Method and apparatus for token-based tamper detection

US 9,069,943 B2
Filed: 08/15/2011
Issued: 06/30/2015
Est. Priority Date: 08/15/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a memory storing;

a first set of a plurality of tokens, the first set of the plurality of tokens comprising;

a hard token representing identification information of a device,a network token representing the status of a network that facilitates communication from the device, anda resource token representing information associated with a resource; and

a second set of a plurality of tokens, the second set comprising secured copies of the hard token, network token, and resource token, the second set generated when the hard token, network token, and resource token of the first set were first generated; and

a processor;

receiving, based on network jitter, a suspect token indicating a risk that at least one of the device, the network, and the resource has been tampered;

in response to receiving the suspect token, applying one or more token tampering rules that specify which of the at least one of the hard token, network token, and resource token may have been affected as result of the risk indicated in the suspect token;

comparing the at least one of the hard token, network token, and resource token of the first set that is identified by the one or more token tampering rules as being associated with the suspect token with its corresponding secured copy of the second set;

in response to determining that the at least one of the hard token, network token, and resource token of the first set does not match the corresponding secured copy of the second set, communicating a revalidation token indicating the at least one token has been tampered;

computing, based upon the revalidation token, a risk token representing an increased level of risk associated with the at least one of the device, the network, and the resource; and

determining, based on the risk token, an access decision associated with the at least one of the device, the network, and the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, an apparatus may store: a hard token representing identification information of the device, a network token representing the status of a network, and a resource token representing information associated with a resource. The apparatus may further store secured copies of the hard token, network token, and resource token. The apparatus may receive a suspect token indicating a risk that at least one of the device, the network, and the resource has been tampered, and in response, determine to inspect at least one of the hard token, network token, and resource token. The apparatus may then compare the at least one of the hard token, network token, and resource token with its corresponding secured copy. If at least one of those tokens does not match its corresponding secured copy, the apparatus may communicate a revalidation token indicating at least one token has been tampered.

78 Citations

View as Search Results

24 Claims

1. An apparatus comprising:
- a memory storing;
  
  a first set of a plurality of tokens, the first set of the plurality of tokens comprising;
  
  a hard token representing identification information of a device,a network token representing the status of a network that facilitates communication from the device, anda resource token representing information associated with a resource; and
  
  a second set of a plurality of tokens, the second set comprising secured copies of the hard token, network token, and resource token, the second set generated when the hard token, network token, and resource token of the first set were first generated; and
  
  a processor;
  
  receiving, based on network jitter, a suspect token indicating a risk that at least one of the device, the network, and the resource has been tampered;
  
  in response to receiving the suspect token, applying one or more token tampering rules that specify which of the at least one of the hard token, network token, and resource token may have been affected as result of the risk indicated in the suspect token;
  
  comparing the at least one of the hard token, network token, and resource token of the first set that is identified by the one or more token tampering rules as being associated with the suspect token with its corresponding secured copy of the second set;
  
  in response to determining that the at least one of the hard token, network token, and resource token of the first set does not match the corresponding secured copy of the second set, communicating a revalidation token indicating the at least one token has been tampered;
  
  computing, based upon the revalidation token, a risk token representing an increased level of risk associated with the at least one of the device, the network, and the resource; and
  
  determining, based on the risk token, an access decision associated with the at least one of the device, the network, and the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, the processor further:
    - terminating the at least one of the hard token, network token, and resource token; and
      
      terminating a new token that matches the corresponding secured copy of the at least one of the hard token, network token, and resource token.
  - 3. The apparatus of claim 2, the processor further replacing the at least one of the hard token, network token, and resource token with the new token.
  - 4. The apparatus of claim 1, the processor further verifying the integrity of a ticket associated with the at least one of the hard token, network token, and resource token indicated by the suspect token.
  - 5. The apparatus of claim 4, wherein the integrity of the ticket indicates whether the at least one of the hard token, network token, and resource token has been tampered.
  - 6. The apparatus of claim 1, the memory further storing a plurality of token-based rules, wherein a token-based rule facilitates determining to inspect at least one of the hard token, network token, and resource token.
  - 7. The apparatus of claim 1, wherein the determination to inspect is based on a token-based rule.
  - 8. The apparatus of claim 1, whereineach token of the first set of the plurality of tokens and the second set of the plurality of tokens comprise a plurality of attributes;
    - andcomparing the at least one of the hard token, network token and resource token of the first set with its corresponding secured copy of the second set comprises performing token-based analysis rather than attribute based analysis.

9. A method for validating tokens comprising:
- storing a first set of a plurality of tokens, the first set of the plurality of token comprising;
  
  a hard token representing identification information of a device,a network token representing the status of a network that facilitates communication from the device, anda resource token representing information associated with a resource;
  
  storing a second set of a plurality of tokens, the second set comprising secured copies of the hard token, network token, and resource token, the second set generated when the hard token, network token, and resource token of the first set were first generated;
  
  receiving, based on network jitter, a suspect token indicating a risk that at least one of the device, the network, and the resource has been tampered;
  
  in response to receiving the suspect token, applying, by a processor, one or more token tampering rules that specify which of the at least one of the hard token, network token, and resource token may have been affected as result of the risk indicated in the suspect token;
  
  comparing the at least one of the hard token, network token, and resource token of the first set that is identified by the one or more token tampering rules as being associated with the suspect token with its corresponding secured copy of the second set;
  
  in response to determining that the at least one of the hard token, network token, and resource token of the first set does not match the corresponding secured copy of the second set, communicating a revalidation token indicating the at least one token has been tampered;
  
  computing, based upon the revalidation token, a risk token representing an increased level of risk associated with the at least one of the device, the network, and the resource; and
  
  determining, based on the risk token, an access decision associated with the at least one of the device, the network, and the resource.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising:
    - terminating the at least one of the hard token, network token, and resource token; and
      
      generating a new token that matches the corresponding secured copy of the at least one of the hard token, network token, and resource token.
  - 11. The method of claim 10, further comprising replacing the at least one of the hard token, network token, and resource token with the new token.
  - 12. The method of claim 9, further comprising verifying the integrity of a ticket associated with the at least one of the hard token, network token, and resource token indicated by the suspect token.
  - 13. The method of claim 12, wherein the integrity of the ticket indicates whether the at least one of the hard token, network token, and resource token has been tampered.
  - 14. The method of claim 9, further comprising storing a plurality of token-based rules, wherein a token-based rule facilitates determining to inspect at least one of the hard token, network token, and resource token.
  - 15. The method of claim 9, wherein the determination to inspect is based on a token-based rule.
  - 16. The method of claim 9, whereineach token of the first set of the plurality of tokens and the second set of the plurality of tokens comprise a plurality of attributes;
    - andcomparing the at least one of the hard token, network token and resource token of the first set with its corresponding secured copy of the second set comprises performing token-based analysis rather than attribute based analysis.

17. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- store a first set of a plurality of tokens, the first set of the plurality of token comprising;
  
  a hard token representing identification information of the device,a network token representing the status of a network that facilitates communication from a device, anda resource token representing information associated with a resource;
  
  store a second set of a plurality of tokens, the second set comprising secured copies of the hard token, network token, and resource token, the second set generated when the hard token, network token, and resource token of the first set were first generated;
  
  receive, based on network jitter, a suspect token indicating a risk that at least one of the device, the network, and the resource has been tampered;
  
  in response to receiving the suspect token, apply one or more token tampering rules that specify which of the at least one of the hard token, network token, and resource token may have been affected as result of the risk indicated in the suspect token;
  
  compare the at least one of the hard token, network token, and resource token of the first set that is identified by the one or more token tampering rules as being associated with the suspect token with its corresponding secured copy of the second set;
  
  in response to determining that the at least one of the hard token, network token, and resource token of the first set does not match the corresponding secured copy of the second set, communicate a revalidation token indicating the at least one token has been tampered;
  
  compute, based upon the revalidation token, a risk token representing an increased level of risk associated with the at least one of the device, the network, and the resource; and
  
  determine, based on the risk token, an access decision associated with the at least one of the device, the network, and the resource.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The media of claim 17 embodying software further operable when executed to:
    - terminate the at least one of the hard token, network token, and resource token; and
      
      generate a new token that matches the corresponding secured copy of the at least one of the hard token, network token, and resource token.
  - 19. The media of claim 18 embodying software further operable when executed to replace the at least one of the hard token, network token, and resource token with the new token.
  - 20. The media of claim 17 embodying software further operable when executed to verify the integrity of a ticket associated with the at least one of the hard token, network token, and resource token indicated by the suspect token.
  - 21. The media of claim 20, wherein the integrity of the ticket indicates whether the at least one of the hard token, network token, and resource token has been tampered.
  - 22. The media of claim 17 embodying software further operable when executed to store a plurality of token-based rules, wherein a token-based rule facilitates determining to inspect at least one of the hard token, network token, and resource token.
  - 23. The media of claim 17, wherein the determination to inspect is based on a token-based rule.
  - 24. The media of claim 17, whereineach token of the first set of the plurality of tokens and the second set of the plurality of tokens comprise a plurality of attributes;
    - andcomparing the at least one of the hard token, network token and resource token of the first set with its corresponding secured copy of the second set comprises performing token-based analysis rather than attribute based analysis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Radhakrishnan, Rakesh, Frick, Cynthia Ann, Marian, Radu, Barbir, Abdulkader Omar, Badhwar, Rajat P.
Primary Examiner(s)
ZAIDI, SYED A

Application Number

US13/210,220
Publication Number

US 20130047225A1
Time in Patent Office

1,415 Days
Field of Search

726/6, 726/1, 705/59, 713/201, 709/250
US Class Current

1/1
CPC Class Codes

G06F 21/33   using certificates

G06F 21/335   for accessing specific reso...

G06F 21/577   Assessing vulnerabilities a...

H04L 9/088   Usage controlling of secret...

H04L 9/3213   using tickets or tokens, e....

Method and apparatus for token-based tamper detection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

78 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for token-based tamper detection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links