Prioritized token based arbiter and method

US 9,043,865 B2
Filed: 08/31/2012
Issued: 05/26/2015
Est. Priority Date: 08/31/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a limited resource comprising;

one or more processors that are configured to analyze arbiter metrics included in secured tokens associated with one or more users seeking access to the limited resource; and

memory coupled to the one or more processors comprising one or more instructions executable at the one or more processors, the one or more processors operable when executing the instructions to;

receive, from each of one or more user devices associated with the one or more users, a secured token issued by a network element, the secured token comprising at least an absolute preemptive metric;

determine a highest preemptive right user among the one or more users seeking access to the limited resource by reading the absolute preemptive metric included in each secured token associated with the one or more users; and

allow the user having the highest preemptive right to have exclusive access to the limited resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for employing a token based arbiter. The apparatus includes a priority provider (26) comprising a processor for calculating an arbiter metric and an identity provider (18) having a processor for embedding the metric into a secured token. The apparatus also comprises memory coupled to the processor having one or more instructions executable at the processor. The processor is operable when executing the instructions to: collect authorization attributes (A) from one or more users seeking use of a resource (20) associated with a service provider; determine the level of priority to the one or more users based on prescribed policy of the priority provider; assign at least one arbiter metric (22, 32) to a secured token (T) for each of the one or more users based on the level of priority identified by the priority provider.

Citations

20 Claims

1. An apparatus comprising:
- a limited resource comprising;
  
  one or more processors that are configured to analyze arbiter metrics included in secured tokens associated with one or more users seeking access to the limited resource; and
  
  memory coupled to the one or more processors comprising one or more instructions executable at the one or more processors, the one or more processors operable when executing the instructions to;
  
  receive, from each of one or more user devices associated with the one or more users, a secured token issued by a network element, the secured token comprising at least an absolute preemptive metric;
  
  determine a highest preemptive right user among the one or more users seeking access to the limited resource by reading the absolute preemptive metric included in each secured token associated with the one or more users; and
  
  allow the user having the highest preemptive right to have exclusive access to the limited resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 19)
- - 2. The apparatus of claim 1 wherein the secured token further comprises both authentication and authorization attributes.
  - 3. The apparatus of claim 1 wherein the limited resource is one or more of a surveillance camera, a traffic light controller, a sensor, and an alarm system.
  - 4. The apparatus of claim 1, wherein the limited resource is configured to determine the highest preemptive right user by reading the arbiter metric assigned to each secured token associated with each of the one or more users.
  - 5. The apparatus of claim 4 wherein the limited resource is configured to determine a highest priority right user by reading the arbiter metric assigned to each secured token associated with each of the one or more users.
  - 6. The apparatus of claim 1 further comprising an identity provider that is configured to assign authentication attributes to each secured token.
  - 7. The apparatus of claim 1 further comprising an identity provider that is configured to assign authorization attributes to each secured token.
  - 8. The apparatus of claim 5 wherein the one or more processors are operable when executing the instructions to:
    - determine a level of priority or each of the one or more users based on a prescribed policy of a priority provider.
  - 9. The apparatus of claim 1 wherein the instructions are Security Assertion Markup Language instructions.
  - 10. The apparatus of claim 1 wherein the apparatus comprises a Policy Changing Rule Function (PCRF) having an interface allowing the arbiter metrics to be queried by an identity provider for inclusion in the secured tokens.
  - 19. The apparatus of claim 8 wherein the prescribed policy of the priority provider forming the arbiter metric is a dynamic policy based on at least one of the user'"'"'s role, experienced incident, emergency type, and jurisdiction.

11. A method for arbitrating access between users to a resource, the method comprising the steps of:
- embedding an arbiter metric into a secured token, wherein the secured token is embedded into a non-transient computer readable medium by one or more processors of one or more network elements, the arbiter metric comprising a preemptive right associated with the user when attempting to access a resource;
  
  embedding attributes into the secured token with the one or more processors, the attributes comprising at least one of authorization rights and authentication rights associated with the user attempting to access the resource;
  
  conveying, by the one or more network elements, the secured token to a user device associated with the user;
  
  receiving, by another network element from the user device when attempting to access the resource, the secured token, wherein the secured token comprises the preemptive right associated with the user and the attributes comprising at least one of authorization rights and authentication rights associated with the user;
  
  in response to receiving the secured tokens from the user device, reading, by the another network element, at least one of the attributes in the secured token relative to one or more users seeking use of the resource and determining a first level of access based on the attribute; and
  
  determining, by the another network element, which user of the one or more users attempting to access the resource cleared from the first level of access is entitled to exclusive access among the users to the resource based on the preemptive right in the secured token.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11 wherein the one or more network elements comprises an identity provider, the identity provider having an interface, the interface allowing the assigned secured token'"'"'s arbiter metric to be queried by the identity provider.
  - 13. The method of claim 12 wherein the one or more network elements comprises a priority provider remote from the identity provider, the identity provider embedding the attributes into the secured token with the one or more processors.
  - 14. The method of claim 13 further comprising the step of:
    - assigning a prescribed policy to the priority provider for forming the arbiter metric based on at least one of the user'"'"'s role, experienced incident, emergency type, and jurisdiction.
  - 15. The method of claim 14 further comprising the step of:
    - dynamically changing the arbiter metric based on a change in at least one of the user'"'"'s role, experienced incident, emergency type, and jurisdiction.
  - 16. The method of claim 11 further comprising the step of:
    - providing the user device with an interface device for accessing the identity provider and soliciting the resource.

17. A system for arbitrating access between users of a resource, the system comprising:
- a network-based priority provider having one or more processors for calculating an arbiter metric comprising a preemptive right;
  
  a network-based identity provider having one or more processors for embedding attributes into a secured token, the attributes comprising at least one of authorization rights and authentication rights, and the arbiter metric; and
  
  one or more of a service provider and a resource that is configured to;
  
  receive the secured token from a user device;
  
  recognize at least one of the attributes in the secured token relative to one or more users seeking use of a resource; and
  
  determine the level of access to the one or more users based on the priority right or preemptive right in the secured token relative to each user seeking access to the resource.
- View Dependent Claims (18, 20)
- - 18. The system of claim 17 wherein the identity provider includes a Policy Changing Rule Function (PCRF), having an interface allowing the secured token'"'"'s arbiter metric to be queried by the identity provider.
  - 20. The system of claim 17 wherein the resource is one or more of a surveillance camera, a traffic light controller, a sensor, and an alarm system. provider throughout the operation of seeking and obtaining use of the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola Solutions, Inc.
Original Assignee
Motorola Solutions, Inc.
Inventors
Reilly, Craig P., Bekiares, Tyrone D.
Primary Examiner(s)
Nalven, Andrew
Assistant Examiner(s)
FIELDS, COURTNEY D

Application Number

US13/601,748
Publication Number

US 20140068700A1
Time in Patent Office

998 Days
Field of Search

726/1, 726/26, 726/27, 705/51, 705/59, 710/112, 370/395.41, 370/357
US Class Current

726/1
CPC Class Codes

G06F 15/173   using an interconnection ne...

G06F 9/468   Specific access rights for ...

H04L 63/20   for managing network securi...

Prioritized token based arbiter and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Prioritized token based arbiter and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links