
determines, based at least in part upon the recomputed risk token, that the user is authorized to access the at least one sub-resource; and
communicates a second decision token indicating that the user is authorized to access the resource, the related resource, and the at least one sub-resource.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment, an apparatus may store a plurality of tokens indicating that a user is attempting to access a resource. The apparatus may determine an authorization level for the user based at least in part upon the plurality of tokens. The authorization level may indicate whether the user is authorized to access the resource. The apparatus may then determine a related resource that shares a relationship with the resource, and determine that the authorization level indicates that the user is authorized to access the related resource. The apparatus may then communicate a decision token indicating that the user is authorized to access the resource and the related resource.
-
Citations
9 Claims
-
1. An apparatus comprising:
-
a memory that stores a plurality of tokens indicating that a user is attempting to access a resource; and a processor that; determines a related resource that shares a relationship with the resource, wherein; the resource is a composite resource; the related resource is a sub-resource of the composite resource; and the related resource is accessed in conjunction with accessing the resource; receives a risk token computed based at least in part upon the resource and the related resource; determines a numeric authorization level for the user based at least in part upon the plurality of tokens and the risk token, the numeric authorization level indicating whether the user is authorized to access the resource, wherein the composite resource comprises at least one sub-resource that the user is not authorized to access based on the numeric authorization level and at least one sub-resource that the user is authorized to access based on the numeric authorization level; compares the numeric authorization level to a numeric threshold; determines, based at least in part on the comparison between the numeric authorization level and the numeric threshold, that the user is authorized to access the related resource; communicates a decision token indicating that the user is authorized to access the resource and the related resource; receives a recomputed risk token computed based at least in part upon; a form of authentication performed by the user; and the presence of network jitter; re-determines determine the numeric authorization level based at least in part upon the recomputed risk token; determines, based at least in part upon the recomputed risk token, that the user is authorized to access the at least one sub-resource; and communicates a second decision token indicating that the user is authorized to access the resource, the related resource, and the at least one sub-resource. - View Dependent Claims (2, 3)
-
-
4. A method for determining resource contexts comprising:
-
storing a plurality of tokens indicating that a user is attempting to access a resource; determining, by the processor, a related resource that shares a relationship with the resource, wherein; the resource is a composite resource; the related resource is a sub-resource of the composite resource; and the related resource is accessed in conjunction with accessing the resource; receiving a risk token computed based at least in part upon the resource and the related resource; determining, by a processor, a numeric authorization level for the user based at least in part upon the plurality of tokens and the risk token, the numeric authorization level indicating whether the user is authorized to access the resource, wherein the composite resource comprises at least one sub-resource that the user is not authorized to access based on the numeric authorization level and at least one sub-resource that the user is authorized to access based on the numeric authorization level; comparing, by the processor, the numeric authorization level to a numeric threshold; determining, by the processor, based at least in part on the comparison between the numeric authorization level and the numeric threshold, that the user is authorized to access the related resource; communicating a decision token indicating that the user is authorized to access the resource and the related resource; receiving a recomputed risk token computed based at least in part upon; a form of authentication performed by the user; and the presence of network jitter; re-determining, by the processor, the numeric authorization level based at least in part upon the recomputed risk token; determining, by the processor, based at least in part upon the recomputed risk token, that the user is authorized to access the at least one sub-resource; and communicating a second decision token indicating that the user is authorized to access the resource, the related resource, and the at least one sub-resource. - View Dependent Claims (5, 6)
-
-
7. One or more computer-readable non-transitory storage media embodying software that when executed:
-
stores a plurality of tokens indicating that a user is attempting to access a resource; and determines a related resource that shares a relationship with the resource, wherein; the resource is a composite resource; the related resource is a sub-resource of the composite resource; and the related resource is accessed in conjunction with accessing the resource; receives a risk token computed based at least in part upon the resource and the related resource; determines a numeric authorization level for the user based at least in part upon the plurality of tokens and the risk token, the numeric authorization level indicating whether the user is authorized to access the resource, wherein the composite resource comprises at least one sub-resource that the user is not authorized to access and at least one sub-resource that the user is authorized to access; compares the numeric authorization level to a numeric threshold; determines, based at least in part on the comparison between the numeric authorization level and the numeric threshold, that the user is authorized to access the related resource; communicates a decision token indicating that the user is authorized to access the resource and the related resource; receives a recomputed risk token computed based at least in part upon; a form of authentication performed by the user; and the presence of network jitter; re-determines determine the numeric authorization level based at least in part upon the recomputed risk token; determines, based at least in part upon the recomputed risk token, that the user is authorized to access the at least one sub-resource; and communicates a second decision token indicating that the user is authorized to access the resource, the related resource, and the at least one sub-resource. - View Dependent Claims (8, 9)
-
Specification