Method and apparatus for token-based combining of authentication methods
First Claim
Patent Images
1. An apparatus comprising:
- a memory configured to store a first and second subject token, the first subject token indicating a first authentication method performed by a user, the second subject token indicating a second authentication method performed by the user, wherein the first subject token indicates a priority of the user, and if the user is a high priority user, packets are prioritized for processing over lower priority users; and
a processor configured to;
detect at least one new subject token indicating a retina scan performed by the user;
in response to detecting the at least one new subject token, determine a token-based rule based at least in part upon the first subject token, the second subject token, and the at least one new subject token;
determine, based at least in part upon the token-based rule, that a first subset of the first subject token, second subject token, and the at least one new subject token indicates a first privilege should be granted to the user and that a particular combination of authentication methods was performed by the user, wherein the first privilege comprises an ability to access a resource;
determine, based at least in part upon the token-based rule, that a second subset of the first subject token, the second subject token, and the at least one new subject token indicates a second privilege should be granted to the user, wherein the second privilege comprises an ability to edit the resource;
determine, based at least in part upon the token-based rule, that a third subset of the first subject token, the second subject token, and the at least one new subject token indicates a third privilege should be granted to the user, wherein the third privilege comprises an ability to terminate the resource;
determine, based at least in part upon the token-based rule, that a fourth subset of the first subject token, the second subject token, and the at least one new subject token indicates a fourth privilege should be granted to the user, wherein the fourth privilege comprises an ability to distribute the resource;
in response to the determination that the first subset indicates the first privilege should be granted and the determination that the second subset indicates that the second privilege should be granted, generate a privilege token associated with the first privilege and the second privilege; and
communicate the privilege token to facilitate the granting of the first privilege and the second privilege.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment, an apparatus may store a first and second subject token that indicate a first authentication method performed by the user and a second authentication method performed by the user respectively. The apparatus may detect at least one new subject token indicating at least one different authentication method performed by the user. The apparatus may then determine that a particular combination of subject tokens in the first subject token, second subject token, and the at least one new subject token indicates a privilege should be granted to the user, and facilitate the granting of the privilege to the user.
-
Citations
3 Claims
-
1. An apparatus comprising:
-
a memory configured to store a first and second subject token, the first subject token indicating a first authentication method performed by a user, the second subject token indicating a second authentication method performed by the user, wherein the first subject token indicates a priority of the user, and if the user is a high priority user, packets are prioritized for processing over lower priority users; and a processor configured to; detect at least one new subject token indicating a retina scan performed by the user; in response to detecting the at least one new subject token, determine a token-based rule based at least in part upon the first subject token, the second subject token, and the at least one new subject token; determine, based at least in part upon the token-based rule, that a first subset of the first subject token, second subject token, and the at least one new subject token indicates a first privilege should be granted to the user and that a particular combination of authentication methods was performed by the user, wherein the first privilege comprises an ability to access a resource; determine, based at least in part upon the token-based rule, that a second subset of the first subject token, the second subject token, and the at least one new subject token indicates a second privilege should be granted to the user, wherein the second privilege comprises an ability to edit the resource; determine, based at least in part upon the token-based rule, that a third subset of the first subject token, the second subject token, and the at least one new subject token indicates a third privilege should be granted to the user, wherein the third privilege comprises an ability to terminate the resource; determine, based at least in part upon the token-based rule, that a fourth subset of the first subject token, the second subject token, and the at least one new subject token indicates a fourth privilege should be granted to the user, wherein the fourth privilege comprises an ability to distribute the resource; in response to the determination that the first subset indicates the first privilege should be granted and the determination that the second subset indicates that the second privilege should be granted, generate a privilege token associated with the first privilege and the second privilege; and communicate the privilege token to facilitate the granting of the first privilege and the second privilege.
-
-
2. A method of assigning privileges to a user comprising:
-
storing a first and second subject token, the first subject token indicating a first authentication method performed by a user, the second subject token indicating a second authentication method performed by the user, wherein the first subject token indicates a priority of the user, and if the user is a high priority user, packets are prioritized for processing over lower priority users; detecting, by a processor, at least one new subject token indicating a retina scan performed by the user; in response to detecting the at least one new subject token, determining, by the processor, a token-based rule based at least in part upon the first subject token, the second subject token, and the at least one new subject token; determining, by the processor, based at least in part upon the token-based rule, that a first subset of the first subject token, second subject token, and the at least one new subject token indicates a first privilege should be granted to the user and that a particular combination of authentication methods was performed by the user, wherein the first privilege comprises an ability to access a resource; determining, by the processor, based at least in part upon the token-based rule, that a second subset of the first subject token, the second subject token, and the at least one new subject token indicates a second privilege should be granted to the user, wherein the second privilege comprises an ability to edit the resource; determining, by the processor, based at least in part upon the token-based rule, that a third subset of the first subject token, the second subject token, and the at least one new subject token indicates a third privilege should be granted to the user, wherein the third privilege comprises an ability to terminate the resource; determining, by the processor, based at least in part upon the token-based rule, that a fourth subset of the first subject token, the second subject token, and the at least one new subject token indicates a fourth privilege should be granted to the user, wherein the fourth privilege comprises an ability to distribute the resource; in response to the determination that the first subset indicates the first privilege should be granted and the determination that the second subset indicates that the second privilege should be granted, generating a privilege token associated with the first privilege and the second privilege; and communicating the privilege token to facilitate the granting of the first privilege and the second privilege.
-
-
3. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
-
store a first and second subject token, the first subject token indicating a first authentication method performed by a user, the second subject token indicating a second authentication method performed by the user, wherein the first subject token indicates a priority of the user, and if the user is a high priority user, packets are prioritized for processing over lower priority users; detect at least one new subject token indicating a retina scan performed by the user; in response to detecting the at least one new subject token, determine a token-based rule based at least in part upon the first subject token, the second subject token, and the at least one new subject token; determine, based at least in part upon the token-based rule, that a first subset of the first subject token, second subject token, and the at least one new subject token indicates a first privilege should be granted to the user and that a particular combination of authentication methods was performed by the user, wherein the first privilege comprises an ability to access a resource; determine, based at least in part upon the token-based rule, that a second subset of the first subject token, the second subject token, and the at least one new subject token indicates a second privilege should be granted to the user, wherein the second privilege comprises an ability to edit the resource; determine, based at least in part upon the token-based rule, that a third subset of the first subject token, the second subject token, and the at least one new subject token indicates a third privilege should be granted to the user, wherein the third privilege comprises an ability to terminate the resource; determine, based at least in part upon the token-based rule, that a fourth subset of the first subject token, the second subject token, and the at least one new subject token indicates a fourth privilege should be granted to the user, wherein the fourth privilege comprises an ability to distribute the resource; in response to the determination that the first subset indicates the first privilege should be granted and the determination that the second subset indicates that the second privilege should be granted, generate a privilege token associated with the first privilege and the second privilege; and communicate the privilege token to facilitate the granting of the first privilege and the second privilege.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeBank of America Corp.
-
Original AssigneeBank of America Corp.
-
InventorsRadhakrishnan, Rakesh, Frick, Cynthia Ann, Marian, Radu, Barbir, Abdulkader Omar, Badhwar, Rajat P.
-
Primary Examiner(s)Goldberg, Andrew
-
Application NumberUS13/210,246Publication NumberTime in Patent Office1,758 DaysField of Search726/4US Class Current1/1CPC Class CodesG06F 21/335 for accessing specific reso...H04L 63/08 for authentication of entit...
