Controlled token distribution to protect against malicious data and resource access

US 9,912,653 B2
Filed: 12/23/2016
Issued: 03/06/2018
Est. Priority Date: 09/04/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for token-based generation of access rights to resources, the method comprising:

receiving, at a first system, a first communication from a second system, the first communication corresponding to a credential of the second system, and the second system corresponding to an entity;

in response to the receiving, generating, at the first system, a token based on or to correspond with each of the entity and a resource;

transmitting, from the first system, a second communication to the second system at a first time, the second communication including the token;

receiving, at the first system, a third communication from the second system, the third communication corresponding to a notification that the token has been transferred to a data requesting system, and the third communication being received at a second time that is after the first time;

identifying, at the first system, the resource that corresponds to the token based on the received third communication corresponding to the notification;

in response to identifying the resource that corresponds to the token, generating an access-enabling code for the token, the access-enabling code granting the data requesting system access to the resource during a defined time period;

receiving, at the first system, a fourth communication from the data requesting system, the fourth communication corresponding to a request for access to the resource and including the token, the fourth communication being received at a third time that is after the second time; and

determining whether the token corresponds to the access-enabling code, and when the determination indicates that the token corresponds to the access-enabling code, facilitating access to the resource for the data requesting system, the access to the resource for the data requesting system being facilitated using the access-enabling code.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for controlling data and resource access. For example, methods and systems can facilitate controlled token distribution across systems and token processing in a manner so as to limit access to and to protect data that includes access codes.

483 Citations

20 Claims

1. A computer-implemented method for token-based generation of access rights to resources, the method comprising:
- receiving, at a first system, a first communication from a second system, the first communication corresponding to a credential of the second system, and the second system corresponding to an entity;
  
  in response to the receiving, generating, at the first system, a token based on or to correspond with each of the entity and a resource;
  
  transmitting, from the first system, a second communication to the second system at a first time, the second communication including the token;
  
  receiving, at the first system, a third communication from the second system, the third communication corresponding to a notification that the token has been transferred to a data requesting system, and the third communication being received at a second time that is after the first time;
  
  identifying, at the first system, the resource that corresponds to the token based on the received third communication corresponding to the notification;
  
  in response to identifying the resource that corresponds to the token, generating an access-enabling code for the token, the access-enabling code granting the data requesting system access to the resource during a defined time period;
  
  receiving, at the first system, a fourth communication from the data requesting system, the fourth communication corresponding to a request for access to the resource and including the token, the fourth communication being received at a third time that is after the second time; and
  
  determining whether the token corresponds to the access-enabling code, and when the determination indicates that the token corresponds to the access-enabling code, facilitating access to the resource for the data requesting system, the access to the resource for the data requesting system being facilitated using the access-enabling code.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method for token-based generation of access rights to resources, as recited in claim 1, further comprising:
    - storing an indication that a status of one or more access-enabling codes provided by a third system are defined as unreliable; and
      
      inhibiting the third system from providing the one or more access-enabling codes based on the stored indication.
  - 3. The computer-implemented method for token-based generation of access rights to resources, as recited in claim 1, wherein receiving the fourth communication from the data requesting system occurs at a defined spatial area associated with the resource at the second time, wherein the second time is within a threshold time before the defined time period.
  - 4. The computer-implemented method for token-based generation of access rights to resources, as received in claim 1, further comprising:
    - in response to receiving the fourth communication, determining whether the token corresponds to the access-enabling code, wherein when the token corresponds to the access-enabling code, determining whether the access-enabling code has been previously retrieved in association with the resource.
  - 5. The computer-implemented method for token-based generation of access rights to resources, as received in claim 1, wherein facilitating the access to the resource for the data requesting system comprises:
    - receiving, at the first system, the token;
      
      determining whether the token corresponds to the access-enabling code; and
      
      in response to determining that the token corresponds to the access-enabling code, transmitting the access-enabling code to the data requesting system, wherein the access-enabling code corresponds to a particular defined portion of the defined spatial area.
  - 6. The computer-implemented method for token-based generation of access rights to resources, as received in claim 1, wherein facilitating the access to the resource for the data requesting system comprises:
    - receiving, at the first system, the token;
      
      determining whether the token corresponds to the access-enabling code; and
      
      in response to determining that the token corresponds to the access-enabling code, selecting a particular defined portion within the defined spatial area, assigning the particular defined portion to the access-enabling code, and transmitting the access-enabling code to the data requesting system, wherein the access-enabling code corresponds to the particular defined portion of the defined spatial area.
  - 7. The computer-implemented method for token-based generation of access rights to resources, as received in claim 1, further comprising:
    - storing, at a data store, an indication indicating how one or more access-enabling codes are to be allocated to at least two different channels, each of the two different channels being associated with a particular system that facilitates assignment of the one or more access-enabling codes.

8. A system for token-based generation of access rights to resources, the system comprising:
- one or more data processors; and
  
  a non-transitory computer-readable storage medium containing instructions which, when executed on the one or more data processors, cause the one or more data processors to perform operations including;
  
  receiving, at a first system, a first communication from a second system, the first communication corresponding to a credential of the second system, and the second system corresponding to an entity;
  
  in response to the receiving, generating, at the first system, a token based on or to correspond with each of the entity and a resource;
  
  transmitting, from the first system, a second communication to the second system at a first time, the second communication including the token;
  
  receiving, at the first system, a third communication from the second system, the third communication corresponding to a notification that the token has been transferred to a data requesting system, and the third communication being received at a second time that is after the first time;
  
  identifying, at the first system, the resource that corresponds to the token based on the received third communication corresponding to the notification;
  
  in response to identifying the resource that corresponds to the token, generating an access-enabling code for the token, the access-enabling code granting the data requesting system access to the resource during a defined time period;
  
  receiving, at the first system, a fourth communication from the data requesting system, the fourth communication corresponding to a request for access to the resource and including the token, the fourth communication being received at a third time that is after the second time; and
  
  determining whether the token corresponds to the access-enabling code, and when the determination indicates that the token corresponds to the access-enabling code, facilitating access to the resource for the data requesting system, the access to the resource for the data requesting system being facilitated using the access-enabling code.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system for token-based generation of access rights to resources, as recited in claim 8, wherein the operations further comprise:
    - storing an indication that a status of one or more access-enabling codes provided by a third system are defined as unreliable; and
      
      inhibiting the third system from providing the one or more access-enabling codes based on the stored indication.
  - 10. The system for token-based generation of access rights to resources, as recited in claim 8, wherein receiving the fourth communication from the data requesting system occurs at a defined spatial area associated with the resource at the second time, wherein the second time is within a threshold time before the defined time period.
  - 11. The system for token-based generation of access rights to resources, as recited in claim 8, wherein the operations further comprise:
    - in response to receiving the fourth communication, determining whether the token corresponds to the access-enabling code, wherein when the token corresponds to the access-enabling code, determining whether the access-enabling code has been previously retrieved in association with the resource.
  - 12. The system for token-based generation of access rights to resources, as recited in claim 8, wherein facilitating the access to the resource for the data requesting system comprises:
    - receiving, at the first system, the token;
      
      determining whether the token corresponds to the access-enabling code; and
      
      in response to determining that the token corresponds to the access-enabling code, transmitting the access-enabling code to the data requesting system, wherein the access-enabling code corresponds to a particular defined portion of the defined spatial area.
  - 13. The system for token-based generation of access rights to resources, as recited in claim 8, wherein facilitating the access to the resource for the data requesting system comprises:
    - receiving, at the first system, the token;
      
      determining whether the token corresponds to the access-enabling code; and
      
      in response to determining that the token corresponds to the access-enabling code, selecting a particular defined portion within the defined spatial area, assigning the particular defined portion to the access-enabling code, and transmitting the access-enabling code to the data requesting system, wherein the access-enabling code corresponds to the particular defined portion of the defined spatial area.
  - 14. The system for token-based generation of access rights to resources, as recited in claim 8, wherein the operations further comprise:
    - storing, at a data store, an indication indicating how one or more access-enabling codes are to be allocated to at least two different channels, each of the two different channels being associated with a particular system that facilitates assignment of the one or more access-enabling codes.

15. A computer-program product tangibly embodied in a non-transitory machine-readable storage medium, including instructions configured to cause a data processing apparatus to perform operations including:
- receiving, at a first system, a first communication from a second system, the first communication corresponding to a credential of the second system, and the second system corresponding to an entity;
  
  in response to the receiving, generating, at the first system, a token based on or to correspond with each of the entity and a resource;
  
  transmitting, from the first system, a second communication to the second system at a first time, the second communication including the token;
  
  receiving, at the first system, a third communication from the second system, the third communication corresponding to a notification that the token has been transferred to a data requesting system, and the third communication being received at a second time that is after the first time;
  
  identifying, at the first system, the resource that corresponds to the token based on the received third communication corresponding to the notification;
  
  in response to identifying the resource that corresponds to the token, generating an access-enabling code for the token, the access-enabling code granting the data requesting system access to the resource during a defined time period;
  
  receiving, at the first system, a fourth communication from the data requesting system, the fourth communication corresponding to a request for access to the resource and including the token, the fourth communication being received at a third time that is after the second time; and
  
  determining whether the token corresponds to the access-enabling code, and when the determination indicates that the token corresponds to the access-enabling code, facilitating access to the resource for the data requesting system, the access to the resource for the data requesting system being facilitated using the access-enabling code.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-program product of claim 15, wherein the operations further comprise:
    - storing an indication that a status of one or more access-enabling codes provided by a third system are defined as unreliable; and
      
      inhibiting the third system from providing the one or more access-enabling codes based on the stored indication.
  - 17. The computer-program product of claim 15, wherein receiving the fourth communication from the data requesting system occurs at a defined spatial area associated with the resource at the second time, wherein the second time is within a threshold time before the defined time period.
  - 18. The computer-program product of claim 15, wherein the operations further comprise:
    - in response to receiving the fourth communication, determining whether the token corresponds to the access-enabling code, wherein when the token corresponds to the access-enabling code, determining whether the access-enabling code has been previously retrieved in association with the resource.
  - 19. The computer-program product of claim 15, wherein facilitating the access to the resource for the data requesting system comprises:
    - receiving, at the first system, the token;
      
      determining whether the token corresponds to the access-enabling code; and
      
      in response to determining that the token corresponds to the access-enabling code, transmitting the access-enabling code to the data requesting system, wherein the access-enabling code corresponds to a particular defined portion of the defined spatial area.
  - 20. The computer-program product of claim 15, wherein facilitating the access to the resource for the data requesting system comprises:
    - receiving, at the first system, the token;
      
      determining whether the token corresponds to the access-enabling code; and
      
      in response to determining that the token corresponds to the access-enabling code, selecting a particular defined portion within the defined spatial area, assigning the particular defined portion to the access-enabling code, and transmitting the access-enabling code to the data requesting system, wherein the access-enabling code corresponds to the particular defined portion of the defined spatial area.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Live Nation Entertainment Incorporated
Original Assignee
Live Nation Entertainment Incorporated
Inventors
Volini, Phillip, Werneke, John Raymond, Schumaler, Carl, Smith, Michael, Giannantonio, Frank, Iaia, Vito, Moriarty, Sean
Primary Examiner(s)
Tabor, Amare F

Application Number

US15/390,265
Publication Number

US 20170111350A1
Time in Patent Office

438 Days
Field of Search

713159, 713158
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

Controlled token distribution to protect against malicious data and resource access

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

483 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Controlled token distribution to protect against malicious data and resource access

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

483 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others